ocprq.cn-composite.com Open in urlscan Pro
87.120.115.37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://auth.cn-composite.com/events/Upuw4
Effective URL:
https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3...
Submission: On October 29 via manual (October 29th 2024, 9:44:44 am UTC) from ES — Scanned from ES

Summary HTTP 15 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 87.120.115.37, located in Bulgaria and belongs to EKABI, US. The main domain is ocprq.cn-composite.com.
TLS certificate: Issued by R11 on October 25th 2024. Valid for: 3 months.

This is the only time ocprq.cn-composite.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
3 18	87.120.115.37 87.120.115.37		401115 (EKABI) (EKABI)
15	1

18 87.120.115.37 (Bulgaria) 3 redirects

ASN401115 (EKABI, US)

auth.cn-composite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ocprq.cn-composite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hefbew.cn-composite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ocqprs.cn-composite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
htejre.cn-composite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	cn-composite.com 3 redirects auth.cn-composite.com ocprq.cn-composite.com hefbew.cn-composite.com ocqprs.cn-composite.com htejre.cn-composite.com	1 MB
15	1

	Domain	Requested by
12	htejre.cn-composite.com	ocprq.cn-composite.com htejre.cn-composite.com
2	ocqprs.cn-composite.com	ocprq.cn-composite.com htejre.cn-composite.com
2	ocprq.cn-composite.com	1 redirects
1	hefbew.cn-composite.com	1 redirects
1	auth.cn-composite.com	1 redirects
15	5

This site contains links to these domains. Also see Links.

Domain
ocqprs.cn-composite.com
www.microsoft.com
privacy.microsoft.com

Subject Issuer	Validity	Valid
ocprq.cn-composite.com R11	`2024-10-25` - `2025-01-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0
Frame ID: 0AA373E84D9405C1EE46F14B82EECF41
Requests: 14 HTTP requests in this frame

Frame: https://ocqprs.cn-composite.com/Me.htm?v=3
Frame ID: 26BFF917B719E505EAEE0AD2DC4CB2D9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Iniciar sesión en la cuenta

Page URL History Show full URLs

https://auth.cn-composite.com/events/Upuw4 HTTP 302
https://ocprq.cn-composite.com/ HTTP 302
https://hefbew.cn-composite.com/login HTTP 302
https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&... Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

5
Subdomains

1
IPs

1
Countries

1225 kB
Transfer

1213 kB
Size

14
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://ocqprs.cn-composite.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fhefbew.cn-composite.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fhefbew.cn-composite.com%2flandingv2&response_type=code+id_token&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&x-client-SKU=ID_NET8_0&x-client-Ver=7.5.1.0&uaid=c85a6202bf834e5b98cb3ca0bb0fb241&msproxy=1&issuer=mso&tenant=common&ui_locales=es-ES&signup=1&lw=1&fl=easi2&epct=PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe4qxqwIyVlAYB8LCQF1gcYgrCRosKCKfwsxFXZMJOkz4afnR-xlJQKeMr_CravAgLaOveIdiwcBDqoxH63143zWs5R7MVwtWLG8ezzawUU5A2iYyOst2D0LPe4inY_D-OIR_-a4ZUxJ72GLcvjm-I7iypFARGjp_eP1JuhG4p73EKLSSNG22mPyoJ30zEcyLN-1Pegf_eaM7U6wnXYujiuiAA&jshs=0
Title: Cree una

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/es-ES/servicesagreement/
Title: Términos de uso

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/es-ES/privacystatement
Title: Privacidad y cookies

