Report - completar.proceso.zya.me/login.live.com_login_verify_credentials

Report Overview

Submitted URL
completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
IP
185.27.134.55
ASN
#34119 Wildcard UK Limited
Submitted
2023-06-10 12:49:44
Access
public
Website Title
Final URL
Tags
microsoft
urlquery detections
Phishing - Microsoft

Detections

urlquery
9
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
completar.proceso.zya.me	unknown	2021-09-01	2023-06-10	2023-06-10	8.4 kB	914 kB	185.27.134.55
logincdn.msauth.net	2330	2018-10-25	2019-04-23	2023-06-10	501 B	1.3 kB	192.229.221.185
r4.res.office365.com	180	2005-06-20	2017-03-03	2023-06-10	3.5 kB	724 kB	95.101.10.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-09	medium	completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	unknown	23 B	2023-04-10	2024-05-06
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 20:39:00 Last Seen2024-05-06 23:20:56 Times Seen1437 Hash a34459a777b4853cc0b6b99c1b519ed8 a114e3509ea887cb8b532a7da24f3dc5de66d219 096e484edb287943f6455826128e4cc9721e410f75f521ad6fc886dba56d1963 Loading...

	completar.proceso.zya.me/folder/prefetch.html	0 B	2023-03-07	2024-05-07
Pretty URL completar.proceso.zya.me/folder/prefetch.html IP 185.27.134.55 ASN #34119 Wildcard UK Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 13:36:40 Times Seen37409024 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (26)

URL IP Response Size

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html

185.27.134.55

595 B

URL
completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
IP
185.27.134.55:0
ASN
#34119 Wildcard UK Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (887), with no line terminators
Size
595 B (595 bytes)
Hash
e1a4d0705977c52cd27dac4efb64b779
2c32a49fd8641f9bbecab3b7a283ac19c29dce3f
a507471a0eac958dbecebd408e76201109d5ec3042ddbf5852618da877093ba1

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /login.live.com_login_verify_credentials_outlook.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip

completar.proceso.zya.me/aes.js

185.27.134.55

31 kB

URL
completar.proceso.zya.me/aes.js
IP
185.27.134.55:0
ASN
#34119 Wildcard UK Limited

File type
ASCII text, with CRLF line terminators
Size
31 kB (31206 bytes)
Hash
78a66859739b0c9e18bc5b4538c03bf9
77aa2fbbc258645904620937b387d3deedbd16ea
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /aes.js HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: application/javascript
Content-Length: 31206
Last-Modified: Sat, 08 Aug 2015 08:10:59 GMT
Connection: keep-alive
ETag: "55c5b993-79e6"
Accept-Ranges: bytes

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

185.27.134.55

6.2 kB

URL User Request GET
completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
IP
185.27.134.55:0
ASN
#34119 Wildcard UK Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (446)
Size
6.2 kB (6185 bytes)
Hash
d8d20cab0b64a13f2cfd2b825d136ce1
d98967897f3026bc6434410da8a911817f33867c
2a25716b7bdf548d8ffca3bf36d803f835fe2996400d64d0cabe4ce48b2c4f8e

HTTP Headers

GET /login.live.com_login_verify_credentials_outlook.html?i=1 HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
DNT: 1
Connection: keep-alive
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:41:49 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:25 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css

185.27.134.55

200 OK

22 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
ASCII text, with very long lines (61112)
Size
22 kB (22332 bytes)
Hash
e699692353f4fee2a3ae891676a0a807
a88cf4a6089e1a4bac50e5a71842871bfa8c1f1a
edc22ddb46d0dee7c192892cb834e4c9bfea54bf5fd324d01357d5249db8d6d4

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:36 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:25 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/prefetch.html

185.27.134.55

200 OK

1.2 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/prefetch.html
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1188)
Size
1.2 kB (1234 bytes)
Hash
f2be708b2bdb3aed4160b1f141d9d665
4ed6a07b745f8987cb3cdde2ddc6b097c032211f
3dded4f4b0219791edadb316d5cdeaca0eff74f047ff9e59985e13b2b98c98a2

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/prefetch.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:39 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

185.27.134.55

200 OK

915 B

URL GET HTTP/1.1
completar.proceso.zya.me/folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators
Size
915 B (915 bytes)
Hash
2b5d393db04a5e6e1f739cb266e65b4c
6a435df5cac3d58ccad655fe022ccf3dd4b9b721
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 915
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

