Report - completar.proceso.zya.me/login.live.com_login_verify_credentials

Report Overview

URL

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
IP

185.27.134.55

ASN

#34119 Wildcard UK Limited
Submitted

2023-06-10T12:49:44Z

Access

public
Tags

microsoft
urlquery detections

Phishing - Microsoft

Detections

urlquery

9
Network Intrusion Detection

0
Threat Detection Systems

17

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
completar.proceso.zya.me (18)	unknown	2023-06-10 02:59:59	2023-06-10 02:59:59	8437	913978	185.27.134.55
logincdn.msauth.net (1)	2330	2019-04-23 03:13:28	2023-06-10 12:57:24	501	1345	192.229.221.185
r4.res.office365.com (7)	180	2017-03-03 13:49:03	2023-06-10 12:14:08	3453	723698	95.101.10.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-09	medium	completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/
2023-06-09	medium	completar.proceso.zya.me/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

HTTP Transactions (26)

URL IP Response Size

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html

185.27.134.55

595

URL

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
IP

185.27.134.55:0
ASN

#34119 Wildcard UK Limited

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (887), with no line terminators

Size

595
Hash

e1a4d0705977c52cd27dac4efb64b779

2c32a49fd8641f9bbecab3b7a283ac19c29dce3f

a507471a0eac958dbecebd408e76201109d5ec3042ddbf5852618da877093ba1

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /login.live.com_login_verify_credentials_outlook.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip

completar.proceso.zya.me/aes.js

185.27.134.55

31206

URL

completar.proceso.zya.me/aes.js
IP

185.27.134.55:0
ASN

#34119 Wildcard UK Limited

Magic

ASCII text, with CRLF line terminators

Size

31206
Hash

78a66859739b0c9e18bc5b4538c03bf9

77aa2fbbc258645904620937b387d3deedbd16ea

d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /aes.js HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: application/javascript
Content-Length: 31206
Last-Modified: Sat, 08 Aug 2015 08:10:59 GMT
Connection: keep-alive
ETag: "55c5b993-79e6"
Accept-Ranges: bytes

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

185.27.134.55

6185

URL User Request GET

completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
IP

185.27.134.55:0
ASN

#34119 Wildcard UK Limited

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (446)

Size

6185
Hash

d8d20cab0b64a13f2cfd2b825d136ce1

d98967897f3026bc6434410da8a911817f33867c

2a25716b7bdf548d8ffca3bf36d803f835fe2996400d64d0cabe4ce48b2c4f8e

HTTP Headers

                                        GET /login.live.com_login_verify_credentials_outlook.html?i=1 HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html
DNT: 1
Connection: keep-alive
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:41:49 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:25 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css

185.27.134.55

200 OK

22332

URL GET HTTP/1.1

completar.proceso.zya.me/folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

ASCII text, with very long lines (61112)

Size

22332
Hash

e699692353f4fee2a3ae891676a0a807

a88cf4a6089e1a4bac50e5a71842871bfa8c1f1a

edc22ddb46d0dee7c192892cb834e4c9bfea54bf5fd324d01357d5249db8d6d4

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/Converged_v23082_5plpI1P0_uKjrokWdqCoBw2.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:36 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:25 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/prefetch.html

185.27.134.55

200 OK

1234

URL GET HTTP/1.1

completar.proceso.zya.me/folder/prefetch.html
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (1188)

Size

1234
Hash

f2be708b2bdb3aed4160b1f141d9d665

4ed6a07b745f8987cb3cdde2ddc6b097c032211f

3dded4f4b0219791edadb316d5cdeaca0eff74f047ff9e59985e13b2b98c98a2

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/prefetch.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:39 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg

185.27.134.55

200 OK

915

URL GET HTTP/1.1

completar.proceso.zya.me/folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (915), with no line terminators

Size

915
Hash

2b5d393db04a5e6e1f739cb266e65b4c

6a435df5cac3d58ccad655fe022ccf3dd4b9b721

16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 915
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg

185.27.134.55

200 OK

900

URL GET HTTP/1.1

completar.proceso.zya.me/folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (900), with no line terminators

Size

900
Hash

635a63d500a92a0b8497cdc58d0f66b1

a32eba4b4d139e8da52c5801a13c1ee222b2b882

61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 900
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:37 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg

185.27.134.55

200 OK

3651

URL GET HTTP/1.1

completar.proceso.zya.me/folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (3651), with no line terminators

Size

3651
Hash

ee5c8d9fb6248c938fd0dc19370e90bd

d01a22720918b781338b5bbf9202b241a5f99ee4

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 3651
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:39 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg

185.27.134.55

200 OK

1555

URL GET HTTP/1.1

completar.proceso.zya.me/folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1555), with no line terminators

Size

1555
Hash

bcb4d1dc4eae64f0b2b2538209d8435a

4f10568bc1b70bc98d5297b85812c33b3e636766

a76c08e9cdc3bb87bfb57627ad8f6b46f0e5ef826cc7f046dfbaf25d7b7958ea

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/documentation_bcb4d1dc4eae64f0b2b2538209d8435a.svg HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/svg+xml
Content-Length: 1555
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT

completar.proceso.zya.me/folder/sprite1.mouse.css

185.27.134.55

200 OK

1287

URL GET HTTP/1.1

completar.proceso.zya.me/folder/sprite1.mouse.css
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

ASCII text, with very long lines (7604), with no line terminators

Size

1287
Hash

e9ba472d2ddb09fb3ec536dc240b1976

99daf55408b077f6f56daaf6cae4e54dc0fc0cfa

461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/sprite1.mouse.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:40 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/sprite1.mouse.png

185.27.134.55

200 OK

16664

URL GET HTTP/1.1

completar.proceso.zya.me/folder/sprite1.mouse.png
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data

Size

16664
Hash

2835f067dcf4c8a12464856267ca8ff7

ab0a6ccd3932d913314b1ff617f236750781a835

4b5cc3fed2c03c158abc3634c1f7700079fbc1e6183aa5e47a2064cfed87977c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /folder/sprite1.mouse.png HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/png
Content-Length: 16664
Connection: keep-alive
Last-Modified: Tue, 16 May 2023 00:43:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT

logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

192.229.221.185

200 OK

673

URL GET HTTP/2

logincdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP

192.229.221.185:443
ASN

#15133 EDGECAST

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Certificate

IssuerMicrosoft Corporation

Subjectidentitycdn.msauth.net

FingerprintEE:40:2D:5A:6D:D7:45:A2:7B:73:AC:5A:A3:0A:9C:D7:D5:BB:5A:E4

ValidityTue, 23 Aug 2022 22:36:46 GMT - Fri, 18 Aug 2023 22:36:46 GMT

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1864), with no line terminators

Size

673
Hash

bc3d32a696895f78c19df6c717586a5d

9191cb156a30a3ed79c44c0a16c95159e8ff689d

0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

                                        GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: logincdn.msauth.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 25702714
cache-control: public, max-age=31536000
content-md5: DhdidjYrlCeaRJJRG/y9mA==
content-type: image/svg+xml
date: Sat, 10 Jun 2023 12:49:26 GMT
etag: 0x8D7B00724D9E930
last-modified: Wed, 12 Feb 2020 22:01:42 GMT
server: ECAcc (ska/F795)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 2d047dc9-f01e-0051-3bd6-b16302000000
x-ms-version: 2009-09-19
content-length: 673
X-Firefox-Spdy: h2

completar.proceso.zya.me/images/favicon.ico

185.27.134.55

200 OK

153

URL GET HTTP/1.1

completar.proceso.zya.me/images/favicon.ico
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel\012- data

Size

153
Hash

5926212e49293e243feb3df0ba035065

572dea29e24584c8d756fcc4be7bb44f90bed435

07b579ed7731cd9c532d462fc253f0dcf5d83d3b06b49d7d403d0e9128841090

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
openphish	Office365

HTTP Headers

                                        GET /images/favicon.ico HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:48 GMT
Cache-Control: max-age=2592000, public, public
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.mouse.css