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://auth.cn-composite.com/events/Upuw4 HTTP 302
https://ocprq.cn-composite.com/ HTTP 302
https://hefbew.cn-composite.com/login HTTP 302
https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request authorize Show response ocprq.cn-composite.com/common/oauth2/v2.0/ Redirect Chain https://auth.cn-composite.com/events/Upuw4 https://ocprq.cn-composite.com/ https://hefbew.cn-composite.com/login https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=...	45 KB 47 KB	391ms 253ms	Document text/html	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software / Resource Hash `91173ca40df9303fb2245122e07b312d29fa4e6ed605f308f13842de9e78787b` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache Connection close Content-Type text/html; charset=utf-8 Date Tue, 29 Oct 2024 09:44:37 GMT Expires -1 Link <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msftauth.net>; rel=dns-prefetch,<https://aadcdn.msauth.net>; rel=dns-prefetch Nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} P3p CP="DSP CUR OTPi IND OTRi ONL FIN" Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Report-To {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+dub2"}]} Transfer-Encoding chunked Vary Accept-Encoding X-Dns-Prefetch-Control on X-Ms-Clitelem 1,0,0,, X-Ms-Ests-Server 2.1.19267.5 - FRC ProdSlices X-Ms-Request-Id 1ff197c6-59af-4036-98e3-458cb5ef0b00 X-Ms-Srs 1.P Redirect headers Connection close Content-Encoding gzip Content-Type text/html; charset=utf-8 Date Tue, 29 Oct 2024 09:44:38 GMT Location https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Referrer-Policy strict-origin-when-cross-origin Request-Context appId= Transfer-Encoding chunked Vary Accept-Encoding X-Cache CONFIG_NOCACHE X-Msedge-Ref Ref A: 8EE9EDCA48AD42F6A221618C6ED49E86 Ref B: AMS231032603033 Ref C: 2024-10-29T09:44:38Z X-Ua-Compatible IE=edge,chrome=1
GET H/1.1	200 OK	Me.htm ocqprs.cn-composite.com/	0 0	549ms 384ms	Other text/html	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://ocqprs.cn-composite.com/Me.htm?v=3 Requested by Host: ocprq.cn-composite.com URL: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers
GET H/1.1	200 OK	converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css htejre.cn-composite.com/ests/2.1/content/cdnbundles/	111 KB 111 KB	339ms 162ms	Stylesheet text/css	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css Requested by Host: ocprq.cn-composite.com URL: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (via/F2B7) / Resource Hash `68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 8N6amNvfqMAnQs5tkvslJA== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCDDAB171F8006 Age 2832230 X-Cache HIT Date Tue, 29 Oct 2024 09:44:38 GMT Content-Type text/css Last-Modified Wed, 25 Sep 2024 21:43:27 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 9a2cdec5-801e-00ff-6324-10fab1000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (via/F2B7)
GET H/1.1	200 OK	ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Show response htejre.cn-composite.com/shared/1.0/content/js/	439 KB 440 KB	838ms 661ms	Script application/x-javascript	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Requested by Host: ocprq.cn-composite.com URL: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (via/F2CA) / Resource Hash `4cd34557d0a214331d7970e5fe5ab5f9c362ecbc90f0f512f5c576253167c357` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 0mJaO3qA+eD2v9j9vu2xZA== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCE31CBFE0A3E9 Age 2276495 X-Cache HIT Date Tue, 29 Oct 2024 09:44:38 GMT Content-Type application/x-javascript Last-Modified Wed, 02 Oct 2024 19:59:39 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id ce235e81-a01e-005a-0d32-15e780000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (via/F2CA)
GET H/1.1	200 OK	ux.converged.login.strings-es.min_mo-a4cxdnpdhd7cqb2tynw2.js Show response htejre.cn-composite.com/ests/2.1/content/cdnbundles/	61 KB 62 KB	450ms 269ms	Script application/x-javascript	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-es.min_mo-a4cxdnpdhd7cqb2tynw2.js Requested by Host: ocprq.cn-composite.com URL: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/48BB) / Resource Hash `9357b2a7d0213211c5b204ff341558f08642313c2047f9d80fcf1af8f1a69ab6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 wr5wS4PHJSKqjl1KWrVBAw== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCC6D4DD9540FC Age 5312101 X-Cache HIT Date Tue, 29 Oct 2024 09:44:38 GMT Content-Type application/x-javascript Last-Modified Tue, 27 Aug 2024 20:14:33 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 0b043a4c-c01e-001a-2296-f9abf3000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/48BB)