185.27.134.55

200 OK

900 B

URL GET HTTP/1.1
completar.proceso.zya.me/folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators
Size
900 B (900 bytes)
Hash
635a63d500a92a0b8497cdc58d0f66b1
a32eba4b4d139e8da52c5801a13c1ee222b2b882
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 900
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

185.27.134.55

200 OK

3.7 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators
Size
3.7 kB (3651 bytes)
Hash
ee5c8d9fb6248c938fd0dc19370e90bd
d01a22720918b781338b5bbf9202b241a5f99ee4
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 3651
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:39 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg

185.27.134.55

200 OK

1.6 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1555), with no line terminators
Size
1.6 kB (1555 bytes)
Hash
bcb4d1dc4eae64f0b2b2538209d8435a
4f10568bc1b70bc98d5297b85812c33b3e636766
a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 1555
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/sprite1.mouse.css

185.27.134.55

200 OK

1.3 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/sprite1.mouse.css
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
ASCII text, with very long lines (7604), with no line terminators
Size
1.3 kB (1287 bytes)
Hash
e9ba472d2ddb09fb3ec536dc240b1976
99daf55408b077f6f56daaf6cae4e54dc0fc0cfa
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/sprite1.mouse.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:40 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/sprite1.mouse.png

185.27.134.55

200 OK

17 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/sprite1.mouse.png
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16664 bytes)
Hash
2835f067dcf4c8a12464856267ca8ff7
ab0a6ccd3932d913314b1ff617f236750781a835
4b5cc3fed2c03c158abc3634c1f7700079fbc1e6183aa5e47a2064cfed87977c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /folder/sprite1.mouse.png HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/png
Content-Length: 16664
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT

logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

192.229.221.185

200 OK

673 B

URL GET HTTP/2
logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP
192.229.221.185:443
ASN
#15133 EDGECAST

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Certificate
IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4
ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators
Size
673 B (673 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 25702714
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:49:26 GMT
etag: 0x8D7B00724D9E930
last-modified: Wed, 12 Feb 2020 22:01:42 GMT
server: ECAcc (ska/F795)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2d047dc9-f01e-0051-3bd6-b16302000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2

completar.proceso.zya.me/images/favicon.ico

185.27.134.55

200 OK

153 B

URL GET HTTP/1.1
completar.proceso.zya.me/images/favicon.ico
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data
Size
153 B (153 bytes)
Hash
5926212e49293e243feb3df0ba035065
572dea29e24584c8d756fcc4be7bb44f90bed435
07b579ed7731cd9c532d462fc253f0dcf5d83d3b06b49d7d403d0e9128841090

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:48 GMT
Cache-Control: max-age=2592000, public, public
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.mouse.css

185.27.134.55

200 OK

51 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/boot.worldwide.mouse.css
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (50756 bytes)
Hash
a788ed9f28a0da2d2e552514ea703777
74b0759483d180dcef8199541336c375d1dd970a
8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/boot.worldwide.mouse.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:32 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.2.mouse.js.descarga

185.27.134.55

200 OK

200 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/boot.worldwide.2.mouse.js.descarga
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
200 kB (200082 bytes)
Hash
a609d8960c9dd9f1422d566cb060644d
b31f787c184a6b2c385bc829f2f26449907c650a
d6981d6292977aa971ca4aae36423c3213df3bc4b9bfcc081e32dd284ccd28b3

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/boot.worldwide.2.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:16 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.3.mouse.js.descarga

185.27.134.55

200 OK

173 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/boot.worldwide.3.mouse.js.descarga
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
173 kB (172849 bytes)
Hash
e6ea70d35605f66c272cc5dd42b74daa
eea7725fe043f7db8a77694504c3b9d434f307f4
3eaedfa1808e6731fb50856c7187d0107001e7c472359b46e382e6770f98c4f5

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/boot.worldwide.3.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:14 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.1.mouse.js.descarga

185.27.134.55

200 OK

188 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/boot.worldwide.1.mouse.js.descarga
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
188 kB (188116 bytes)
Hash
607dfcb9134b214104030e5c2db5b939
480907df55bd0a63f79e49af7cae66f2502b25bb
1702512cc33ef8e1ddf7075c9af72d9ae61f9d91589d383d34dd7c689751a5f7

