l0g1n-microso.ftornlin.com
Open in
urlscan Pro
34.130.43.54
Malicious Activity!
Public Scan
Effective URL: https://l0g1n-microso.ftornlin.com/o365
Submission: On May 09 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 5th 2023. Valid for: 3 months.
This is the only time l0g1n-microso.ftornlin.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 44.193.55.9 44.193.55.9 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 198.54.116.99 198.54.116.99 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 34.130.43.54 34.130.43.54 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 8 | 2606:4700::68... 2606:4700::6812:6b9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 104.16.169.131 104.16.169.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 18.66.15.27 18.66.15.27 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 65.9.95.116 65.9.95.116 | 16509 (AMAZON-02) (AMAZON-02) | |
18 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-55-9.compute-1.amazonaws.com
api.getjusto.com |
ASN22612 (NAMECHEAP-NET, US)
PTR: server219-4.web-hosting.com
evisatraveller-mfa.app |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.43.130.34.bc.googleusercontent.com
l0g1n-microso.ftornlin.com |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
hcaptcha.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-27.vie50.r.cloudfront.net
findicons.com |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-116.prg50.r.cloudfront.net
images.freeimages.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 5988 |
113 KB |
6 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 13326 newassets.hcaptcha.com — Cisco Umbrella Rank: 12271 hcaptcha.com — Cisco Umbrella Rank: 8155 |
248 KB |
1 |
freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 202151 |
633 B |
1 |
findicons.com
1 redirects
findicons.com — Cisco Umbrella Rank: 479403 |
305 B |
1 |
ftornlin.com
l0g1n-microso.ftornlin.com |
22 KB |
1 |
evisatraveller-mfa.app
evisatraveller-mfa.app |
223 B |
1 |
getjusto.com
1 redirects
api.getjusto.com — Cisco Umbrella Rank: 187110 |
556 B |
18 | 7 |
Domain | Requested by | |
---|---|---|
8 | challenges.cloudflare.com |
1 redirects
l0g1n-microso.ftornlin.com
challenges.cloudflare.com evisatraveller-mfa.app |
4 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
1 | hcaptcha.com |
newassets.hcaptcha.com
|
1 | images.freeimages.com |
l0g1n-microso.ftornlin.com
|
1 | findicons.com | 1 redirects |
1 | js.hcaptcha.com |
l0g1n-microso.ftornlin.com
|
1 | l0g1n-microso.ftornlin.com | |
1 | evisatraveller-mfa.app | |
1 | api.getjusto.com | 1 redirects |
18 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
evisatraveller-mfa.app Sectigo RSA Domain Validation Secure Server CA |
2022-10-30 - 2023-10-30 |
a year | crt.sh |
*.ftornlin.com R3 |
2023-05-05 - 2023-08-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-15 - 2024-04-14 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://l0g1n-microso.ftornlin.com/o365
Frame ID: 4F154800E218D714413F5E3C48E7A5B2
Requests: 5 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/ee0b823/static/hcaptcha.html
Frame ID: 5879EA4F531DCB91BA899F375F58B8F3
Requests: 2 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/ee0b823/static/hcaptcha.html
Frame ID: 7DC02628B06A88C77C7808E71C3FF74B
Requests: 4 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q7wvo/0x4AAAAAAAEeD8MyNruqc88h/auto/normal
Frame ID: 5356738A2F61309D3A4B2ED6D78B4048
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://api.getjusto.com/redirect?to=https%3A%2F%2Fevisatraveller-mfa.app%2Fjs%2Fgi%2Fgu2bal%2F%2F%2F%2FbWFya0B1bml0ZWRyb2FkLmNvbQ== HTTP 302
- https://evisatraveller-mfa.app/js/gi/gu2bal////bWFya0B1bml0ZWRyb2FkLmNvbQ==
- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/g/b5e45436/api.js?onload=onloadTurnstileCallback
- https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
- https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
bWFya0B1bml0ZWRyb2FkLmNvbQ==
evisatraveller-mfa.app/js/gi/gu2bal//// Redirect Chain
|
0 223 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
o365
l0g1n-microso.ftornlin.com/ |
22 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/b5e45436/ Redirect Chain
|
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
291 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/ Redirect Chain
|
254 B 633 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/ee0b823/static/ Frame 5879 |
2 KB 808 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/ee0b823/static/ Frame 7DC0 |
2 KB 990 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/q7wvo/0x4AAAAAAAEeD8MyNruqc88h/auto/ Frame 5356 |
22 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/ee0b823/ Frame 7DC0 |
291 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 5356 |
151 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/ee0b823/ Frame 5879 |
291 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 7DC0 |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
hcaptcha.com/ Frame 7DC0 |
853 B 1017 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
4a2ee83f8eb473d
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1107572892:1683663627:-ZRaVBIJhtd8XhndnxjL37JCBbFBAOp9fUEurjxpzbE/7c4ccdc6cf5d372f/ Frame 5356 |
75 KB 45 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3CJhUiPMv77yrwB
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c4ccdc6cf5d372f/1683665312107/87db06e54666f9c9a06c073496e13b4c476f8df71d42ffaeeb26a60757dc62bf/ Frame 5356 |
1 B 647 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
934cc040-e8a9-487f-8766-fabcc3b9653e
https://challenges.cloudflare.com/ Frame 5356 |
539 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
71cf4022-a1f5-42b3-94c4-0eee2114f32b
https://challenges.cloudflare.com/ Frame 5356 |
656 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
LVw58q_1mWPKITB
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c4ccdc6cf5d372f/1683665312111/ Frame 5356 |
61 B 166 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
4a2ee83f8eb473d
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1107572892:1683663627:-ZRaVBIJhtd8XhndnxjL37JCBbFBAOp9fUEurjxpzbE/7c4ccdc6cf5d372f/ Frame 5356 |
616 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless function| verifyCallback_CF function| verifyCallback_hCaptcha function| validateElement function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| Raven object| hcaptcha object| grecaptcha object| turnstile number| ticker1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ftornlin.com/ | Name: uGZw Value: 6b2df1f558c5b55824a48eaea5f8cd61ded0a6398057365c1eec27387f691acc |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.getjusto.com
challenges.cloudflare.com
evisatraveller-mfa.app
findicons.com
hcaptcha.com
images.freeimages.com
js.hcaptcha.com
l0g1n-microso.ftornlin.com
newassets.hcaptcha.com
104.16.169.131
18.66.15.27
198.54.116.99
2606:4700::6812:6b9
34.130.43.54
44.193.55.9
65.9.95.116
07c176f8f7a1168c0ec9c41bf14bb77f62be7111ec4a7ac06d8b9f87a5d91a4f
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8
126cc5ce1c69aed79dd0297992080f305cc53ffec81fa94fa7e5a994f42e31cb
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
2fc891322b8064d0054b8792b072de7d21bc003aeb941880175e5a9bd0e4b083
5205e201bbd649a3a4af0ecb9b1e8a80f73aa8ea4aee1740302b1b8f7435b27f
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
642269bc28a123f8175e9fed68e748d9ec59b69fe58dd975a71e8ea325967b8f
690a67af4de9a13883b50d490e341014e06edd706a20f2dfa7239dbbc581a79a
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
927e423c148bfd58447f03aa3860a0524096a17f3a2707a388603c10fe93ffc1
a26d35a57845c86f97d7d556909912417696485b97586e999e286be9ccd1cff0
d493eb7c5599760b40659a7f0af57daf8fa9692a96aded7e9272c6074e88c3bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
e9bda60c49e2b393b23b8257f906aecb09daf15a4460a6d62c6a5a1e5a85d201