ocprq.xaqr.xyz Open in urlscan Pro
203.161.52.35 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://meheff.xaqr.xyz/kXjDOjhx
Effective URL:
https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%...
Submission Tags: falconsandbox
Submission: On January 08 via api (January 8th 2025, 7:10:14 pm UTC) from US — Scanned from DK

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 203.161.52.35, located in United States and belongs to NAMECHEAP-NET, US. The main domain is ocprq.xaqr.xyz.
TLS certificate: Issued by R10 on January 3rd 2025. Valid for: 3 months.

This is the only time ocprq.xaqr.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
2 10	203.161.52.35 203.161.52.35		22612 (NAMECHEAP...) (NAMECHEAP-NET)
10	2

10 203.161.52.35 (United States) 2 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: mushheaded-elenge.vpsrdns.web-hosting.com

meheff.xaqr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mejeff.xaqr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ocprq.xaqr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hrvetbr.xaqr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jrhte.xaqr.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	xaqr.xyz 2 redirects meheff.xaqr.xyz mejeff.xaqr.xyz ocprq.xaqr.xyz hrvetbr.xaqr.xyz jrhte.xaqr.xyz htejre.xaqr.xyz Failed	982 KB
10	1

	Domain	Requested by
6	jrhte.xaqr.xyz	ocprq.xaqr.xyz jrhte.xaqr.xyz
1	hrvetbr.xaqr.xyz	ocprq.xaqr.xyz
1	ocprq.xaqr.xyz
1	mejeff.xaqr.xyz	1 redirects
1	meheff.xaqr.xyz	1 redirects
0	htejre.xaqr.xyz Failed	ocprq.xaqr.xyz
10	6

This site contains no links.

Subject Issuer	Validity	Valid
ocprq.xaqr.xyz R10	`2025-01-03` - `2025-04-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H
Frame ID: AB49331C9A87C8A70D0751E879C7C3DC
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log på Outlook

Page URL History Show full URLs

https://meheff.xaqr.xyz/kXjDOjhx HTTP 302
https://mejeff.xaqr.xyz/owa/ HTTP 302
https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redir... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

