![](/screenshots/10235a09-0176-4643-81c9-f3dc10d1b0a2.png)
l0g1n-microso.ftornlin.com
Open in
urlscan Pro
34.130.43.54
Malicious Activity!
Public Scan
Effective URL: https://l0g1n-microso.ftornlin.com/o365
Submission: On May 12 via manual from US — Scanned from NL
Summary
TLS certificate: Issued by R3 on May 5th 2023. Valid for: 3 months.
This is the only time l0g1n-microso.ftornlin.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 35.222.123.249 35.222.123.249 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 34.130.43.54 34.130.43.54 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 8 | 2606:4700::68... 2606:4700::6812:6b9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 104.16.168.131 104.16.168.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 13.32.27.63 13.32.27.63 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.138.17.98 108.138.17.98 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 104.16.169.131 104.16.169.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 7 |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.123.222.35.bc.googleusercontent.com
feanidio.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 54.43.130.34.bc.googleusercontent.com
l0g1n-microso.ftornlin.com |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
hcaptcha.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-63.fra56.r.cloudfront.net
findicons.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-98.fra56.r.cloudfront.net
images.freeimages.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 5988 |
125 KB |
6 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 13326 newassets.hcaptcha.com — Cisco Umbrella Rank: 12271 hcaptcha.com — Cisco Umbrella Rank: 8155 |
248 KB |
1 |
freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 202151 |
605 B |
1 |
findicons.com
1 redirects
findicons.com — Cisco Umbrella Rank: 479403 |
306 B |
1 |
ftornlin.com
l0g1n-microso.ftornlin.com |
23 KB |
1 |
feanidio.com
feanidio.com |
1 KB |
1 |
localboxes.ie
1 redirects
localboxes.ie |
1 KB |
18 | 7 |
Domain | Requested by | |
---|---|---|
8 | challenges.cloudflare.com |
1 redirects
l0g1n-microso.ftornlin.com
challenges.cloudflare.com feanidio.com |
4 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
1 | hcaptcha.com |
newassets.hcaptcha.com
|
1 | images.freeimages.com |
l0g1n-microso.ftornlin.com
|
1 | findicons.com | 1 redirects |
1 | js.hcaptcha.com |
l0g1n-microso.ftornlin.com
|
1 | l0g1n-microso.ftornlin.com |
feanidio.com
|
1 | feanidio.com | |
1 | localboxes.ie | 1 redirects |
18 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
feanidio.com R3 |
2023-05-09 - 2023-08-07 |
3 months | crt.sh |
*.ftornlin.com R3 |
2023-05-05 - 2023-08-03 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-15 - 2024-04-14 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://l0g1n-microso.ftornlin.com/o365
Frame ID: CAAA4603009E2594FE1D504431B0DCFE
Requests: 5 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/ee0b823/static/hcaptcha.html
Frame ID: 968289AFDE69D929D64394BD9BC740A6
Requests: 2 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/ee0b823/static/hcaptcha.html
Frame ID: 8A2B212E6ACE19FD6306B48E1720271F
Requests: 4 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ri9zm/0x4AAAAAAAEeD8MyNruqc88h/auto/normal
Frame ID: 4BBE1F494734A6D86BE55C1C2D6C3E21
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/10235a09-0176-4643-81c9-f3dc10d1b0a2.png)
Page Title
Just a moment...Page URL History Show full URLs
-
https://localboxes.ie/v?link=https://feanidio.com/
HTTP 303
https://feanidio.com/ Page URL
- https://l0g1n-microso.ftornlin.com/o365 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://localboxes.ie/v?link=https://feanidio.com/
HTTP 303
https://feanidio.com/ Page URL
- https://l0g1n-microso.ftornlin.com/o365 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://localboxes.ie/v?link=https://feanidio.com/ HTTP 303
- https://feanidio.com/
- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/api.js?onload=onloadTurnstileCallback
- https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
- https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
feanidio.com/ Redirect Chain
|
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
o365
l0g1n-microso.ftornlin.com/ |
22 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/7fe8adc8/ Redirect Chain
|
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
