MalwareTips
DANGEROUS

Brand impersonation — not the real site

6 of 92 antivirus engines flag this page as malicious. This page is styled as a brand but is not the brand's real site. Go to the official site directly, and treat any download, login, or payment request here as unsafe.

Security Review

Is l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is legit or a scam?

Our verdict:Dangerous· 1/100

Phishing clone of login.live.com using obfuscated subdomain on a compromised free-hosting service; flagged by six antivirus engines and multiple security researchers.

Top reasons
Six antivirus engines (BitDefender, Forcepoint ThreatSeeker, G-Data, LevelBlue, Seclookup, Webroot) flag as phishing or malicious.Confirmed clone of login.live.com with deliberate character substitution (l0glnn, m1cro, qx0qftcom, 0utloolx, 1drvvefil3es) to impersonate Microsoft.Hosted on fwh.is, a free subdomain service flagged as phishing infrastructure by Gridinsoft (1/100), independent review aggregator (0/100), and multiple vendors.
l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.isScanned 5h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 5
Category tags
phishingcredential-theft#Phishing#Clone Site#Data Harvester98% MT confidence

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
7/92
Engines flagged this URL
Domain Age
1.6 years old
Registered Nov 1, 2024
MT Intelligence
Dangerous
Critical likelihood · 98% confidence

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Critical scam likelihoodengineMT · Guardiantrust5/100
MT AgentLive web researchVisual inspectionNetwork correlation
0%
Confidence
The domain is a free subdomain on fwh.is, a hosting service that has become a known vector for phishing campaigns. The subdomain itself uses deliberate character substitution (l0glnn for 'login', m1cro for 'micro', qx0qftcom resembling 'microsoft', 0utloolx for 'outlook', 1drvvefil3es for 'onedrive files') to impersonate Microsoft's login infrastructure. Six antivirus engines—BitDefender, Forcepoint ThreatSeeker, G-Data, LevelBlue, Seclookup, and Webroot—flag it as phishing or malicious. Independent security researchers report fwh.is subdomains as active credential-theft infrastructure, with similar domains achieving 16/16 detection rates and 100/100 risk scores. The page itself is blank, a common tactic in phishing farms where the actual credential-capture form loads dynamically or after redirect. The 584-day domain age reflects the parent fwh.is service's longevity, not legitimacy; fwh.is subdomains are routinely created and abandoned for short-lived phishing campaigns.
Full dossier
Analysis complete

Page Content

The page is blank with no visible text, title, or meta description. No contact information, social links, or business details are present. This is consistent with phishing infrastructure that either loads content dynamically or redirects to a credential-capture form.

Infrastructure

Hosted on IP 185.27.134.119 with valid SSL (ZeroSSL, 40 days to expiry). The IP has zero abuse reports and a clean reputation score, which is typical for bulletproof hosting or shared infrastructure; legitimate SSL does not indicate legitimacy when paired with phishing content. The domain is a free subdomain on fwh.is, a service that allows anyone to create subdomains without verification.

Domain History

Registered 584 days ago. The parent service fwh.is is flagged as phishing infrastructure by multiple vendors (Gridinsoft: 1/100 trust score; independent review aggregator: 0/100). Numerous other fwh.is subdomains are actively reported as phishing, including campaigns targeting Instagram voting scams and credential theft. The subdomain uses homoglyph obfuscation (character substitution) to mimic Microsoft login URLs.

Web Reputation

Six antivirus engines flag the domain as phishing or malicious. Independent security researchers report fwh.is as a phishing farm with 10+ complaints and zero positive reviews. independent review aggregator rates fwh.is at 0/100 trust. PhishDestroy reports similar fwh.is subdomains with 16/16 detection rates. No legitimate business registration or positive references exist.

Risk Factors
7
  • Six antivirus engines (BitDefender, Forcepoint ThreatSeeker, G-Data, LevelBlue, Seclookup, Webroot) flag as phishing or malicious.
  • Confirmed clone of login.live.com with deliberate character substitution (l0glnn, m1cro, qx0qftcom, 0utloolx, 1drvvefil3es) to impersonate Microsoft.
  • Hosted on fwh.is, a free subdomain service flagged as phishing infrastructure by Gridinsoft (1/100), independent review aggregator (0/100), and multiple vendors.
  • Blank page with no contact, business, or legitimate content—typical of credential-theft phishing farms.
  • Parent domain fwh.is has 10+ complaints and zero positive reviews; similar subdomains report 16/16 antivirus detections.
  • Typosquat pattern matches known Microsoft/Outlook phishing campaigns targeting credential theft.
  • No business registration, no legitimate references, and no positive aggregator scores.
Positive Signals
2
  • Valid SSL certificate issued by ZeroSSL (does not indicate legitimacy when paired with phishing content).
  • Hosting IP has zero abuse reports (typical for shared hosting; not a trust indicator).
AI Recommendation
Do not visit this site or enter any credentials. If you arrived here via email or message, report it as phishing to the sender's email provider or platform. If you have already entered credentials on a similar-looking page, change your Microsoft account password immediately and enable two-factor authentication.
Scam network detected
6 linked domains correlated

This subdomain is part of a known phishing farm on fwh.is. The parent domain hosts numerous credential-theft and social-engineering campaigns using similar obfuscation tactics. The specific subdomain clones login.live.com and uses character substitution to impersonate Microsoft login, Outlook, and OneDrive infrastructure.

login.live.com (impersonated)fwh.is (parent phishing farm)sup0rti1loading.fwh.is (sibling phishing subdomain)food-network.fwh.is (sibling phishing subdomain)onlinevoting-nt.fwh.is (sibling phishing subdomain)podscastthubs-ml.fwh.is (sibling phishing subdomain)
Next-gen fraud intelligence
Evidence-backedCross-checked

Website Preview

Screenshot of l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is
LIVE RENDER
l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
1.6 yrs
Registered Nov 2024
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Independent review aggregators
0/100 · low trust
Average across 1 independent review aggregator.
Clone check
Clones login.live.com
The page impersonates a well-known brand's site.
Typosquat check
Typosquat of login.live.com
Deliberate misspelling of a real brand's domain.
Web mentions
4 scam reports · 10 complaints
Web ratings
Scores pulled directly from third-party trust & review sites
ScamAdviser
0/100
High riskopen
Key findings
7 headline facts from open-web research
  • The domain is a free subdomain on fwh.is, part of InfinityFree hosting (anyone can create such subdomains).
  • fwh.is itself has a 0/100 trust score on Scamadviser and is flagged as potentially malicious/phishing by multiple vendors including Gridinsoft (1/100), iQ Abuse Scan, DNSFilter, Pulsedive.
  • Numerous subdomains on fwh.is (e.g. sup0rti1loading.fwh.is, food-network.fwh.is, onlinevoting-nt.fwh.is, podscastthubs-ml.fwh.is) are actively reported and blocked as phishing, often for credential theft or social media hijacking scams.
  • PhishDestroy and others report 16/16 VirusTotal detections and 100/100 risk scores for similar fwh.is phishing domains impersonating Microsoft.
  • The specific subdomain uses deliberate character substitution (0 for o, 1 for l/i, etc.) strongly resembling "login-microsoft-outlook-onedrive-files" to impersonate Microsoft login/Outlook/OneDrive.
  • Domain age is 584 days; fwh.is subdomains are frequently abused for short-lived phishing campaigns, with reports of Instagram voting scams leading to account takeovers.
  • No positive reviews, business info, or legitimate references found for this exact subdomain or fwh.is in a trustworthy context.
Scam reports (4)
Direct quotes from public scam databases, forums, and news.
  • Scamadviseropen

    "fwh.is has a very low trust score... we think the website may be a scam. Exercise extreme caution when using this website."

  • Gridinsoftopen

    "fwh.is should not be treated as a safe website. Gridinsoft gives it a 1/100 trust score... classified as phishing... page behavior matches a common credential-theft flow: impersonation first, urgency second, data request last."

  • PhishDestroyopen

    "web-domain.fwh.is flagged for high-risk phishing activity... 16/16 VT vendors... 100 Risk Score... high-risk phishing domain designed to deceive users into revealing sensitive information."

  • PhishStatsopen

    "Phishing report: fwh.is (GB)... podscastthubs-ml.fwh.is/ ... Threat Level: Medium (4.4)... Active"

Impersonation / typosquat
Typosquat of login.live.com

Subdomain string contains heavy obfuscation (l0glnn for login, m1cro for micro, qx0qftcom resembling microsoft, 0utloolx for outlook, 1drvvefil3es for onedrive files); matches known Microsoft/Outlook phishing patterns on fwh.is

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Security researchers and phishing-report databases confirm fwh.is as a phishing farm. independent review aggregator rates the parent domain at 0/100 trust and advises extreme caution. Gridinsoft classifies fwh.is as phishing infrastructure (1/100 trust score) with credential-theft behavior. PhishDestroy reports similar fwh.is subdomains achieving 16/16 antivirus detections and 100/100 risk scores, designed to deceive users into revealing sensitive information. PhishStats reports active phishing campaigns on fwh.is subdomains, including Instagram voting scams leading to account takeovers. Ten complaints are documented; zero positive reviews or legitimate references exist for this subdomain or the parent service.