GET H/1.1	200 OK	convergedlogin_pcustomizationloader_117b650bccea354984d8.js Show response htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/	397 KB 398 KB	979ms 726ms	Script application/x-javascript	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js Requested by Host: htejre.cn-composite.com URL: https://htejre.cn-composite.com/shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/48B0) / Resource Hash `da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 LT++1t3XGfzBv7UAthL87A== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCBD52F37806EC Age 6386949 X-Cache HIT Date Tue, 29 Oct 2024 09:44:40 GMT Content-Type application/x-javascript Last-Modified Thu, 15 Aug 2024 17:51:54 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 6d0a5c75-001e-002f-11d0-ef5905000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/48B0)
GET H/1.1	200 OK	favicon_a_eupayfgghqiai7k9sol6lg2.ico htejre.cn-composite.com/shared/1.0/content/images/	17 KB 17 KB	175ms 138ms	Other image/x-icon	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/48B2) / Resource Hash `90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 EuPayFgGHQiAI7K9SOL6lg== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8D8731240E548EB Age 18940393 X-Cache HIT Date Tue, 29 Oct 2024 09:44:40 GMT Content-Type image/x-icon Last-Modified Sun, 18 Oct 2020 03:02:30 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id d65caf55-e01e-0001-20a4-7d7124000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/48B2)
GET H/1.1	200 OK	convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js Show response htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/	15 KB 16 KB	309ms 164ms	Script application/x-javascript	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js Requested by Host: htejre.cn-composite.com URL: https://htejre.cn-composite.com/shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/48F0) / Resource Hash `bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 betEqf4nMmbvq8MhS5mLoA== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCBD52F3A242D0 Age 6095102 X-Cache HIT Date Tue, 29 Oct 2024 09:44:41 GMT Content-Type application/x-javascript Last-Modified Thu, 15 Aug 2024 17:51:55 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 5deca541-d01e-009b-1b77-f24062000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/48F0)
GET H/1.1	200 OK	marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif htejre.cn-composite.com/shared/1.0/content/images/	3 KB 3 KB	292ms 139ms	Image image/gif	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Show image Full URL https://htejre.cn-composite.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/4884) / Resource Hash `a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 Fm3lNHEmUlOrOkVt7+baIw== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5C3F4982FD30 Age 18940537 X-Cache HIT Date Tue, 29 Oct 2024 09:44:41 GMT Content-Type image/gif Last-Modified Wed, 24 May 2023 10:11:48 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id f4790c9e-501e-0002-09a3-7d0c22000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/4884)
GET H/1.1	200 OK	marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif htejre.cn-composite.com/shared/1.0/content/images/	4 KB 4 KB	290ms 136ms	Image image/gif	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Show image Full URL https://htejre.cn-composite.com/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/4893) / Resource Hash `8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 tUCo5RgDcZLjLE/li/Lbqw== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5C3F492F3EE5 Age 18940464 X-Cache HIT Date Tue, 29 Oct 2024 09:44:41 GMT Content-Type image/gif Last-Modified Wed, 24 May 2023 10:11:48 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 7e0f4db5-d01e-005e-77a3-7d9b08000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/4893)
