urlscan.io logo urlscan.io
SecurityTrails logo

0nline.remlog.online Open in urlscan Pro
79.110.52.77  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_V...
Effective URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Submission: On February 20 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 79.110.52.77, located in Amsterdam, Netherlands and belongs to M247, RO. The main domain is 0nline.remlog.online.
TLS certificate: Issued by R3 on February 14th 2024. Valid for: 3 months.
This is the only time 0nline.remlog.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 1 67.199.248.10 396982 (GOOGLE-CL...)
1 13 79.110.52.77 9009 (M247)
15 3
Apex Domain
Subdomains		 Transfer
13 remlog.online
0nline.remlog.online
adeb15c4-fd124bf1.remlog.online
l1ve.remlog.online
0f32ca53-fd124bf1.remlog.online
512 KB
2 hubspotlinksfree.com
d5jzjm04.na1.hubspotlinksfree.com
3 KB
1 bit.ly
bit.ly — Cisco Umbrella Rank: 5619
296 B
15 3
Domain Requested by
7 adeb15c4-fd124bf1.remlog.online 0nline.remlog.online
adeb15c4-fd124bf1.remlog.online
4 0nline.remlog.online 1 redirects d5jzjm04.na1.hubspotlinksfree.com
adeb15c4-fd124bf1.remlog.online
2 d5jzjm04.na1.hubspotlinksfree.com 1 redirects
1 0f32ca53-fd124bf1.remlog.online adeb15c4-fd124bf1.remlog.online
1 l1ve.remlog.online 0nline.remlog.online
1 bit.ly 1 redirects
15 6

This site contains no links.

Subject Issuer Validity Valid
hubspotlinksfree.com
Cloudflare Inc ECC CA-3		 2023-04-17 -
2024-04-16		 a year crt.sh
remlog.online
R3		 2024-02-14 -
2024-05-14		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Frame ID: 0CB20C2C4DE62D424721BB916BC48345
Requests: 14 HTTP requests in this frame

Frame: https://0f32ca53-fd124bf1.remlog.online/Prefetch/Prefetch.aspx
Frame ID: 2FF66E09596ABD138D06EBE7165ADE63
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

  1. https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-... Page URL
  2. https://d5jzjm04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW... HTTP 307
    https://bit.ly/49JEPJZ?utm_medium=email&_hsmi=294907019&_hsenc=p2ANqtz-_mSE1aYrHz-YGWY2H6uV... HTTP 301
    https://0nline.remlog.online/?JbPD9t=E5aoWG Page URL
  3. https://0nline.remlog.online/?JbPD9t=E5aoWG HTTP 302
    https://0nline.remlog.online/?JbPD9t=E5aoWG Page URL
  4. https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true Page URL

Page Statistics

15
Requests

87 %
HTTPS

33 %
IPv6

3
Domains

6
Subdomains

3
IPs

2
Countries

514 kB
Transfer

1719 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04 Page URL
  2. https://d5jzjm04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04?_ud=c2861158-a1e3-4115-838e-db514b4e2d89&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://bit.ly/49JEPJZ?utm_medium=email&_hsmi=294907019&_hsenc=p2ANqtz-_mSE1aYrHz-YGWY2H6uVL-BBlZTY0GJAhceMUCUmEpUc-ZJ6HABZsgWTKfgN42Bo5YsoRIqSznxwin9RVHubHXBk_u0Q&utm_content=294907019&utm_source=hs_email HTTP 301
    https://0nline.remlog.online/?JbPD9t=E5aoWG Page URL
  3. https://0nline.remlog.online/?JbPD9t=E5aoWG HTTP 302
    https://0nline.remlog.online/?JbPD9t=E5aoWG Page URL
  4. https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://d5jzjm04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04?_ud=c2861158-a1e3-4115-838e-db514b4e2d89&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
  • https://bit.ly/49JEPJZ?utm_medium=email&_hsmi=294907019&_hsenc=p2ANqtz-_mSE1aYrHz-YGWY2H6uVL-BBlZTY0GJAhceMUCUmEpUc-ZJ6HABZsgWTKfgN42Bo5YsoRIqSznxwin9RVHubHXBk_u0Q&utm_content=294907019&utm_source=hs_email HTTP 301
  • https://0nline.remlog.online/?JbPD9t=E5aoWG
Request Chain 2
  • https://0nline.remlog.online/?JbPD9t=E5aoWG HTTP 302
  • https://0nline.remlog.online/?JbPD9t=E5aoWG

