login.ox-teams.co Open in urlscan Pro
159.69.148.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://login.ox-teams.co/new0761
Submission: On May 13 via manual (May 13th 2022, 4:52:37 pm UTC) from GB — Scanned from GB

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 159.69.148.11, located in Germany and belongs to HETZNER-AS, DE. The main domain is login.ox-teams.co.

This is the only time login.ox-teams.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address		AS Autonomous System
8	159.69.148.11 159.69.148.11		24940 (HETZNER-AS) (HETZNER-AS)
8	1

8 159.69.148.11 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: mail.khipuawareness.com

login.ox-teams.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ox-teams.co login.ox-teams.co	14 KB
8	1

	Domain	Requested by
8	login.ox-teams.co	login.ox-teams.co
8	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://login.ox-teams.co/new0761
Frame ID: D2A7DB2647F89D301970D1C52CECD169
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in

Detected technologies

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

14 kB
Transfer

13 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request new0761 Show response login.ox-teams.co/	2 KB 1 KB	557ms 491ms	Document text/html	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `98f2102b37509dd005115d0277b0838897a4e3eef61c4a338ab2a99eddb63afe` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Access-Control-Allow-Headers * Access-Control-Allow-Methods * Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Encoding gzip Content-Length 879 Content-Type text/html; charset=UTF-8 Date Fri, 13 May 2022 16:52:31 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Lucy Vary Accept-Encoding
GET H/1.1	200 OK	events.js Show response login.ox-teams.co/js/	558 B 917 B	59ms 59ms	Script text/javascript	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/js/events.js Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/new0761 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Server Lucy Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Access-Control-Allow-Origin * Cache-Control max-age=86400 Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 558 Keep-Alive timeout=5, max=99 Expires Sat, 14 May 2022 16:52:32 GMT
GET H/1.1	200 OK	style.css login.ox-teams.co/public/campaign/506/662/11/static/	2 KB 1 KB	113ms 57ms	Stylesheet text/css	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/public/campaign/506/662/11/static/style.css Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `ca3df1bbfa050ab46419a9eca628d5b04a80c07ed2cc59e34fdb1cb76ed76fd3` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/new0761 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Content-Encoding gzip Last-Modified Thu, 03 Feb 2022 11:26:19 GMT Server Lucy ETag "918-5d71b673cb6a5-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 745
GET H/1.1	200 OK	logo.png login.ox-teams.co/public/campaign/506/662/11/static/	1 KB 2 KB	114ms 58ms	Image image/png	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://login.ox-teams.co/public/campaign/506/662/11/static/logo.png Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `20bf8e95743ad0b8eaad3d92cbcd88bd7ce77633dcf6244817ed12365d4e06ce` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/new0761 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Last-Modified Thu, 03 Feb 2022 11:26:19 GMT Server Lucy ETag "509-5d71b673cb6a5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1289
GET H/1.1	200 OK	timeme.min.js Show response login.ox-teams.co/js/	4 KB 4 KB	58ms 58ms	Script text/javascript	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/js/timeme.min.js Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/new0761 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Server Lucy Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Access-Control-Allow-Origin * Cache-Control max-age=86400 Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 4210 Keep-Alive timeout=5, max=98 Expires Sat, 14 May 2022 16:52:32 GMT
GET H/1.1	200 OK	time-tracker.js Show response login.ox-teams.co/js/	1 KB 2 KB	112ms 59ms	Script text/javascript	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/js/time-tracker.js Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `b1c9c0a18219eaef9ce76f3ca58ab9097259e5e5c78574e3f7f3eb4a9f98f004` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/new0761 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Server Lucy Access-Control-Allow-Methods * Content-Type text/javascript;charset=UTF-8 Access-Control-Allow-Origin * Cache-Control max-age=86400 Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 1475 Keep-Alive timeout=5, max=99 Expires Sat, 14 May 2022 16:52:32 GMT
GET H/1.1	200 OK	background.svg login.ox-teams.co/public/campaign/506/662/11/static/	2 KB 2 KB	61ms 58ms	Image image/svg+xml	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://login.ox-teams.co/public/campaign/506/662/11/static/background.svg Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/public/campaign/506/662/11/static/style.css Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68` Request headers accept-language en-GB,en;q=0.9 Referer http://login.ox-teams.co/public/campaign/506/662/11/static/style.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Fri, 13 May 2022 16:52:32 GMT Last-Modified Thu, 03 Feb 2022 11:26:19 GMT Server Lucy ETag "748-5d71b673cb6a5" Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1864
POST H/1.1	200 OK	track-time login.ox-teams.co/scenario/	0 656 B	347ms 347ms	Ping text/html	159.69.148.11 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://login.ox-teams.co/scenario/track-time Requested by Host: login.ox-teams.co URL: http://login.ox-teams.co/new0761 Protocol HTTP/1.1 Server 159.69.148.11 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS mail.khipuawareness.com Software Lucy / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://login.ox-teams.co/new0761 accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers Pragma no-cache Date Fri, 13 May 2022 16:52:33 GMT Server Lucy Access-Control-Max-Age 86400 Access-Control-Allow-Methods * Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Access-Control-Allow-Credentials true Connection Keep-Alive Access-Control-Allow-Headers * Content-Length 0 Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			login.ox-teams.co/	1970-01-20 03:44:12	Name: link Value: new0761

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.ox-teams.co
159.69.148.11
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
20bf8e95743ad0b8eaad3d92cbcd88bd7ce77633dcf6244817ed12365d4e06ce
3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd
98f2102b37509dd005115d0277b0838897a4e3eef61c4a338ab2a99eddb63afe
a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150
b1c9c0a18219eaef9ce76f3ca58ab9097259e5e5c78574e3f7f3eb4a9f98f004
ca3df1bbfa050ab46419a9eca628d5b04a80c07ed2cc59e34fdb1cb76ed76fd3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

login.ox-teams.co Open in urlscan Pro 159.69.148.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

14 kBTransfer

13 kBSize

1 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

Indicators

login.ox-teams.co Open in urlscan Pro
159.69.148.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

14 kB
Transfer

13 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!