80 %
HTTPS

0 %
IPv6

1
Domains

6
Subdomains

2
IPs

1
Countries

974 kB
Transfer

968 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://meheff.xaqr.xyz/kXjDOjhx HTTP 302
https://mejeff.xaqr.xyz/owa/ HTTP 302
https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request authorize Show response ocprq.xaqr.xyz/common/oauth2/ Redirect Chain https://meheff.xaqr.xyz/kXjDOjhx https://mejeff.xaqr.xyz/owa/ https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000...	44 KB 46 KB	899ms 504ms	Document text/html	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `c5ee247142f6a136cb284297ac2be4c5b347163144e668f20117ca4669aad929` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache Connection close Content-Type text/html; charset=utf-8 Date Wed, 08 Jan 2025 19:10:07 GMT Expires -1 Link <https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch Nel {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0} P3p CP="DSP CUR OTPi IND OTRi ONL FIN" Pragma no-cache Referrer-Policy strict-origin-when-cross-origin Report-To {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]} Transfer-Encoding chunked Vary Accept-Encoding X-Dns-Prefetch-Control on X-Ms-Ests-Server 2.1.19683.6 - EUS ProdSlices X-Ms-Request-Id bab7f650-228b-44f5-aeb8-d80b338e4f00 X-Ms-Srs 1.P Redirect headers Alt-Svc h3=":443";ma=2592000,h3-29=":443";ma=2592000 Connection close Content-Type text/html; charset=utf-8 Date Wed, 08 Jan 2025 19:10:06 GMT Location https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Nel {"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01} P3p CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Report-To {"group":"NelOfficeUpload1","max_age":7200,"endpoints":[{"url":"https://exo.nel.measure.office.net/api/report?TenantId=&FrontEnd=Cafe&DestinationEndpoint=SJC&RemoteIP=203.161.52.0&Environment=MT"}],"include_subdomains":true} Request-Id 2b9ce0ce-6fe9-130e-6164-bc0c314e7a20 Server Microsoft-IIS/10.0 Transfer-Encoding chunked X-Backend-Begin 2025-01-08T19:10:07.498 X-Backend-End 2025-01-08T19:10:07.498 X-Backendhttpstatus 302 302 X-Beserver PH0PR17MB5310 X-Besku WCS6 X-Calculatedbetarget PH0PR17MB5310.namprd17.prod.outlook.com X-Calculatedfetarget PH7P220CU002.internal.outlook.com X-Diaginfo PH0PR17MB5310 X-Feefzinfo SJC X-Feproxyinfo BY5PR17CA0030.NAMPRD17.PROD.OUTLOOK.COM X-Feserver PH7P220CA0043 BY5PR17CA0030 X-Firsthopcafeefz SJC X-Owa-Diagnosticsinfo 5;0;0; X-Proxy-Backendserverstatus 302 X-Proxy-Routingcorrectness 1 X-Responseorigin OwaAppPool X-Rum-Notupdatequerieddbcopy 1 X-Rum-Notupdatequeriedpath 1 X-Rum-Validated 1 X-Ua-Compatible IE=EmulateIE7
GET H/1.1	200 OK	Me.htm hrvetbr.xaqr.xyz/	0 0	763ms 376ms	Other text/html	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://hrvetbr.xaqr.xyz/Me.htm?v=3 Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers
GET H/1.1	200 OK	converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/	111 KB 112 KB	766ms 390ms	Stylesheet text/css	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCFFB21E496F3A X-Fd-Int-Roxy-Purgeid 0 X-Cache TCP_HIT Date Wed, 08 Jan 2025 19:10:09 GMT Content-Type text/css Last-Modified Fri, 08 Nov 2024 04:59:25 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 2070d907-501e-002b-6944-59439a000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191009Z-185c9d7678492b22hC1PHX13g40000000ga00000000002zt
GET H/1.1	200 OK	ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js Show response jrhte.xaqr.xyz/shared/1.0/content/js/	440 KB 441 KB	1193ms 813ms	Script application/x-javascript	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `38e92b9d24d84e40ea6fa8e20af3573d55b81e42660916097676561d77798513` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DD0A95D1F56318 X-Fd-Int-Roxy-Purgeid 0 X-Cache TCP_HIT Date Wed, 08 Jan 2025 19:10:09 GMT Content-Type application/x-javascript Last-Modified Fri, 22 Nov 2024 01:34:34 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 50569a00-201e-004b-7144-5948ba000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191009Z-185c9d76784nsdq5hC1PHXzfh40000000g0g0000000027ub
