urlscan.io logo urlscan.io
SecurityTrails logo

l0g1n-microso.ftonlineclient.com Open in urlscan Pro
2606:4700:20::681a:af9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven...
Effective URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Submission: On November 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2606:4700:20::681a:af9, located in United States and belongs to CLOUDFLARENET, US. The main domain is l0g1n-microso.ftonlineclient.com.
TLS certificate: Issued by GTS CA 1P5 on November 29th 2023. Valid for: 3 months.
This is the only time l0g1n-microso.ftonlineclient.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 74.214.203.11 14618 (AMAZON-AES)
1 20.13.162.148 8075 (MICROSOFT...)
8 2606:4700:20:... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
15 4
Apex Domain
Subdomains		 Transfer
8 ftonlineclient.com
l0g1n-microso.ftonlineclient.com
148 KB
4 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 6439
23 KB
1 solacescapehaven.com
ny.solacescapehaven.com
909 B
1 myidcare.com
click1.rs.myidcare.com
310 B
15 4
Domain Requested by
8 l0g1n-microso.ftonlineclient.com ny.solacescapehaven.com
l0g1n-microso.ftonlineclient.com
4 challenges.cloudflare.com l0g1n-microso.ftonlineclient.com
challenges.cloudflare.com
1 ny.solacescapehaven.com
1 click1.rs.myidcare.com 1 redirects
15 4

This site contains no links.

Subject Issuer Validity Valid
ny.solacescapehaven.com
R3		 2023-11-27 -
2024-02-25		 3 months crt.sh
ftonlineclient.com
GTS CA 1P5		 2023-11-29 -
2024-02-27		 3 months crt.sh
challenges.cloudflare.com
Cloudflare Inc ECC CA-3		 2023-08-18 -
2024-08-17		 a year crt.sh

This page contains 3 frames:

Primary Page: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Frame ID: B6F7865838D387A42CE2BCFA246CBB19
Requests: 13 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3zsio/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: 50AE015946BB8310A015660595AEC970
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bils1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Frame ID: B45B43092C7A4870246E7EB7C516978F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

reCAPTCHA

Page URL History Show full URLs

  1. http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https:/... HTTP 302
    https://ny.solacescapehaven.com/ Page URL
  2. https://l0g1n-microso.ftonlineclient.com/LSsYOsgr Page URL
  3. https://l0g1n-microso.ftonlineclient.com/LSsYOsgr Page URL

Page Statistics

15
Requests

87 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

172 kB
Transfer

447 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com HTTP 302
    https://ny.solacescapehaven.com/ Page URL
  2. https://l0g1n-microso.ftonlineclient.com/LSsYOsgr Page URL
  3. https://l0g1n-microso.ftonlineclient.com/LSsYOsgr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com HTTP 302
  • https://ny.solacescapehaven.com/

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ny.solacescapehaven.com/
Redirect Chain
  • http://click1.rs.myidcare.com/mtqbdsmtytgljpwvltdsylpkkzlgztyqtysnpsjctdtty_ktvvhpdhrs.html?target=https://ny.solacescapehaven.com
  • https://ny.solacescapehaven.com/
1 KB
909 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ny.solacescapehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.13.162.148 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
39d28f92577fc9a443372a965f308c1a862e54b9fe313ab7ae4df105d46da225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 29 Nov 2023 21:19:41 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html;charset=utf-8
Date
Wed, 29 Nov 2023 21:19:40 GMT
Keep-Alive
timeout=60
Location
https://ny.solacescapehaven.com
Server
Apache-Coyote/1.1
LSsYOsgr
l0g1n-microso.ftonlineclient.com/ 		11 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Requested by
Host: ny.solacescapehaven.com
URL: https://ny.solacescapehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b2b8f942f6ef73f59c74050dd218f5984faf0a5b9abb6f10d2c4a0fc5c5ec2e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://ny.solacescapehaven.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated
challenge
cf-ray
82dde3eb6a622c55-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 29 Nov 2023 21:19:41 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9cBN5Cmc%2FIfPstNaccxA8s3Puxe6tDMeGZCMAtkFOz6%2B2nJ3Mlt5cPH%2F6aoNv48PcI5Gzj9Rnjd88JgtiI3VyWc5%2BLOsu%2Fxfkddd5YCEtyVjMfpz81zBjntjuvKp9xYSZJPdE3Bh0V3gdCy%2BJRLgSnFOKV1NTV0U%2F5YYrNZ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
v1
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/ 		165 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3eb6a622c55
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4233feae63026c07b813ac963f2209417cffe9a3a954ec00a227d6e99761c326