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/boot.worldwide.1.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:42:53 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.0.mouse.js.descarga

185.27.134.55

200 OK

209 kB

URL GET HTTP/1.1
completar.proceso.zya.me/folder/boot.worldwide.0.mouse.js.descarga
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/folder/prefetch.html

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
Size
209 kB (209255 bytes)
Hash
a89e0e460477e7edccce1ec09f8a142d
e65980411557eed2b4dc6b0367fad69064a3658f
e348ce8166b3f2da75e2b6e81bafe67160e485412b7800ed77a9e77d71b76fe2

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/boot.worldwide.0.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:42:32 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js

95.101.10.160

200 OK

180 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators
Size
180 kB (179729 bytes)
Hash
a89e0e460477e7edccce1ec09f8a142d
e65980411557eed2b4dc6b0367fad69064a3658f
e348ce8166b3f2da75e2b6e81bafe67160e485412b7800ed77a9e77d71b76fe2

HTTP Headers

GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:56:48 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 179729
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js

95.101.10.160

200 OK

163 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
163 kB (163132 bytes)
Hash
607dfcb9134b214104030e5c2db5b939
480907df55bd0a63f79e49af7cae66f2502b25bb
1702512cc33ef8e1ddf7075c9af72d9ae61f9d91589d383d34dd7c689751a5f7

HTTP Headers

GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:57:05 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 163132
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js

95.101.10.160

200 OK

170 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
170 kB (170026 bytes)
Hash
a609d8960c9dd9f1422d566cb060644d
b31f787c184a6b2c385bc829f2f26449907c650a
d6981d6292977aa971ca4aae36423c3213df3bc4b9bfcc081e32dd284ccd28b3

HTTP Headers

GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:56:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 170026
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js

95.101.10.160

200 OK

146 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators
Size
146 kB (145769 bytes)
Hash
e6ea70d35605f66c272cc5dd42b74daa
eea7725fe043f7db8a77694504c3b9d434f307f4
3eaedfa1808e6731fb50856c7187d0107001e7c472359b46e382e6770f98c4f5

HTTP Headers

GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:57:06 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 145769
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png

95.101.10.160

200 OK

17 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16664 bytes)
Hash
2835f067dcf4c8a12464856267ca8ff7
ab0a6ccd3932d913314b1ff617f236750781a835
4b5cc3fed2c03c158abc3634c1f7700079fbc1e6183aa5e47a2064cfed87977c

HTTP Headers

GET /owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
last-modified: Sat, 17 Oct 2020 01:52:18 GMT
server: AkamaiNetStorage
content-length: 16664
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css

95.101.10.160

200 OK

1.1 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (7604), with no line terminators
Size
1.1 kB (1124 bytes)
Hash
e9ba472d2ddb09fb3ec536dc240b1976
99daf55408b077f6f56daaf6cae4e54dc0fc0cfa
461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502

HTTP Headers

GET /owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Sat, 17 Oct 2020 01:52:14 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1124
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css

95.101.10.160

200 OK

44 kB

URL GET HTTP/2
r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css
IP
95.101.10.160:443
ASN
#20940 Akamai International B.V.

Requested by
http://completar.proceso.zya.me/folder/prefetch.html
Certificate
IssuerDigiCert Inc
Subject*.res.outlook.com
Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE
ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
44 kB (44146 bytes)
Hash
a788ed9f28a0da2d2e552514ea703777
74b0759483d180dcef8199541336c375d1dd970a
8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e

HTTP Headers

GET /owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Sat, 17 Oct 2020 01:54:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 44146
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

completar.proceso.zya.me/folder/prefetch.html

185.27.134.55

200 OK

574 B

URL GET HTTP/1.1
completar.proceso.zya.me/folder/prefetch.html
IP
185.27.134.55:80
ASN
#34119 Wildcard UK Limited

Requested by
http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (855), with no line terminators
Size
574 B (574 bytes)
Hash
45a7348da64b53607590b35901b9a49c
df6e10abdd590db0430239890602d93937d53597
4abca4fa9872727561ef832e7176f301b43d675f50f9b8fce1d3ffeaba20b8a0

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

GET /folder/prefetch.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1