185.27.134.55

200 OK

50756

URL GET HTTP/1.1

completar.proceso.zya.me/folder/boot.worldwide.mouse.css
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

50756
Hash

a788ed9f28a0da2d2e552514ea703777

74b0759483d180dcef8199541336c375d1dd970a

8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/boot.worldwide.mouse.css HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:32 GMT
Cache-Control: max-age=2592000, public, proxy-revalidate, public, proxy-revalidate, must-revalidate
Expires: Mon, 10 Jul 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.2.mouse.js.descarga

185.27.134.55

200 OK

200082

URL GET HTTP/1.1

completar.proceso.zya.me/folder/boot.worldwide.2.mouse.js.descarga
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

200082
Hash

a609d8960c9dd9f1422d566cb060644d

b31f787c184a6b2c385bc829f2f26449907c650a

d6981d6292977aa971ca4aae36423c3213df3bc4b9bfcc081e32dd284ccd28b3

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/boot.worldwide.2.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:16 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.3.mouse.js.descarga

185.27.134.55

200 OK

172849

URL GET HTTP/1.1

completar.proceso.zya.me/folder/boot.worldwide.3.mouse.js.descarga
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

172849
Hash

e6ea70d35605f66c272cc5dd42b74daa

eea7725fe043f7db8a77694504c3b9d434f307f4

3eaedfa1808e6731fb50856c7187d0107001e7c472359b46e382e6770f98c4f5

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/boot.worldwide.3.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:43:14 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.1.mouse.js.descarga

185.27.134.55

200 OK

188116

URL GET HTTP/1.1

completar.proceso.zya.me/folder/boot.worldwide.1.mouse.js.descarga
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

188116
Hash

607dfcb9134b214104030e5c2db5b939

480907df55bd0a63f79e49af7cae66f2502b25bb

1702512cc33ef8e1ddf7075c9af72d9ae61f9d91589d383d34dd7c689751a5f7

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/boot.worldwide.1.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:42:53 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

completar.proceso.zya.me/folder/boot.worldwide.0.mouse.js.descarga

185.27.134.55

200 OK

209255

URL GET HTTP/1.1

completar.proceso.zya.me/folder/boot.worldwide.0.mouse.js.descarga
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/folder/prefetch.html

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators

Size

209255
Hash

a89e0e460477e7edccce1ec09f8a142d

e65980411557eed2b4dc6b0367fad69064a3658f

e348ce8166b3f2da75e2b6e81bafe67160e485412b7800ed77a9e77d71b76fe2

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/boot.worldwide.0.mouse.js.descarga HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/folder/prefetch.html
Cookie: __test=7da11f1c3aec6fedc537eb0a7f6e670d
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:26 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 16 May 2023 00:42:32 GMT
Cache-Control: max-age=0
Expires: Sat, 10 Jun 2023 12:49:26 GMT
Content-Encoding: gzip

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js

95.101.10.160

200 OK

179729

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (59783), with CRLF line terminators

Size

179729
Hash

a89e0e460477e7edccce1ec09f8a142d

e65980411557eed2b4dc6b0367fad69064a3658f

e348ce8166b3f2da75e2b6e81bafe67160e485412b7800ed77a9e77d71b76fe2

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.0.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:56:48 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 179729
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js

95.101.10.160

200 OK

163132

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

163132
Hash

607dfcb9134b214104030e5c2db5b939

480907df55bd0a63f79e49af7cae66f2502b25bb

1702512cc33ef8e1ddf7075c9af72d9ae61f9d91589d383d34dd7c689751a5f7

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.1.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:57:05 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 163132
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js

95.101.10.160

200 OK

170026

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

170026
Hash

a609d8960c9dd9f1422d566cb060644d

b31f787c184a6b2c385bc829f2f26449907c650a

d6981d6292977aa971ca4aae36423c3213df3bc4b9bfcc081e32dd284ccd28b3

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.2.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:56:49 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 170026
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js