GET H/1.1	200 OK	ux.converged.login.strings-da.min_qycxe15s69f9itqweygauw2.js Show response jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/	59 KB 60 KB	1240ms 849ms	Script application/x-javascript	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/ux.converged.login.strings-da.min_qycxe15s69f9itqweygauw2.js Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `53d0848279bcab616b78e8e72262ead9a5d03e5eb9175c96ecc33c53d8356a75` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DCF86B239581F2 X-Fd-Int-Roxy-Purgeid 4554691 X-Cache TCP_MISS Date Wed, 08 Jan 2025 19:10:09 GMT Content-Type application/x-javascript Last-Modified Tue, 29 Oct 2024 22:43:42 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 088e79db-501e-0041-1500-62ec0d000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191009Z-185c9d7678492b22hC1PHX13g40000000ga00000000002zw
GET H/1.1	200 OK	oneDs_f2e0f4a029670f10d892.js Show response jrhte.xaqr.xyz/shared/1.0/content/js/	186 KB 187 KB	1001ms 638ms	Script application/x-javascript	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js Requested by Host: jrhte.xaqr.xyz URL: https://jrhte.xaqr.xyz/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8DB5D44A8CEE4F4 X-Fd-Int-Roxy-Purgeid 4554691 X-Cache TCP_HIT Date Wed, 08 Jan 2025 19:10:11 GMT Content-Type application/x-javascript Last-Modified Thu, 25 May 2023 17:22:47 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id b1baa7e7-901e-0071-7e95-5952c2000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191011Z-185c9d76784nsdq5hC1PHXzfh40000000g0g0000000027xg
GET H/1.1	200 OK	watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Show response jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/	117 KB 118 KB	730ms 375ms	Script application/x-javascript	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8D8DA1D997CA245 X-Fd-Int-Roxy-Purgeid 0 X-Cache TCP_HIT Date Wed, 08 Jan 2025 19:10:12 GMT Content-Type application/x-javascript Last-Modified Fri, 26 Feb 2021 06:13:13 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 9b8601de-b01e-0023-523c-5a5995000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191012Z-185c9d76784sltm9hC1PHXsfhn0000000gp0000000002ds1
GET H/1.1	200 OK	frameworksupport.min_oadrnc13magb009k4d20lg2.js Show response jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/	12 KB 12 KB	727ms 375ms	Script application/x-javascript	203.161.52.35 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2.js Requested by Host: ocprq.xaqr.xyz URL: https://ocprq.xaqr.xyz/common/oauth2/authorize?client_id=00000002-0000-0ff1-ce00-000000000000&redirect_uri=https%3a%2f%2foutlook.office365.com%2fowa%2f&resource=00000002-0000-0ff1-ce00-000000000000&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=2b9ce0ce-6fe9-130e-6164-bc0c314e7a20&protectedtoken=true&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&nonce=638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992&state=Dcs7EoAwCADRRMfjYGKCfI4DcWgtvb4Ub7utpZQ9ban2TGGawpdSH51RZRDP0-wmdH8gaC3A2xXEg8EExS2CVEfN92jvZ-0H Protocol HTTP/1.1 Security TLS 1.3, , CHACHA20_POLY1305 Server 203.161.52.35 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS mushheaded-elenge.vpsrdns.web-hosting.com Software / Resource Hash `c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://ocprq.xaqr.xyz/ Response headers Access-Control-Expose-Headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding X-Ms-Lease-Status unlocked X-Ms-Version 2009-09-19 Etag 0x8D876CB1D67B929 X-Fd-Int-Roxy-Purgeid 4554691 X-Cache TCP_HIT Date Wed, 08 Jan 2025 19:10:13 GMT Content-Type application/x-javascript Last-Modified Thu, 22 Oct 2020 20:43:21 GMT Transfer-Encoding chunked Cache-Control public, max-age=31536000 Connection close X-Ms-Request-Id 40c8ec07-401e-005d-27ae-5abe6d000000 Accept-Ranges bytes Access-Control-Allow-Origin * X-Ms-Blob-Type BlockBlob X-Azure-Ref 20250108T191013Z-185c9d76784sltm9hC1PHXsfhn0000000gp0000000002dth
GET		watson.min_q5ptmu8aniymd4ftuqdkda2.js jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/	0 0

