login.ox-teams.co
Open in
urlscan Pro
159.69.148.11
Malicious Activity!
Public Scan
Submission: On May 13 via manual from GB — Scanned from GB
Summary
This is the only time login.ox-teams.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 159.69.148.11 159.69.148.11 | 24940 (HETZNER-AS) (HETZNER-AS) | |
8 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ox-teams.co
login.ox-teams.co |
14 KB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | login.ox-teams.co |
login.ox-teams.co
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://login.ox-teams.co/new0761
Frame ID: D2A7DB2647F89D301970D1C52CECD169
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
new0761
login.ox-teams.co/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
events.js
login.ox-teams.co/js/ |
558 B 917 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
login.ox-teams.co/public/campaign/506/662/11/static/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
login.ox-teams.co/public/campaign/506/662/11/static/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
timeme.min.js
login.ox-teams.co/js/ |
4 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
time-tracker.js
login.ox-teams.co/js/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background.svg
login.ox-teams.co/public/campaign/506/662/11/static/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
track-time
login.ox-teams.co/scenario/ |
0 656 B |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| lucyDispatchEvent object| TimeMe boolean| injected function| trackTime function| sendData function| isChrome1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.ox-teams.co/ | Name: link Value: new0761 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
login.ox-teams.co
159.69.148.11
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
20bf8e95743ad0b8eaad3d92cbcd88bd7ce77633dcf6244817ed12365d4e06ce
3ae66a8d261814acf0678914f1832973fe5be31912abf545f81fe4f97fd707dd
98f2102b37509dd005115d0277b0838897a4e3eef61c4a338ab2a99eddb63afe
a8f7e59c2a6d75c51e1898b2d1ff9f6f666caad39a12d215e506202fce2ce150
b1c9c0a18219eaef9ce76f3ca58ab9097259e5e5c78574e3f7f3eb4a9f98f004
ca3df1bbfa050ab46419a9eca628d5b04a80c07ed2cc59e34fdb1cb76ed76fd3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855