TP: If you can validate which the OAuth app has encoded the display name with suspicious scopes sent from an unidentified source, then a true positive is indicated. Advisable actions: Classify the alert as a TP. Determined by the investigation, If your app is malicious, you'll be able to https://stephenu122bxr8.thelateblog.com/profile