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr?__cf_chl_rt_tk=XT5g5lcN.WhOToNCio2IM9AQ4IPCaLk4XkTDizZx2s8-1701292781-0-gaNycGzNDRA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 21:19:41 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmODnM%2BznC5LPbg2xqWQfiCwIUQ7m1zNuVMCaqS76%2Fz3dRMMAfRlaAWh3yX%2FgYfb0YNv5xcHWT%2BfLwRAUipCa%2BxUwKvRhmUExPDsTPEz5co4SXHQTKp3UB0qxr7D%2FqNVHT1eXSxxX78yvuZx82YBxLMCf6bU5OlpmxmSHcZO"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82dde3ebaaad2c55-FRA
api.js
challenges.cloudflare.com/turnstile/v0/g/9914b343/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/9914b343/api.js?onload=FAIg1&render=explicit
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3eb6a622c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51cd12da61a7401c73472b2ac77067adfa30e9fc0545b4b7c240e9154e011fc7

Request headers

Referer
Origin
https://l0g1n-microso.ftonlineclient.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 21:19:41 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
82dde3ebfaf0996c-FRA
alt-svc
h3=":443"; ma=86400
4c2a5869-e04a-4562-bf98-895a4fdaeb2f
https://l0g1n-microso.ftonlineclient.com/ 		13 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://l0g1n-microso.ftonlineclient.com/4c2a5869-e04a-4562-bf98-895a4fdaeb2f
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length
13
Content-Type
text/javascript
24863e2b6fc2917
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1051825820:1701289586:LbtOncLuHsdCjhsJhDNQ-SmgsPYfNvG1Zi24NSGL-oc/82dde3eb6a622c55/ 		12 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1051825820:1701289586:LbtOncLuHsdCjhsJhDNQ-SmgsPYfNvG1Zi24NSGL-oc/82dde3eb6a622c55/24863e2b6fc2917
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3eb6a622c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9549b73033d435e9fb8740cb1e805b69e6616e25c1a60f7ffcbb6da18da249a

Request headers

Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge
24863e2b6fc2917
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 29 Nov 2023 21:19:41 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGrgLS1%2B2MfXNv1i7P12%2B7f9akVF1ShIK3I2fVhUjTLPbDB8GqNOiPJpOeV%2FS5MrrklaU21LJ8Jtg9tpmpzLVWNHSh9DwXPZAcNbkJUIqp%2BQ%2BOQwx9Uaeozm1ZT0XT5psoYhEY1tNaIA%2FiTljHwEffEgQ%2FFhMocqNKNt7qmY"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82dde3ec8bcc2c55-FRA
cf-chl-gen
mLvH6mjkCHpu4aWc5D5F5hPQk2u316ZnpE56BzMLitg1e4c6RsHUdWAFVHRRnQ2z$sBksB+fwwt42QvOhnTNIjA==
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3zsio/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame 50AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/3zsio/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/9914b343/api.js?onload=FAIg1&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82dde3ece90765d4-FRA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 21:19:41 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
24863e2b6fc2917
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1051825820:1701289586:LbtOncLuHsdCjhsJhDNQ-SmgsPYfNvG1Zi24NSGL-oc/82dde3eb6a622c55/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1051825820:1701289586:LbtOncLuHsdCjhsJhDNQ-SmgsPYfNvG1Zi24NSGL-oc/82dde3eb6a622c55/24863e2b6fc2917
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3eb6a622c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f68baadf5329d5a3bddec424a1e7476a4349fe22eef342e7a040f4b5483e4224

Request headers

Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge
24863e2b6fc2917
Content-type
application/x-www-form-urlencoded

