ocprq.striscia.org
Open in
urlscan Pro
199.192.27.192
Malicious Activity!
Public Scan
Effective URL: https://ocprq.striscia.org/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission: On August 06 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R10 on July 22nd 2024. Valid for: 3 months.
This is the only time ocprq.striscia.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 16 | 199.192.27.192 199.192.27.192 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
7 | 2a02:26f0:710... 2a02:26f0:7100::687e:251b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
22 | 3 |
ASN22612 (NAMECHEAP-NET, US)
meheff.striscia.org | |
mejeff.striscia.org | |
ocprq.striscia.org | |
hrvetbr.striscia.org | |
jrhte.striscia.org | |
htejre.striscia.org |
ASN20940 (AKAMAI-ASN1, NL)
r4.res.office365.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
striscia.org
2 redirects
meheff.striscia.org mejeff.striscia.org ocprq.striscia.org hrvetbr.striscia.org jrhte.striscia.org htejre.striscia.org |
1 MB |
7 |
office365.com
r4.res.office365.com — Cisco Umbrella Rank: 248 |
688 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
10 | jrhte.striscia.org |
ocprq.striscia.org
jrhte.striscia.org |
7 | r4.res.office365.com |
mejeff.striscia.org
|
2 | mejeff.striscia.org |
1 redirects
jrhte.striscia.org
|
1 | htejre.striscia.org |
jrhte.striscia.org
|
1 | hrvetbr.striscia.org |
ocprq.striscia.org
|
1 | ocprq.striscia.org | |
1 | meheff.striscia.org | 1 redirects |
22 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
mejeff.striscia.org |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ocprq.striscia.org R10 |
2024-07-22 - 2024-10-20 |
3 months | crt.sh |
*.res.outlook.com DigiCert SHA2 Secure Server CA |
2024-02-20 - 2025-02-20 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ocprq.striscia.org/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=33aedb69-aa23-c01b-dde3-3a842d8ef781&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638585407162493229.87b9f0dd-3604-4b83-ad01-003a645cb617&state=DctBEoAgCEBRzOk4JAoCHkdz2rbs-rF4f_cTAORwhEQRMGXv3oWsapPBrY3LbY2H9kZWEpTljHNTRSKeKv1eWi3Fe5b3m-UH
Frame ID: 224ABD593BB75090597DCAFEAE57C5BC
Requests: 14 HTTP requests in this frame
Frame:
https://mejeff.striscia.org/owa/prefetch.aspx
Frame ID: 1A1626BC1111A779CFC549F2EAF6E17A
Requests: 8 HTTP requests in this frame
Screenshot
Page Title
Bei Outlook anmeldenPage URL History Show full URLs
-
https://meheff.striscia.org/gtEXtUaI
HTTP 302
https://mejeff.striscia.org/owa/ HTTP 302
https://ocprq.striscia.org/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Erstellen Sie jetzt eins!
Search URL Search Domain Scan URL
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutz und Cookies
Search URL Search Domain Scan URL
Title: Haftungsausschluss
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://meheff.striscia.org/gtEXtUaI
HTTP 302
https://mejeff.striscia.org/owa/ HTTP 302
https://ocprq.striscia.org/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=33aedb69-aa23-c01b-dde3-3a842d8ef781&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638585407162493229.87b9f0dd-3604-4b83-ad01-003a645cb617&state=DctBEoAgCEBRzOk4JAoCHkdz2rbs-rF4f_cTAORwhEQRMGXv3oWsapPBrY3LbY2H9kZWEpTljHNTRSKeKv1eWi3Fe5b3m-UH Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
authorize
ocprq.striscia.org/common/oauth2/ Redirect Chain
|
44 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
hrvetbr.striscia.org/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
jrhte.striscia.org/ests/2.1/content/cdnbundles/ |
111 KB 112 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ConvergedLogin_PCore_rvcgQIW8sBUbuWPuM-EIeA2.js
jrhte.striscia.org/shared/1.0/content/js/ |
439 KB 440 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ux.converged.login.strings-de.min_zwemwkpuyugjstly9tezhq2.js
jrhte.striscia.org/ests/2.1/content/cdnbundles/ |
61 KB 61 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
jrhte.striscia.org/shared/1.0/content/js/asyncchunk/ |
397 KB 398 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch.aspx
mejeff.striscia.org/owa/ Frame 1A16 |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.0.mouse.js
r4.res.office365.com/owa/prem/15.20.7828.27/scripts/ Frame 1A16 |
648 KB 176 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.1.mouse.js
r4.res.office365.com/owa/prem/15.20.7828.27/scripts/ Frame 1A16 |
644 KB 160 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.2.mouse.js
r4.res.office365.com/owa/prem/15.20.7828.27/scripts/ Frame 1A16 |
647 KB 166 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.3.mouse.js
r4.res.office365.com/owa/prem/15.20.7828.27/scripts/ Frame 1A16 |
645 KB 142 KB |
Stylesheet
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite1.mouse.png