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW...
d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b9e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
8588e7354e5f5d39-FRA
content-encoding
br
content-type
text/html;charset=utf-8
date
Tue, 20 Feb 2024 18:44:50 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-content-type-options
nosniff
x-envoy-upstream-service-time
9
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-5c6d56bb5f-gmndn
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
03c9a3e2-42d1-46a3-8e7d-bf6d2c5051ec
x-request-id
03c9a3e2-42d1-46a3-8e7d-bf6d2c5051ec
x-robots-tag
none
/
0nline.remlog.online/
Redirect Chain
  • https://d5jzjm04.na1.hubspotlinksfree.com/events/public/v1/encoded/track/tc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGc...
  • https://bit.ly/49JEPJZ?utm_medium=email&_hsmi=294907019&_hsenc=p2ANqtz-_mSE1aYrHz-YGWY2H6uVL-BBlZTY0GJAhceMUCUmEpUc-ZJ6HABZsgWTKfgN42Bo5YsoRIqSznxwin9RVHubHXBk_u0Q&utm_content=294907019&utm_source=...
  • https://0nline.remlog.online/?JbPD9t=E5aoWG
274 KB
90 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0nline.remlog.online/?JbPD9t=E5aoWG
Requested by
Host: d5jzjm04.na1.hubspotlinksfree.com
URL: https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
f207581e2c3669e0df815e8507fea56bbae7525c0b576531b2dd106794a5258f

Request headers

Referer
https://d5jzjm04.na1.hubspotlinksfree.com/Ctc/DQ+113/d5jZjM04/VWdkKp9h5gVGW5kjYkk2ZjkFgW5j5c_V59M167M_h9p43m2ndW69sMD-6lZ3pRW30BpBZ8c5N2_VRhGjS1xqBCSVlxk8h1qyX-hN6yNGcVjGR0DW3LJXZ17HJJp1W2MlVzW841GyqW6r5_Y81hDdnHVRxD_G1kMZrtN1896CXvFgBTVKmK3587Hg9LVQS31p7ssDW-W54Zbd02VnbbrW4ll6Yc2BbDW4W9dflFK5WQ2ZCW68xFYL3TXqTpW2Sb-fG2PLN6yN8Yt_BN82s2gW7T1fm02ZC2W7VlgfWC2X8nM1W77Q2QP8Cg0qFd_ZDPM04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 20 Feb 2024 18:44:51 GMT
server
nginx
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=90
content-length
130
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Tue, 20 Feb 2024 18:44:50 GMT
location
https://0nline.remlog.online/?JbPD9t=E5aoWG
referrer-policy
unsafe-url
server
nginx
via
1.1 google
/
0nline.remlog.online/
Redirect Chain
  • https://0nline.remlog.online/?JbPD9t=E5aoWG
  • https://0nline.remlog.online/?JbPD9t=E5aoWG
232 KB
77 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0nline.remlog.online/?JbPD9t=E5aoWG
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
d1445eb7f463a157e4265fb6fc2993d06407a53e7c08dbf1f995251748d2399e

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://0nline.remlog.online
Referer
https://0nline.remlog.online/?JbPD9t=E5aoWG
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 20 Feb 2024 18:44:52 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://541e83b5-fd124bf1.remlog.online/api/report?catId=GW+estsfd+dub2"}]}
server
nginx
vary
Accept-Encoding Accept-Encoding
x-ms-ests-server
2.1.17338.6 - NEULR1 ProdSlices
x-ms-request-id
5c89c472-0262-4726-809b-80bdd5d13300