GET		watson.min_q5ptmu8aniymd4ftuqdkda2.js htejre.xaqr.xyz/ests/2.1/content/cdnbundles/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: jrhte.xaqr.xyz
URL: https://jrhte.xaqr.xyz/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

Domain: htejre.xaqr.xyz
URL: https://htejre.xaqr.xyz/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.xaqr.xyz/	1970-01-21 02:19:27	Name: LAKW Value: ef7c1a225e274583f43332ef9e7848044b22d4325a8b599ef8c62dd30734f7d2
mejeff.xaqr.xyz/	1970-01-21 11:04:59	Name: ClientId Value: B0A0FE769F4B4CD7BCE2F343A2ED3C69
mejeff.xaqr.xyz/	1970-01-21 06:40:01	Name: OIDC Value: 1
mejeff.xaqr.xyz/	1970-01-21 02:19:27	Name: OpenIdConnect.nonce.v3.GQUnWENl5erYI5CaIQb8u_QA7yqFMNbdnhqXgxCk0Sw Value: 638719602074982673.aa564bbd-f6cc-45b9-8bf7-a848baff6992
mejeff.xaqr.xyz/	1970-01-21 02:19:45	Name: X-OWA-RedirectHistory Value: ArLym14BERnCEBgw3Qg
ocprq.xaqr.xyz/	1970-01-21 03:02:35	Name: buid Value: 1.AcoAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAADKAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFeppg9YryAHNpBxA8fXsUsLi0oUvcuPC_XrNAYxG8CQxE3KdPT3rJSmle1z6T0gr_HN-pk1BtKNTsNPV9DXZYVQGiyJmwIetQ9l8yKv0anDo4gAA
.ocprq.xaqr.xyz/	1969-12-31 23:59:59	Name: esctx Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFeD-oNqup1JLegIRncfepuhpIp9O6ZEI0H6du22L2VyWJPptXE2hW9SvnQP0jcJbz4kZ0lTB5fz0ixgZPlxG_cVsm7SIZGMg8aKKw_dGh8bsU7ETrGLk1OHyRzvHaGKfm7HBoqpFwV1FhzEbNzSp86qLwsiPV2taRm6iESFu0oVzggAA
.ocprq.xaqr.xyz/	1969-12-31 23:59:59	Name: esctx-PN9xAj1t8cc Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFeRe8MRpGVUsu0_hLAa9-a1QO4A9g7f_sbqPixy70psUYOD5lOE0LmU7qojiIxKBwiYK7zgZ7JY0tl_6nJsRTJaIl8v5V8d6ApK6gTHx0vM4uymXOUtShx4JXw39BABnP0BdsWuzrGt8rCkaeshaG_oCAA
ocprq.xaqr.xyz/	1970-01-21 03:02:35	Name: fpc Value: Alie3DXaz4NJs0kWMuZginuerOTJAQAAAJDEEN8OAAAA
ocprq.xaqr.xyz/	1969-12-31 23:59:59	Name: x-ms-gateway-slice Value: estsfd
ocprq.xaqr.xyz/	1969-12-31 23:59:59	Name: stsservicecookie Value: estsfd
.hrvetbr.xaqr.xyz/	1969-12-31 23:59:59	Name: uaid Value: 46be2c049a934c7cb5b2122fd3365def
.hrvetbr.xaqr.xyz/	1969-12-31 23:59:59	Name: MSPRequ Value: id=N&lt=1736363409&co=1
ocprq.xaqr.xyz/	1970-01-21 11:04:59	Name: MicrosoftApplicationsTelemetryDeviceId Value: d9d38c10-322a-4484-bf51-b543f97f96ad

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hrvetbr.xaqr.xyz
htejre.xaqr.xyz
jrhte.xaqr.xyz
meheff.xaqr.xyz
mejeff.xaqr.xyz
ocprq.xaqr.xyz
htejre.xaqr.xyz
jrhte.xaqr.xyz
203.161.52.35
38e92b9d24d84e40ea6fa8e20af3573d55b81e42660916097676561d77798513
53d0848279bcab616b78e8e72262ead9a5d03e5eb9175c96ecc33c53d8356a75
6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
c5ee247142f6a136cb284297ac2be4c5b347163144e668f20117ca4669aad929
c8cef105fcaf7cbf3f8682c861045505c24d41cf6686c20c1c03e14031a3db69
df2aa8537c1992c94846a0ffffaa9031d430d9d0210b9e396ec059aff62627e0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

ocprq.xaqr.xyz Open in urlscan Pro 203.161.52.35 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

80 %HTTPS

0 %IPv6

1 Domains

6 Subdomains

2 IPs

1 Countries

974 kBTransfer

968 kBSize

14 Cookies

0 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

14 Cookies

Indicators

ocprq.xaqr.xyz Open in urlscan Pro
203.161.52.35 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

80 %
HTTPS

0 %
IPv6

1
Domains

6
Subdomains

2
IPs

1
Countries

974 kB
Transfer

968 kB
Size

14
Cookies

10 HTTP transactions
0 data transactions