urlscan.io logo urlscan.io
SecurityTrails logo

login.microoffice365.mhgw.net Open in urlscan Pro
20.165.168.102  Malicious Activity! Public Scan

Back to summary
Submitted URL: https://u32421871.ct.sendgrid.net/ls/click?upn=JUxqE7CUZww-2FIWtZujD-2FJl6ysc84Ct22SH8IW63-2FMa5-2BUJUKOcT69QF-2FOrxx5AcdAoepqAbxW...
Effective URL: https://login.microoffice365.mhgw.net/SUVkSVct
Submission: On February 15 via manual from SA — Scanned from DE

Form analysis 2 forms found in the DOM

POST ?

<form action="?" method="POST" id="gForm" style="visibility: hidden">
  <div class="h-captcha" data-sitekey="234adb2f-52ba-4697-82fa-abecbb14b173" data-callback="verifyCallback_hCaptcha"><iframe
      src="https://newassets.hcaptcha.com/captcha/v1/000919d/static/hcaptcha.html#frame=checkbox&amp;id=00uhmfvmahyd&amp;host=login.microoffice365.mhgw.net&amp;sentry=true&amp;reportapi=https%3A%2F%2Faccounts.hcaptcha.com&amp;recaptchacompat=true&amp;custom=false&amp;hl=en&amp;tplinks=on&amp;sitekey=234adb2f-52ba-4697-82fa-abecbb14b173&amp;theme=light&amp;origin=https%3A%2F%2Flogin.microoffice365.mhgw.net"
      tabindex="0" frameborder="0" scrolling="no" title="Widget containing checkbox for hCaptcha security challenge" data-hcaptcha-widget-id="00uhmfvmahyd" data-hcaptcha-response=""
      style="width: 303px; height: 78px; overflow: hidden;"></iframe><textarea id="g-recaptcha-response-00uhmfvmahyd" name="g-recaptcha-response" style="display: none;"></textarea><textarea id="h-captcha-response-00uhmfvmahyd"
      name="h-captcha-response" style="display: none;"></textarea></div>
  <br>
</form>

POST /home/evilgn/evilginx2/captcha.go

<form action="/home/evilgn/evilginx2/captcha.go" method="POST" id="cfForm" style="visibility: visible" data-callback="verifyCallback_CF">
  <div id="turnstileCaptcha"><iframe src="https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/nm0if/0x4AAAAAAACDfk2qNXIC--xp/auto/normal" id="cf-chl-widget-nm0if" tabindex="0"
      title="Widget containing a Cloudflare security challenge" style="border: none; overflow: hidden; width: 300px; height: 65px;"></iframe><input type="hidden" name="cf-turnstile-response" id="cf-chl-widget-nm0if_response" value=""></div>
  <br>
</form>

Text Content

MICROSOFT


Enable JavaScript and cookies to continue

Please stand by, while we are checking if the site connection is secure





Microsoft
needs to review the security of your connection before proceeding.
Performance & security by Microsoft