Response headers

cf-chl-out
pIBIPEgCQQc3AtHpMAtasofYuQ6wWEOUP5zA5PnlP6bwwrhRIfOgmJ2x95Iw2vUA+pDlf9MDqe7Jm8WyrfFHsVbP8V7tazXb14s+z4PIbmc=$lA4VTCMV3Rx9f9EgPfM/5A==
cf-chl-out-s
NMHDSeW/HeJ4i9AdyiypHreedqSE+J6tkNN0dx2WCJFyAlgOJBmskhY1A4uuALCJvcQheCDhMn4xzo56yTvCqFB1AyO3E43F24R3hqam0Cpw6BAHV8gMVf0v2LIqpfT0jfmDw9j4Qr5WaBylneduT5mCMAJhnJYA23tgqiMr/cqVtqp9SMoBUVEIilBcsh0ICNdaVbup95GyizXbeynpx082mkjiGhLbryr8Z12GIdQoLsi0AY/P6Y0DARKBJBKb$50hJY+944/VUcgSe9oW04w==
date
Wed, 29 Nov 2023 21:19:41 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QTBgla9rY00cRoy31Wapjo7Y8hK4pZBedhIM%2Fff6u3WUsUVKlvkdNivHddms09IbU18BGQn6g7n%2Fuo467NsdDKmI3jpwRcUuEcjWQSR%2FtvPB7jr8KqDYYUn1V%2BmCinujPVrHzm2ShGu8J46zCF1L4Cl688UrnI9PTetbCfEL"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
82dde3ee3dda2c55-FRA
Primary Request LSsYOsgr
l0g1n-microso.ftonlineclient.com/ 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3eb6a622c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86aad7c98024619aa30d1638a99d87aa8e4d019421a9913aec7b52cd25d775df
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-mitigated
challenge
cf-ray
82dde3fe99612c55-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Wed, 29 Nov 2023 21:19:44 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O342Ry2F5A%2FOKBqcmvWHs1MZHr4NLkE4pT3lhz%2F2XhbJWXu90p2YMnn99RQLQU8yoPGylhW3gEHIDwcw%2FKt9OB2VedYpqbbhKzBxWLefXO3cU2BcfbfMu8Bho5alGn8vZC%2BESh4XdA2i%2BTk0DtFzL9c%2F3x%2Fkoio4c%2BLfnzIe"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
v1
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/ 		164 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3fe99612c55
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
297d742a6237395037d82a940b12f2e620fe8e00494e74f4ce880ea36b06f18b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr?__cf_chl_rt_tk=c2bLeg9VC1eZiUFRMoI3jGNwBU60R6Sfmgpdw1mly04-1701292784-0-gaNycGzNCdA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 21:19:44 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bW6jqDvj07bvDUTMM04np%2BZPsqZEcR2DmX5hw8dxoZy%2F695W7xyPdOz7bgrMTk349TsIIWSSiAAJjT2HesLeSIrz%2BM%2BbLoZehsfTFHoSUSVd3vu3sqR22tMz8M3y372Fh1hyEAfQ6xg12CahpN8nyEUMtR26EuBRR%2FRkWIYs"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82dde3fec9ac2c55-FRA
api.js
challenges.cloudflare.com/turnstile/v0/g/9914b343/ 		33 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/g/9914b343/api.js?onload=FAIg1&render=explicit
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3fe99612c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51cd12da61a7401c73472b2ac77067adfa30e9fc0545b4b7c240e9154e011fc7

Request headers

Referer
Origin
https://l0g1n-microso.ftonlineclient.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 21:19:44 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
82dde3ff0eff996c-FRA
alt-svc
h3=":443"; ma=86400
2dd68daa-d5b0-4feb-b472-2974f390c0e5
https://l0g1n-microso.ftonlineclient.com/ 		13 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://l0g1n-microso.ftonlineclient.com/2dd68daa-d5b0-4feb-b472-2974f390c0e5
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length
13
Content-Type
text/javascript
6d42507369e7fbe
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/820135952:1701289564:V70aIMqgC-CF_QvD_7mq65NwWxomO79NAvn9ouGjrTY/82dde3fe99612c55/ 		12 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/820135952:1701289564:V70aIMqgC-CF_QvD_7mq65NwWxomO79NAvn9ouGjrTY/82dde3fe99612c55/6d42507369e7fbe
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3fe99612c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d82693a9b0cee842d5be2a22905e9bffb2630fc76ea9c0ef66a0574023428e6