291 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/ Redirect Chain
|
254 B 605 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/ee0b823/static/ Frame 9682 |
2 KB 958 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/ee0b823/static/ Frame 8A2B |
2 KB 808 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/ri9zm/0x4AAAAAAAEeD8MyNruqc88h/auto/ Frame 4BBE |
22 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/ee0b823/ Frame 9682 |
291 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame 4BBE |
155 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/ee0b823/ Frame 8A2B |
291 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8A2B |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
hcaptcha.com/ Frame 8A2B |
853 B 1020 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
2764e07262e6c19
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1492152883:1683907699:BYb-3DPe27DYgFTSS9xQL3drYb4xP1-n4qLDs9qHTH4/7c64406f1fec0bce/ Frame 4BBE |
111 KB 55 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
93TRwNcnGNEIyVG
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7c64406f1fec0bce/1683911180961/ecbedefbee8f6943e95ce9f7247e2fd38f3950d76e38e29c3848f7a689ca2c53/ Frame 4BBE |
1 B 648 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DFnApD1cUX8AfFZ
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7c64406f1fec0bce/1683911180963/ Frame 4BBE |
61 B 166 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
ccb28f77-a531-4a76-bef5-c723942ea30b
https://challenges.cloudflare.com/ Frame 4BBE |
220 B 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
0567f6fa-42e7-4583-a062-07dacf2e4f29
https://challenges.cloudflare.com/ Frame 4BBE |
539 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
2764e07262e6c19
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1492152883:1683907699:BYb-3DPe27DYgFTSS9xQL3drYb4xP1-n4qLDs9qHTH4/7c64406f1fec0bce/ Frame 4BBE |
644 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless function| verifyCallback_CF function| verifyCallback_hCaptcha function| validateElement function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| Raven object| hcaptcha object| grecaptcha object| turnstile number| ticker3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
localboxes.ie/ | Name: XSRF-TOKEN Value: eyJpdiI6Ii9YQWo1c1BOb2xQQjVlRk1nanUzTkE9PSIsInZhbHVlIjoiKzR1T0RCbjB5aWFTUVRoaGE2SmlMTFVtRGM2eFFabnZwY29tZkp5aVJIWEpFTW1sd0RkNnZIZUtuVVpGWlVLZm9hZE9LTmxVbGlCeGR3amlQYWcyUUptUEd4RmhjWmpENmUvKzV0S0xJK21XbjdVeEkycXJabFJuMDB4eGx0WDQiLCJtYWMiOiI4OTRhMjZjZGFhMmMxZDdhZDcwMWU3ZGFiMWJkNGY3ZmZmODkxMjAxOWNjMWIzY2UyMWVkZGUwNmQ3NTRkYWM4In0%3D |
|
localboxes.ie/ | Name: local_boxes_session Value: eyJpdiI6ImFISVNscnI0K05ISEpLT0o2c2F1MWc9PSIsInZhbHVlIjoicGJBUGxURk1CL1NmUjUyem4yamZPQWdhaHcwc1NKUXJMZHI3TlNjMEZaTEVuU003c2RqM0FBOXdIL2d1SXFDL2dleEdjdDI1SkhJY0hNZFM4b25rQU43ajZpMGtSbUNvNUh0U2xuOGY5a0M3REpoVjJiMVB5UXA0Y1ZGWmRGdmIiLCJtYWMiOiJkYzUwZTIwMjY4OTFlMTYxYzJjZmFjZTU2NjBlMmNmZGQ0NjFhMmUwOGMyMTZjOGYwYjI2NzQxZDQ2ODQzZGFlIn0%3D |
|
.ftornlin.com/ | Name: uGZw Value: 32d38e11ef5d2f711490648175d7e155da02ef3febd22c1fca920db8b86f6da3 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
challenges.cloudflare.com
feanidio.com
findicons.com
hcaptcha.com
images.freeimages.com
js.hcaptcha.com
l0g1n-microso.ftornlin.com
localboxes.ie
newassets.hcaptcha.com
104.16.168.131
104.16.169.131
108.138.17.98
13.32.27.63
2606:4700::6812:6b9
2a06:98c1:3120::3
34.130.43.54
35.222.123.249
08c91791d18c8b35509f8951ba53b3868ebc91a142f78fb1294aadad03f537c8
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
2ca0c740d856898e314fbfde9f2302adc5bd1d531f05c65b69f12c8f1a5281a3
34e2dc14282902697516d8e630b0723f501758f96f68356b6e0231a9d8b58ac6
3d1f07dffe8f6dedff783c38207691a96f1fb548a6a426f827da946c1537613e
51957b7f445f96a4f027db0a264c33904aaa9cd1ef944148008e41d54d4f8f0c
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
642269bc28a123f8175e9fed68e748d9ec59b69fe58dd975a71e8ea325967b8f
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7b20128b526f61fff33ccf2b2731ca5f86e65dbb5be4bcfc4b7f596631e8413c
879e47e5530202d8fc3f3232b6ed6e06980f7aa98d18767af5e9cd1a4c5b6764
9b69b152bc42475ba73a2babb5c5ac99551345dc803bb5577536e7f6ee562b7f
a26d35a57845c86f97d7d556909912417696485b97586e999e286be9ccd1cff0
a41d3fca6de6d3bcb9ae60929a083af4bf190b8dfef8703fdbaf2099bcc46caf
d44dc6f23807b3a6e13b79512d9f3e43165419a22008d24a07e89491244f8c56
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8