GET H/1.1	200 OK	2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg htejre.cn-composite.com/shared/1.0/content/images/backgrounds/	2 KB 3 KB	308ms 161ms	Image image/svg+xml	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Show image Full URL https://htejre.cn-composite.com/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/488B) / Resource Hash `0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 DhdidjYrlCeaRJJRG/y9mA== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5C3F466DE917 Age 18940373 X-Cache HIT Date Tue, 29 Oct 2024 09:44:41 GMT Content-Type image/svg+xml Last-Modified Wed, 24 May 2023 10:11:43 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 941671c7-b01e-00b4-62a4-7d806a000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/488B)
GET H/1.1	200 OK	microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg htejre.cn-composite.com/shared/1.0/content/images/	4 KB 4 KB	288ms 141ms	Image image/svg+xml	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Show image Full URL https://htejre.cn-composite.com/shared/1.0/content/images/microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/4889) / Resource Hash `04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 nzaLxFgP7ZB3dfMcaybWzw== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5C3F495F4B8C Age 18940566 X-Cache HIT Date Tue, 29 Oct 2024 09:44:41 GMT Content-Type image/svg+xml Last-Modified Wed, 24 May 2023 10:11:48 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 4e8f133c-301e-0080-1ba3-7d0d73000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/4889)
GET H/1.1	200 OK	Me.htm Show response ocqprs.cn-composite.com/ Frame 26BF	3 KB 4 KB	495ms 357ms	Document text/html	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://ocqprs.cn-composite.com/Me.htm?v=3 Requested by Host: htejre.cn-composite.com URL: https://htejre.cn-composite.com/shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software / Resource Hash `746bc7ae28fbf05af86b94029d93f71a9f514a53530a4de60638276bc5e0d732` Request headers Referer https://ocprq.cn-composite.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers Cache-Control max-age=315360000 Connection close Content-Type text/html; charset=utf-8 Date Tue, 29 Oct 2024 09:44:40 GMT Expires Fri, 27 Oct 2034 09:44:41 GMT P3p CP="DSP CUR OTPi IND OTRi ONL FIN" Ppserver PPV: 30 H: SN1PEPF0002F05E V: 0 Referrer-Policy strict-origin-when-cross-origin Transfer-Encoding chunked Vary Accept-Encoding X-Ms-Request-Id c57dcebc-0dc0-462c-9b26-558fb62b48c0 X-Ms-Route-Info C507_SN1
GET H/1.1	200 OK	convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js Show response htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/	111 KB 112 KB	464ms 323ms	Script application/x-javascript	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Full URL https://htejre.cn-composite.com/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js Requested by Host: htejre.cn-composite.com URL: https://htejre.cn-composite.com/shared/1.0/content/js/ConvergedLogin_PCore_QLF_8apNRJD3OCol8jwtxw2.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/488C) / Resource Hash `ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 07aumYbfJEqwNBLMcAM10A== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCBD52F42903D2 Age 6386951 X-Cache HIT Date Tue, 29 Oct 2024 09:44:42 GMT Content-Type application/x-javascript Last-Modified Thu, 15 Aug 2024 17:51:56 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id db198a1e-c01e-00c1-4cd0-ef6dce000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/488C)
GET H/1.1	200 OK	signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg htejre.cn-composite.com/shared/1.0/content/images/	2 KB 2 KB	279ms 138ms	Image image/svg+xml	87.120.115.37 EKABI
General Check archive.org Show headers Download Go to Show image Full URL https://htejre.cn-composite.com/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 87.120.115.37 , Bulgaria, ASN401115 (EKABI, US), Reverse DNS Software ECAcc (ama/48ED) / Resource Hash `8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://ocprq.cn-composite.com/ Response headers Content-Md5 R2FAVxfpONfnQAuxVxXbHg== Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5C3F4BB4F03C Age 18940435 X-Cache HIT Date Tue, 29 Oct 2024 09:44:42 GMT Content-Type image/svg+xml Last-Modified Wed, 24 May 2023 10:11:52 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 43cefdc3-f01e-00c8-3ea4-7d8673000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob Server ECAcc (ama/48ED)

