l0g1n-microso.frnline.com
Open in
urlscan Pro
52.178.143.13
Malicious Activity!
Public Scan
Submission: On June 10 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 9th 2023. Valid for: 3 months.
This is the only time l0g1n-microso.frnline.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.178.143.13 52.178.143.13 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 8 | 2606:4700::68... 2606:4700::6812:6b9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 104.16.169.131 104.16.169.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 13.225.78.127 13.225.78.127 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.138.17.98 108.138.17.98 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 5 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
l0g1n-microso.frnline.com |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
hcaptcha.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-127.fra2.r.cloudfront.net
findicons.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-98.fra56.r.cloudfront.net
images.freeimages.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 5410 |
127 KB |
6 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 13863 newassets.hcaptcha.com — Cisco Umbrella Rank: 12013 hcaptcha.com — Cisco Umbrella Rank: 7935 |
264 KB |
1 |
freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 233187 |
598 B |
1 |
findicons.com
1 redirects
findicons.com — Cisco Umbrella Rank: 531679 |
304 B |
1 |
frnline.com
l0g1n-microso.frnline.com |
22 KB |
17 | 5 |
Domain | Requested by | |
---|---|---|
8 | challenges.cloudflare.com |
1 redirects
l0g1n-microso.frnline.com
challenges.cloudflare.com |
4 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
1 | hcaptcha.com |
newassets.hcaptcha.com
|
1 | images.freeimages.com |
l0g1n-microso.frnline.com
|
1 | findicons.com | 1 redirects |
1 | js.hcaptcha.com |
l0g1n-microso.frnline.com
|
1 | l0g1n-microso.frnline.com | |
17 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.frnline.com R3 |
2023-06-09 - 2023-09-07 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-15 - 2024-04-14 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://l0g1n-microso.frnline.com/o365
Frame ID: 18BA382C5A87F4D5882EF6162AB789F7
Requests: 4 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4k736/0x4AAAAAAAF8MwF5t1X_R071/auto/normal
Frame ID: 3F5A8BFF6B1C460CC33114F3DA66B31E
Requests: 8 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/403f0b2/static/hcaptcha.html
Frame ID: 20A4A5A171A52DD66C9F31FD6E7506D7
Requests: 2 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/403f0b2/static/hcaptcha.html
Frame ID: 73510D2F35DB4DC0CBA633C7EB958C5C
Requests: 4 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/b/5da7637f/api.js?onload=onloadTurnstileCallback
- https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
- https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
o365
l0g1n-microso.frnline.com/ |
22 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/b/5da7637f/ Redirect Chain
|
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
309 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/ Redirect Chain
|
254 B 598 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/4k736/0x4AAAAAAAF8MwF5t1X_R071/auto/ Frame 3F5A |
24 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/403f0b2/static/ Frame 20A4 |
2 KB 804 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/403f0b2/static/ Frame 7351 |
2 KB 1004 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/ Frame 3F5A |
169 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/403f0b2/ Frame 7351 |
309 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/403f0b2/ Frame 20A4 |
309 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 7351 |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
hcaptcha.com/ Frame 7351 |
853 B 1019 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
51fcc3ef7f4cc05
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/193175086:1686356485:pEMIn0awdV6pEcigHnSAU3bmdI54IeTmLhfpC6TbMxA/7d4d8469dfeb5b2c/ Frame 3F5A |
102 KB 51 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
ac84dfcb-dbf3-4663-b438-1a579954a2fb
https://challenges.cloudflare.com/ Frame 3F5A |
656 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
c2f3db46-b21d-43b8-b51d-a7746c8144d0
https://challenges.cloudflare.com/ Frame 3F5A |
220 B 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
JOpnlDJDyYSlzI2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7d4d8469dfeb5b2c/1686357147400/ Frame 3F5A |
61 B 147 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
y6AI2qkshaLaCn0
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7d4d8469dfeb5b2c/1686357147402/3078d032911072566fd53556c8827dbb7e7c4f92c6e39c5ecb1a0f6949ea49f9/ Frame 3F5A |
1 B 627 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
51fcc3ef7f4cc05
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/193175086:1686356485:pEMIn0awdV6pEcigHnSAU3bmdI54IeTmLhfpC6TbMxA/7d4d8469dfeb5b2c/ Frame 3F5A |
620 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless object| onbeforetoggle object| onscrollend function| verifyCallback_CF function| verifyCallback_hCaptcha function| validateElement function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| turnstile object| Raven object| hcaptcha object| grecaptcha number| ticker0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
challenges.cloudflare.com
findicons.com
hcaptcha.com
images.freeimages.com
js.hcaptcha.com
l0g1n-microso.frnline.com
newassets.hcaptcha.com
104.16.169.131
108.138.17.98
13.225.78.127
2606:4700::6812:6b9
52.178.143.13
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
2760f96d3b7629100aee1cb3ec7c47a3b6f0dee1152c339dc91a6fd67cb87887
3d731e3189937ce54fcbf5a90cb5e2fe20ba2f931576536e9feb29cbe949fb9c
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
762744097f43f00e2cc72fbf15d6d6a8f9ea9c99b5e77a9494af30876dece44b
7e092be2b2a37f2b40a4535ba070399ac96e1205b42f087fa09e6fba2f3804cf
7e2a5bd4bbcde2379083d59a974ed0071f12a6422c294b521833962e1cd00319
87ca1b4e2fee3a85fc9e26b4b97d8c660b7fab026d975d50fb2cbf658e58dcb4
a6d4bf234ed13e4835c45347e6be1bbeed947e943842943650688e2e395a7e81
c8f094460f6f05389fb49294b45612c51243bd0aa4a95a7d92cfd05ab1d058e8
d3d87cc7ab3d9837c79ddbaa9b43910ace753580902b7baf13f94569bc795f5d
d6b64601f895bed389aa525bed33990514b3ea089b51569aaf245f9479caeac8
e41277bd48cc271455c85a90d1458c60265604cb04fcd58fc06436741d3d8c7c
e8deb706778356c5ce48ddbc95684c586669274ecc01d065998a220274d0aa2c