95.101.10.160

200 OK

145769

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

Unicode text, UTF-8 (with BOM) text, with very long lines (65339), with CRLF line terminators

Size

145769
Hash

e6ea70d35605f66c272cc5dd42b74daa

eea7725fe043f7db8a77694504c3b9d434f307f4

3eaedfa1808e6731fb50856c7187d0107001e7c472359b46e382e6770f98c4f5

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/scripts/boot.worldwide.3.mouse.js HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
last-modified: Sat, 17 Oct 2020 01:57:06 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 145769
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png

95.101.10.160

200 OK

16664

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

PNG image data, 600 x 75, 8-bit/color RGBA, non-interlaced\012- data

Size

16664
Hash

2835f067dcf4c8a12464856267ca8ff7

ab0a6ccd3932d913314b1ff617f236750781a835

4b5cc3fed2c03c158abc3634c1f7700079fbc1e6183aa5e47a2064cfed87977c

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.png HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
last-modified: Sat, 17 Oct 2020 01:52:18 GMT
server: AkamaiNetStorage
content-length: 16664
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css

95.101.10.160

200 OK

1124

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (7604), with no line terminators

Size

1124
Hash

e9ba472d2ddb09fb3ec536dc240b1976

99daf55408b077f6f56daaf6cae4e54dc0fc0cfa

461f87e55bba34c4d9248d1b45685ea832eba56c15ebf6cccf75d49f1547b502

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/resources/images/0/sprite1.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Sat, 17 Oct 2020 01:52:14 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1124
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css

95.101.10.160

200 OK

44146

URL GET HTTP/2

r4.res.office365.com/owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css
IP

95.101.10.160:443
ASN

#20940 Akamai International B.V.

Requested by

http://completar.proceso.zya.me/folder/prefetch.html
Certificate

IssuerDigiCert Inc

Subject*.res.outlook.com

Fingerprint54:11:4B:DB:98:01:CA:17:06:66:6C:42:F4:E9:9A:41:CB:F1:8A:DE

ValidityMon, 17 Apr 2023 00:00:00 GMT - Wed, 17 Apr 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (65536), with no line terminators

Size

44146
Hash

a788ed9f28a0da2d2e552514ea703777

74b0759483d180dcef8199541336c375d1dd970a

8dfade63d9153799d2f8a254edcff8718388ea8d65b5a0daf340fe0fb302270e

HTTP Headers

                                        GET /owa/prem/16.3790.1.3213940/resources/styles/0/boot.worldwide.mouse.css HTTP/1.1
Host: r4.res.office365.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://completar.proceso.zya.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

                                        HTTP/2 200 OK
accept-ranges: bytes
content-type: text/css
last-modified: Sat, 17 Oct 2020 01:54:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 44146
cache-control: public,max-age=630720000, s-maxage=630720000
date: Sat, 10 Jun 2023 12:49:27 GMT
timing-allow-origin: *
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

completar.proceso.zya.me/folder/prefetch.html

185.27.134.55

200 OK

574

URL GET HTTP/1.1

completar.proceso.zya.me/folder/prefetch.html
IP

185.27.134.55:80
ASN

#34119 Wildcard UK Limited

Requested by

http://completar.proceso.zya.me/login.live.com_login_verify_credentials_outlook.html?i=1

Magic

HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (855), with no line terminators

Size

574
Hash

45a7348da64b53607590b35901b9a49c

df6e10abdd590db0430239890602d93937d53597

4abca4fa9872727561ef832e7176f301b43d675f50f9b8fce1d3ffeaba20b8a0

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET /folder/prefetch.html HTTP/1.1
Host: completar.proceso.zya.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Jun 2023 12:49:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

#1 JS:Script (size: 23)

#2 JS:Script (size: 0)

HTTP Transactions (26)

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

Detections

HTTP Headers

URL User Request GET

IP

ASN

Magic

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN