TP: If you're able to verify which the OAuth application is delivered from an unfamiliar resource, and redirects to the suspicious URL, then a true constructive is indicated.Call the consumers or admins who granted consent or permissions on the app. Validate if the variations ended up intentional.Suggested motion: Assessment the Reply URL and scope