Report - webmail.xelya.io/owa/

Report Overview

Submitted URL
webmail.xelya.io/owa/
IP
194.50.29.104
ASN
#39495 Xelya SAS
Submitted
2024-04-17 07:07:47
Access
public
Website Title
Outlook
Final URL
webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Tags
microsoft phishing
urlquery detections
Phishing - Microsoft

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
webmail.xelya.io	unknown	2015-08-14	2017-01-27	2023-06-16	3.4 kB	196 kB	194.50.29.104

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	Size	First Seen	Last Seen
	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	14 kB	2023-03-07	2024-04-29
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen518 Hash 8e2bc1b488831cdc5841d3abfb0ba6bb 50aed9715e2a5c3018ae336875294f64a202eaf2 b7cd8d9758300e4190d07cfc88be4aabadff6e837e68d93eb73648dbcd89351b Loading...

	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	1.4 kB	2023-03-07	2024-04-29
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen441 Hash 97eb9cc59146b048bdf9f61b499bf16f 3bcf316328c997d9768a59393894a989052e5198 d656711ef4d2a655d04b516c9dbafbe90bc4b24b57b0c3bc3c197ef4d287b641 Loading...

	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	1.8 kB	2023-03-07	2024-04-26
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-26 04:17:53 Times Seen62 Hash 5d30918cf22346989bac53c48489c08e a05112dc3615173fd6fadab4574327d96427ecb2 54b7c35969bfd4ae0d5e5e38cf4b1efe0b8ca3893f9a56687a0633e52d390630 Loading...

	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	19 B	2023-03-07	2024-04-29
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-29 19:04:57 Times Seen1529 Hash 24f6a9c606199b766addcdaf630a6f4a e25cfd579629e6e410927500f3e9a728261c0553 e74b3de0ef4501689fdd96e8ecf0f120e7761bb3d9bfe6544e38790c0d386bf0 Loading...

	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	137 B	2023-03-07	2024-04-29
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-29 19:04:57 Times Seen1567 Hash 3012703a3a5c709a38f2cba896e8e5e6 d574b12ce7043b1ee47eb6934c39f19379fcf0ec 2c65e217804431e380651ce713d311bd5b5a5fb81cebc58392505cb35c854cdc Loading...

	webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f	68 B	2023-03-07	2024-04-29
Pretty URL webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f IP 194.50.29.104 ASN #39495 Xelya SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:58 Last Seen2024-04-29 05:22:08 Times Seen981 Hash db8216e217de9a14420fa187142b00b5 50f9fdaa34b7caa061db879baa23a7d75f048e9e ebc3102ee92075887df69ec8c18ca2c24015e728566d302598a63c06697754ed Loading...

HTTP Transactions (6)

URL IP Response Size

webmail.xelya.io/owa/

194.50.29.104

218 B

URL
webmail.xelya.io/owa/
IP
194.50.29.104:0
ASN
#39495 Xelya SAS

File type
HTML document, ASCII text, with CRLF line terminators
Size
218 B (218 bytes)
Hash
156446c782f0a4cd4fd7fe056cb98552
39f2c08b23905837bbe7b362ee7e2d9718b13fdd
467baafdae26994a03a61756ba13cc524d5b8b92c14966b95dea21021850e7aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/ HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
location: https://webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
server: Microsoft-IIS/10.0
request-id: 1a946b99-c179-4735-aa0e-f33e16f9667b
x-owa-version: 15.1.2507.37
x-powered-by: ASP.NET
x-feserver: FR-TH2-MBX11
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 218

webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0

194.50.29.104

28 kB

URL
webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
IP
194.50.29.104:0
ASN
#39495 Xelya SAS

File type
HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Size
28 kB (27978 bytes)
Hash
3c019467ec484f071108cc928f9fadde
fd220adc23676f11df1241748aca7eeb9b0458f4
7393335dc65c66f8b7463877592b8a030a05d06a07d25398e76f5e042758f7d4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0 HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: de860af3-7948-477a-a3bc-84d2971f7f10
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 27978

webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f

194.50.29.104

200 OK

60 kB

URL User Request GET HTTP/1.1
webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
IP
194.50.29.104:443
ASN
#39495 Xelya SAS

Certificate
IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (11614), with CRLF, LF line terminators
Size
60 kB (59981 bytes)
Hash
3d336b7f3a1e4cec2ab88b138dc62a73
ffa5b23b9813e018f773a08056014f14d9d6c6b6
180f085a8bc505b4942cf3524699164ceccb5b73ddb5f8e183e98ae9ecfc4b43

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: db2d281d-bc00-4791-b725-57646ded3a35
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 59981

webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf

194.50.29.104

200 OK

57 kB

URL GET HTTP/1.1
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
IP
194.50.29.104:443
ASN
#39495 Xelya SAS

Requested by
https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate
IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT

File type
TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Size
57 kB (56760 bytes)
Hash
8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:39:34 GMT
accept-ranges: bytes
etag: "017f650683cd81:0"
server: Microsoft-IIS/10.0
request-id: 55451349-fe59-4dae-be68-8690719c43df
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 56760

webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf

194.50.29.104

200 OK

42 kB

URL GET HTTP/1.1
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
IP
194.50.29.104:443
ASN
#39495 Xelya SAS

Requested by
https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate
IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT

File type
TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Size
42 kB (41560 bytes)
Hash
6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:41:26 GMT
accept-ranges: bytes
etag: "0efb793683cd81:0"
server: Microsoft-IIS/10.0
request-id: 25fc791a-d60a-4f41-a508-82d81733d65b
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 41560

webmail.xelya.io/owa/auth/15.1.2507/themes/resources/favicon.ico

194.50.29.104

200 OK

7.9 kB

URL GET HTTP/1.1
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/favicon.ico
IP
194.50.29.104:443
ASN
#39495 Xelya SAS

Requested by
https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate
IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Size
7.9 kB (7886 bytes)
Hash
759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: image/x-icon
last-modified: Sat, 26 Mar 2022 18:40:39 GMT
accept-ranges: bytes
etag: "806d40fd4041d81:0"
server: Microsoft-IIS/10.0
request-id: b91779e1-fb57-40d5-9422-dc51202afd52
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 7886

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN