# microsoft-support.website — SUSPICIOUS

> Domain microsoft-support.website impersonates Microsoft for credential theft. Let's Encrypt SSL enabled. VirusTotal score: 0/95 detections.

## Summary
Domain microsoft-support.website is flagged for brand impersonation, specifically targeting Microsoft to deceive users into surrendering credentials or downloading malicious software. This site mimics official Microsoft support channels to exploit trust, a common tactic in tech-brand impersonation schemes. There is no evidence yet of a crypto-draining kit deployed, but the risk of credential theft remains high due to the falsified branding and plausible domain naming. Criminals leverage such pages to harvest login details, session tokens, or distribute second-stage malware under the guise of legitimate support assistance.

Technical analysis reveals this domain was registered through ENOM, INC. on March 31, 2026, and resolves to IP address 185.80.3.92. The site secured an SSL certificate via Let’s Encrypt, likely to appear legitimate and evade browser warnings. Despite zero detections on VirusTotal (0/95 engines as of latest scan), this domain has already been flagged on three independent security blocklists including PhishDestroy and MetaMask. Google Safe Browsing (GSB) has not yet listed this domain, indicating a window of opportunity for exploitation before widespread recognition. These factors suggest an emerging threat actively trying to establish credibility while avoiding immediate detection.

This domain remains active and poses a significant risk due to its impersonation of a trusted technology brand. PhishDestroy and MetaMask have already implemented blocking measures, and SEAL has flagged the domain, demonstrating early detection by reputable security tools. However, given the low VT detection rate and absence from GSB, the window for user exposure persists. Users should avoid accessing this domain entirely. Administrators are advised to implement network-level blocks for 185.80.3.92 and monitor internal DNS resolution against the domain list. Remaining risk is moderate-to-high as this site may evolve tactics or migrate hosting to resume operations under new domains if flagged too broadly.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Microsoft

## Domain Intelligence
- Registered: 2026-03-31 12:27:26
- Registrar: ENOM, INC.
- IP: 185.80.3.92

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/885f95ab-4b93-4361-9a63-8d36df63bd66
- PhishDestroy: https://phishdestroy.io/domain/microsoft-support.website/
- LLM endpoint: https://phishdestroy.io/domain/microsoft-support.website/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/microsoft-support.website/
Last updated: 2026-03-31