Scam Network Intelligence

Cross-site correlation

This site shares signals with a broader cluster

Critical cluster

Many scams don't operate alone. We correlate third-party scripts, hosting infrastructure, brand-impersonation signals, and the AI evidence package to detect when a site is part of a broader scam network.

Suspicion score
0/100
ClearLowModerateHighCritical
Evidence (2)
  • Evidence confirms this site is a clone of login.live.com.
  • Domain is a typosquat of login.live.com.
Linked signals (2)
Clone of login.live.comTyposquat of login.live.com

Antivirus Engines

Detection matrix · live
7 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

6Malicious1Suspicious54Harmless92Engines
0
of 92
BitDefender
Malicious· phishing
Forcepoint ThreatSeeker
Malicious· phishing
G-Data
Malicious· phishing
LevelBlue
Malicious· phishing
Seclookup
Malicious· malicious
Webroot
Malicious· malicious
URLQuery
Suspicious· suspicious

7 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age1.6 years old
RegistrarHidden
RegisteredNov 1, 2024
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerZeroSSL GmbH · ZeroSSL ECC DV SSL CA 2
ExpiresJul 18, 2026 (40d)
Self-signedNo
Hosting & Technology
HostingI FastNet LTD
Server locationGB
Web serveropenresty

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPI FastNet LTD
Usage typeContent Delivery Network

Scam-Type Likelihood

2 scam-type patterns detected
Scam-Type Likelihood

2 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation
Brand Impersonation
Moderate likelihood
50/100
  • Domain is a typosquat of login.live.com.
  • AI analyst tagged this as a brand / clone-site impersonation.
  • Clustered with known brand-impersonation infrastructure.
Phishing
Moderate likelihood
35/100
  • Domain is a typosquat of login.live.com.
  • AI analyst tagged this as phishing.

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

  • Do not interact with l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Go to the brand's real site directly

    Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.

  • Never download or sign in here

    Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.

  • Report the impersonation to the brand

    Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is scored 1/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is presents a valid TLSv1.3 certificate issued by ZeroSSL GmbH · ZeroSSL ECC DV SSL CA 2, expiring in 40 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is is 1.6 years old, registered on 11/1/2024. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 7 out of 92 antivirus engines in our malware network flagged l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is as malicious or suspicious (6 outright malicious). Even one detection is a meaningful signal.
  • No. l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is is not currently listed on the major browser blocklist feeds that modern browsers use.
  • l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is resolves to an IP operated by I FastNet LTD in GB (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • Independent trust-rating sites currently show the following for l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is: ScamAdviser: 0/100. Those scores come from user reviews and their own heuristics, so they are worth comparing against our verdict.

Final Verdict

0
Trust / 100
Final Verdict·l0glnn-m1croqx0qftcom-0utloolx1drvvefil3es.fwh.is
DANGEROUS

This is a phishing clone impersonating Microsoft's login.live.com, hosted on a free subdomain service known for credential-theft attacks. Six antivirus engines flag it as phishing, and multiple independent security researchers report it as active phishing infrastructure. Do not visit or enter any credentials.

Do not visit this site or enter any credentials. If you arrived here via email or message, report it as phishing to the sender's email provider or platform. If you have already entered credentials on a similar-looking page, change your Microsoft account password immediately and enable two-factor authentication.

AV engines
92
MT passes
2
Net signals
2
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
vuzewin.com
31m ago
Read the review
Dangeroustrust31
gettintopc.net
33m ago
Read the review
Dangeroustrust1
app.cabana.fi
33m ago
Read the review
Dangeroustrust42
myteamge.com
2h ago
Read the review
Dangeroustrust28
invitation.soltro.vu
2h ago
Read the review
Dangeroustrust36
getintopc.com
2h ago
Read the review
Dangeroustrust5
web3-finalto.top
3h ago
Read the review
Dangeroustrust1
receita.govpagamentos.com
3h ago
Read the review
Dangeroustrust45
aerwynne.myshoeboxlife.com
3h ago
Read the review
Dangeroustrust35
torrage.info
4h ago
Read the review
Dangeroustrust29
pay.teamhealth.com
5h ago
Read the review
Dangeroustrust45
globalnursing.mindauthors.com
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.