r4.res.office365.com/owa/prem/15.20.7828.27/resources/images/0/ Frame 1A16 |
132 B 327 B |
Stylesheet
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite1.mouse.css
r4.res.office365.com/owa/prem/15.20.7828.27/resources/images/0/ Frame 1A16 |
994 B 503 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boot.worldwide.mouse.css
r4.res.office365.com/owa/prem/15.20.7828.27/resources/styles/0/ Frame 1A16 |
227 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
jrhte.striscia.org/shared/1.0/content/images/appbackgrounds/ |
987 B 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
49_6ffe0a92d779c878835b40171ffc2e13.jpg
jrhte.striscia.org/shared/1.0/content/images/appbackgrounds/ |
17 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
53_7a3c80bf9694448bac31a9589d2e9e92.png
jrhte.striscia.org/shared/1.0/content/images/applogos/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
jrhte.striscia.org/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
jrhte.striscia.org/shared/1.0/content/js/asyncchunk/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
jrhte.striscia.org/shared/1.0/content/images/ |
17 KB 18 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
jrhte.striscia.org/shared/1.0/content/images/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
htejre.striscia.org/shared/1.0/content/js/asyncchunk/ |
16 KB 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- jrhte.striscia.org
- URL
- https://jrhte.striscia.org/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_92013fd9f2f609d397ae.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ function| lp function| _0x410e92 function| _0x5778 function| _0x4864 function| checkElement3 function| checkElement function| checkElement2 boolean| __convergedlogin_pcustomizationloader_6c7dc46bb93924417b5715 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.striscia.org/ | Name: qihB Value: 9e168a6b8feb1aed0abfa1d964f8160705eb7488896f6ac90231ab0fc6479e1d |
|
mejeff.striscia.org/ | Name: ClientId Value: A387EB94A089442F877B76A6DB77378A |
|
mejeff.striscia.org/ | Name: OIDC Value: 1 |
|
mejeff.striscia.org/ | Name: OpenIdConnect.nonce.v3.Jx8HO43XijT1LXR1DxS6vZ6uPoVhxq3SyEd9cl3oxa0 Value: 638585407162493229.87b9f0dd-3604-4b83-ad01-003a645cb617 |
|
mejeff.striscia.org/ | Name: X-OWA-RedirectHistory Value: ArLym14BLSmrYAu23Ag |
|
ocprq.striscia.org/ | Name: buid Value: 0.ARgAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYB9v6Q6Ky7xoZ_GYHjVTwH7j4LgN0kYUy0VmJJ3SZzKWE71OwsedqsUSVE0Gl8B7p961REKcrPYlss83LnshkqCRM-7SEiptw5CdpqDW9O1wgAA |
|
.ocprq.striscia.org/ | Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYjewf8FLP84PAESrTfWIUUPuziuZE1zUPBR6AkC1slO76NYDFBdQz1bWSS-WmTdkNtSzxdvMV4w01FquZodwwho-owJQk7KcZGOuqpQTrpwc3RikPA8aZE25uUScIcFrbMirt-o8aI7FHBKIOmSKpfhYk6lqc1woBibk1JfmLlNogAA |
|
.ocprq.striscia.org/ | Name: esctx-12CKAGKdE9M Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYRuald2ceQ6C6Jbfuetj68dKP1qKc08yZCqRPvAs8cIhHhCoPukJ62q2C0w99a9qwV9wTwW1M51SAyv1Dc4DPSoiB2FG06n8a0iBtLrMmtospI5knDXhg9tp1a5C8i6J1OTdX9FAM7XN0Cb1sHJgAkiAA |
|
ocprq.striscia.org/ | Name: fpc Value: ArN6h_zwE0FAv3cdbAQhltuerOTJAQAAAK0ARN4OAAAA |
|
ocprq.striscia.org/ | Name: x-ms-gateway-slice Value: estsfd |
|
ocprq.striscia.org/ | Name: stsservicecookie Value: estsfd |
|
.hrvetbr.striscia.org/ | Name: uaid Value: e2940ff1238c4374b333e296e2b12545 |
|
.hrvetbr.striscia.org/ | Name: MSPRequ Value: id=N<=1722943918&co=1 |
|
.ocprq.striscia.org/ | Name: brcap Value: 0 |
|
mejeff.striscia.org/ | Name: OWAPF Value: v:15.20.7828.27&l:mouse |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hrvetbr.striscia.org
htejre.striscia.org
jrhte.striscia.org
meheff.striscia.org
mejeff.striscia.org
ocprq.striscia.org
r4.res.office365.com
jrhte.striscia.org
199.192.27.192
2a02:26f0:7100::687e:251b
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
1ec87632ee58734951aa02813ef07ad377126a39a16f063c181519b98ffffc07
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
1f90c3543f5b76b8295a8d298dbce301d9c379027c128b47fda21e002638107f
37619b16288166cc76403f0b7df6586349b2d5628de00d5850c815d019b17904
3ab09a213eedd51a0eb0e4bc5e6e96c472032dd937420e7e233ea54775c7e024
54ad973664e5d7ea91ed5e8b1ee4c9d42382e46f387f40afe36a25d9d985f0e7
55aa68fc7904d26bb6d01530776ae953e00dbfbe9b0f1237e6cdd04b8034c451
58fa5e4a247076c76b9683f01fdf108f54ff88fda4221b2de376eb96d1f2ba2a
5f5adbc771d02801fb69961683d3ee1f50b7e9c8a66dc3f3cc86263a3f995c0d
6d1be7ed96dd494447f348986317faf64728ccf788be551f2a621b31ddc929ac
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a9234307d27a3ef2d72cacf1865420c346c2b5b2ab2bacf0cdc2ff03387985a4
aada16c1472519ba77cb2ce71609eb9715ad651bcf059a56a4c04cbdbb082baa
d5238dcd5576de5c01381727798f579c4722e1c0b07f544135fbe537d7ccf94f
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898