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cn-composite.com/	1970-01-21 00:36:38	Name: ltit Value: 737a04749f03f3d2771cb8782d594fc923881dfa6eb25ba406bc423e97bc7d66
ocprq.cn-composite.com/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
ocprq.cn-composite.com/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
hefbew.cn-composite.com/	1970-01-21 00:37:03	Name: OH.DCAffinity Value: OH-weu
hefbew.cn-composite.com/	1970-01-21 09:22:11	Name: OH.FLID Value: add900ea-fc30-48f6-aaed-1fe15b535362
hefbew.cn-composite.com/	1970-01-21 00:36:35	Name: .AspNetCore.OpenIdConnect.Nonce.XKkecZCmyWVd5WboEDNnrTEN5KJIr5Q2DMd8yrSQdeF5XaY1LSWJ3rLhpw_O5JbCoRAJvL-IL6cxzMCn05YLcyL0cUSBs5NUZrZ7wRSZed5yyaSb95sIpVXkoBbi4ZJaRQzY4fC28GL-MYHbmv5QP7hth1WFmrGuLqo5gIThB9-dR6IaeamZYBSn6PdCoDfILCKqKMI-5-rZ9dxHhajmMRgx2k-q2zeV_d5z8U4kJuk4c7v0wdjuews3T0rKOz96 Value: N
hefbew.cn-composite.com/	1970-01-21 00:36:35	Name: .AspNetCore.Correlation.PntAV-ft4tiWnFW4dSawdwSSaBwDOCWv_0GoefY-Hr8 Value: N
.cn-composite.com/	1970-01-21 09:58:11	Name: MUID Value: 0C6796FA749760241B8583DD751C6170
ocprq.cn-composite.com/	1970-01-21 01:19:47	Name: buid Value: 0.ASEAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeEefW0Lj43Gr2roaBsea6_XE_BXKoJj-IfvUUio_LMtsrp-ThFwH1hTwvavJ8mDDvqaGA6dij9SPZJDfNNsvnAU-yjp87EtSev_YvDaIKe64gAA
.ocprq.cn-composite.com/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeLp5Ra_Nz8WPAW3tCQ6nm8Xeg98pc6fd5b4ky3qetEchRl95jO0Xxz6WHjGAPMf5ylkZvzNKChhCoHJcq4lBGnpHGq1I8BbzrCU5CCS2Ld7TTtmlaVdu8RrQoPSv8VxoEboVTF1e4-2V-GDVgVVWB_eCOld1-DSd2INbWBap9jC4gAA
.ocprq.cn-composite.com/	1969-12-31 23:59:59	Name: esctx-MMXNf0SV9g Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFeCh7_ozirquUOyJBS0EW6LO2K6TDwP5g4TjzXt8HeFN6ypMIPFyPy2XK5udJEr9bVtKWxe1GtYf0EXaalYjH29ZzBi_UqhgOc7AdjQokVVAC8dHJXiv5I5p98bO69nTGpZ7cDf5jnfviA0t7eRUE7XiAA
ocprq.cn-composite.com/	1970-01-21 01:19:47	Name: fpc Value: Agz32hY6--xAuwi5UViANd68Ae7AAQAAAIWlst4OAAAA
.ocprq.cn-composite.com/	1970-01-21 09:58:11	Name: brcap Value: 0
.ocqprs.cn-composite.com/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1730195081&co=2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ocprq.cn-composite.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638657918781579176.YzY2ZWExZWUtNjIwYi00OTg0LTgzNTEtYjFkOTgxYzU1ZDE0ZWMyZWIwZmUtYTg1ZS00YzdmLWI5YjctOTFiYzI2MTVlMDBk&ui_locales=es-ES&mkt=es-ES&client-request-id=c85a6202-bf83-4e5b-98cb-3ca0bb0fb241&state=r76iarBsacj1kqv-3k1vCHlOaj66xtUJ4NU2JalwZw--7YrVRNfHAC3wmFLZnw7KA6jS4rHwxYM8O8GQaH9JH5XwuYhmWMAJ5T5yPzHiG0LFAa7rXUEVf9j4oErom3jYhdLV65p0zhjK4XMkWxQdVg0Kx32UK7pthvHAbCB0gd82kv1SEU8nMi8F37K1QcIR0j550WG4NovnSiwOfLPoRwKz1veaSTkTmb2i20mnZ9_QCIzcrK5wGpPgQdXdzTf0BL2ptN-S5xBVbxicM7pqUw&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.cn-composite.com
hefbew.cn-composite.com
htejre.cn-composite.com
ocprq.cn-composite.com
ocqprs.cn-composite.com
87.120.115.37
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
4cd34557d0a214331d7970e5fe5ab5f9c362ecbc90f0f512f5c576253167c357
68c2994e21a564345eb3b4091dd2334c9cbddb0aecda45ee963c6de2e1629b93
746bc7ae28fbf05af86b94029d93f71a9f514a53530a4de60638276bc5e0d732
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
91173ca40df9303fb2245122e07b312d29fa4e6ed605f308f13842de9e78787b
9357b2a7d0213211c5b204ff341558f08642313c2047f9d80fcf1af8f1a69ab6
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ocprq.cn-composite.com Open in urlscan Pro 87.120.115.37 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

15 Requests

100 %HTTPS

0 %IPv6

1 Domains

5 Subdomains

1 IPs

1 Countries

1225 kBTransfer

1213 kBSize

14 Cookies

3 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

14 Cookies

1 Console Messages

Indicators

ocprq.cn-composite.com Open in urlscan Pro
87.120.115.37 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

5
Subdomains

1
IPs

1
Countries

1225 kB
Transfer

1213 kB
Size

14
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!