Redirect headers

content-type
text/html; charset=utf-8
date
Tue, 20 Feb 2024 18:44:51 GMT
location
https://0nline.remlog.online/?JbPD9t=E5aoWG
server
nginx
BssoInterrupt_Core_GOwG3D936OfJ_-lzWtiHhg2.js
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/ 		138 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/BssoInterrupt_Core_GOwG3D936OfJ_-lzWtiHhg2.js
Requested by
Host: 0nline.remlog.online
URL: https://0nline.remlog.online/?JbPD9t=E5aoWG
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
996467ca83e792e5b4cb9b12b4b31dbf8fd018d82fd86bba0e8e05513917e567

Request headers

Referer
https://0nline.remlog.online/
Origin
https://0nline.remlog.online
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:53 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Wed, 24 Jan 2024 06:42:40 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184453Z-y03zxrm5yh4dp5gg8k7rqzgm0c00000002qg000000006h67
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f81f127d-a01e-0028-11aa-622cbc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
Primary Request /
0nline.remlog.online/ 		249 KB
83 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Requested by
Host: adeb15c4-fd124bf1.remlog.online
URL: https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/BssoInterrupt_Core_GOwG3D936OfJ_-lzWtiHhg2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
5a81320d69e0b99fb3bc286e84d788ecd3ac56d301428d4c2781e34a2841c1a7

Request headers

Referer
https://0nline.remlog.online/?JbPD9t=E5aoWG
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 20 Feb 2024 18:44:53 GMT
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://541e83b5-fd124bf1.remlog.online/api/report?catId=GW+estsfd+dub2"}]}
server
nginx
vary
Accept-Encoding Accept-Encoding
x-ms-ests-server
2.1.17338.6 - WEULR1 ProdSlices
x-ms-request-id
414620cc-b42c-4744-9423-ecba4af45400
Me.htm
l1ve.remlog.online/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://l1ve.remlog.online/Me.htm?v=3
Requested by
Host: 0nline.remlog.online
URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0nline.remlog.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
adeb15c4-fd124bf1.remlog.online/ests/2.1/content/cdnbundles/ 		110 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://adeb15c4-fd124bf1.remlog.online/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
Requested by
Host: 0nline.remlog.online
URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
4b01a0a34ce8ed4bc8a8713be0442d49da6a756236b7b4424622ca3dee820f41

Request headers

Referer
https://0nline.remlog.online/
Origin
https://0nline.remlog.online
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:54 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Wed, 27 Dec 2023 18:18:12 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184454Z-u0wa0kk9ft6h9369mu7dr8tnqc00000002sg0000000069x6
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
4014a7c0-d01e-0063-0fc6-62daba000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ConvergedLogin_PCore_1Zpn0Z4VlomFI1SEVRlEPA2.js
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/ 		424 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/ConvergedLogin_PCore_1Zpn0Z4VlomFI1SEVRlEPA2.js
Requested by
Host: 0nline.remlog.online
URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
483be47dcd4c5f438324114c5551896522bea9987052689d059f72222d6753b2

Request headers

Referer
https://0nline.remlog.online/
Origin
https://0nline.remlog.online
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:54 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Mon, 29 Jan 2024 22:12:47 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184454Z-5av2ye7ayp3fhe6kmkb5qf8em400000005pg00000001spf5
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
4b837571-201e-001c-6109-62a1a5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
ux.converged.login.strings-de.min_uesj5bztg-br9z_t0dg5ma2.js
adeb15c4-fd124bf1.remlog.online/ests/2.1/content/cdnbundles/ 		60 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adeb15c4-fd124bf1.remlog.online/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_uesj5bztg-br9z_t0dg5ma2.js
Requested by
Host: 0nline.remlog.online
URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
3edebd011bfb3867959dd273407a9ef8646434809ba8f8b11badfe69448fb55b

Request headers

Referer
https://0nline.remlog.online/
Origin
https://0nline.remlog.online
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:54 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Fri, 26 Jan 2024 21:44:14 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184454Z-43zw4np5996kb6xy8unk1neu4400000005pg00000001b1h0
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0dc496e0-701e-0011-470b-627ebe000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
convergedlogin_pcustomizationloader_c57d8edbe8c51c19f5ff.js
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/asyncchunk/ 		219 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_c57d8edbe8c51c19f5ff.js
Requested by
Host: adeb15c4-fd124bf1.remlog.online
URL: https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/ConvergedLogin_PCore_1Zpn0Z4VlomFI1SEVRlEPA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
316eac27803c5e2f059212497e5bd0407889b5f0e86c4939b5340aa5ab889657