Request headers

Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge
6d42507369e7fbe
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 29 Nov 2023 21:19:44 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ru0ReeyzfMF2w%2FHiFOdleJkA8p%2FeOJcu%2BYtqixSGvubi4j5lzNH2tPYZWUCjjqFDi8twuAz6yTtFTgWQFyMKYYP3uKgTYjkcUJccr5Rbs4my0ZDE39n%2BKDEizYdf7gnu7IPCD4WHodkr4OUkd7rpsMvpRngv2dfR3GApUtuB"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
82dde3ffaaa82c55-FRA
cf-chl-gen
+Wv6ODbdi9dZi0+LNbnTqLtPTiGEdQmzYx3WZn4JhQut398/NIQKt5UYZ+XiAfCz$KPj1kyGsRrwhWNdpXMlFhw==
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bils1/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame B45B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/bils1/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/g/9914b343/api.js?onload=FAIg1&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:3b8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
82dde3fffe5965d4-FRA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Wed, 29 Nov 2023 21:19:44 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
6d42507369e7fbe
l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/820135952:1701289564:V70aIMqgC-CF_QvD_7mq65NwWxomO79NAvn9ouGjrTY/82dde3fe99612c55/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/flow/ov1/820135952:1701289564:V70aIMqgC-CF_QvD_7mq65NwWxomO79NAvn9ouGjrTY/82dde3fe99612c55/6d42507369e7fbe
Requested by
Host: l0g1n-microso.ftonlineclient.com
URL: https://l0g1n-microso.ftonlineclient.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=82dde3fe99612c55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:af9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35c18a33c6d93b63426eae462e5704771f17b19d6b72d1939e505b5f2ad770ac

Request headers

Referer
https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
CF-Challenge
6d42507369e7fbe
Content-type
application/x-www-form-urlencoded

Response headers

cf-chl-out
/xREzu7OYH4aNKfz8gfEIYe87YOXODX0lXN9yEmCmy/rMTV7gMQjjA5tRfNoHCedBcmoR0sSbEJ3NO2tmo3k//p7HMxINFEDvcZoci5qSws=$blwPFsTNfVGBxlpDxxuslw==
cf-chl-out-s
x3I6GH8b5cv+hcYKMrfPhISagtJmPoThlWzqyHtuM4VfMwVzyll5h+y20c1+JTedltc0SUWVTGEaBcrwc+/S0ZB2aTWg82C5N1LqNU9pXV663bPiVK8FO36+Em/XLwZu56QUjCOyh155meaVo7qNbQRUcQ5fkymQGoHMAod8UXC1QgD+I7Z+3nph/Kvn7mHz3+xnhpEfJuZ5Pv088gMhlj4G2MVeBY03cgwRJmIGvBy5HiAAnUd3oqAdZtJwXKa4$nQ3HXUUyYsp9cicI4KFQzA==
date
Wed, 29 Nov 2023 21:19:44 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0WCGX%2FyZ7xbBkitfGmQmV5MXfcdcIH4CO0iDNGG6SKigcN%2FGPFS%2FSk9E1H0PdLz%2FTs%2FYBxnPnE5QPnUcRac2HXU3HpZkPpPYnELRRBULsSqIyDoMsW96ZNBFnE0rzLWO5W%2FY25w7P%2FmxPHjvwLhkp9N%2Bpb7NdFtXbJiCgMQI"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
82dde4012d032c55-FRA

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| _cf_chl_opt function| SgWID6 function| LGYdpr9 function| FdoAsB7 object| nCiPQs6 function| mgSMVQzBWl function| IyIbT4 function| FAIg1 boolean| WrwZ6 function| scUG3 object| BoUQfS8 object| turnstile boolean| CnXTHZ3 string| LPfb7

2 Cookies

Domain/Path Name / Value
click1.rs.myidcare.com/ Name: JSESSIONID
Value: 31D0357C6770E4D98C8DDC92D14331B8
l0g1n-microso.ftonlineclient.com/ Name: cf_chl_rc_i
Value: 1

6 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Message:
Failed to load resource: the server responded with a status of 403 ()
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network error URL: https://l0g1n-microso.ftonlineclient.com/LSsYOsgr
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000