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0nline.remlog.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:55 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Mon, 29 Jan 2024 22:12:35 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184455Z-zxsxe68a4d1a515wmxq7pvby3g000000037g00000000dvne
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ab558b2d-301e-0029-423c-6107be000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
Prefetch.aspx
0f32ca53-fd124bf1.remlog.online/Prefetch/ Frame 2FF6 		1 KB
975 B 		Document
General
Check archive.org
Download Go to
Full URL
https://0f32ca53-fd124bf1.remlog.online/Prefetch/Prefetch.aspx
Requested by
Host: adeb15c4-fd124bf1.remlog.online
URL: https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/ConvergedLogin_PCore_1Zpn0Z4VlomFI1SEVRlEPA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

Request headers

Referer
https://0nline.remlog.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-headers
*
access-control-allow-origin
*
cache-control
no-store, no-cache
content-encoding
gzip
content-type
text/html
date
Tue, 20 Feb 2024 18:44:55 GMT
server
nginx
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
x-msedge-ref
Ref A: 13BE2E1C8A784C2CA84F3081EE3A28D0 Ref B: AMS231032603047 Ref C: 2024-02-20T18:44:55Z
x-ua-compatible
IE=Edge
2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0nline.remlog.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:55 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:46 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184455Z-ddbaq7ncqx4w10evhkk8bqf2dg000000061000000000qrs7
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
450591dd-001e-000e-0727-614783000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.110.52.77 Amsterdam, Netherlands, ASN9009 (M247, RO),
Reverse DNS
Software
nginx /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://0nline.remlog.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 20 Feb 2024 18:44:55 GMT
content-encoding
gzip
x-cache
TCP_HIT
x-fd-int-roxy-purgeid
4554691
x-ms-lease-status
unlocked
last-modified
Wed, 24 May 2023 10:11:48 GMT
server
nginx
vary
Accept-Encoding
x-azure-ref
20240220T184455Z-xnt854br6h3rfbrww6qg45k5pn00000004tg00000000afbn
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
86556660-201e-0030-70ca-61c48f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
convergedlogin_pstringcustomizationhelper_4152973e84228feee7fd.js
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/asyncchunk/ 		0
0
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adeb15c4-fd124bf1.remlog.online
URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4152973e84228feee7fd.js
Domain
adeb15c4-fd124bf1.remlog.online
URL
https://adeb15c4-fd124bf1.remlog.online/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ function| a0_0x459f function| a0_0x3ed1

5 Cookies

Domain/Path Name / Value
.bit.ly/ Name: _bit
Value: o1kiIO-c7b5f972ca705b0648-00K
.remlog.online/ Name: Gy7imm
Value: "ZmQxMjRiZjEtZGE2Yy00ZDgxLWI1NzAtZThiMmZkMmNjNzIwOjJlODkxMDk4LTkyYjktNDZmMy1iMDc0LWFjOWNiN2FlOWM4OA=="
.0nline.remlog.online/ Name: AADSSO
Value: NA|NoExtension
0nline.remlog.online/ Name: SSOCOOKIEPULLED
Value: 1
.0nline.remlog.online/ Name: brcap
Value: 0

2 Console Messages

Source Level URL
Text
network error URL: https://0nline.remlog.online/?JbPD9t=E5aoWG&sso_reload=true(Line 75)
Message:
WebSocket connection to 'wss://0nline.remlog.online/websocket/hook/?Gy7imm=ZmQxMjRiZjFkYTZjNGQ4MWI1NzBlOGIyZmQyY2M3MjA=' failed: Error during WebSocket handshake: Unexpected response code: 503
network error URL: https://0f32ca53-fd124bf1.remlog.online/Prefetch/Prefetch.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff