webmail.xelya.io/owa/
194.50.29.104 218 B IP 194.50.29.104:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 156446c782f0a4cd4fd7fe056cb98552
39f2c08b23905837bbe7b362ee7e2d9718b13fdd
467baafdae26994a03a61756ba13cc524d5b8b92c14966b95dea21021850e7aa
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/ HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
content-type: text/html; charset=utf-8
location: https://webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
server: Microsoft-IIS/10.0
request-id: 1a946b99-c179-4735-aa0e-f33e16f9667b
x-owa-version: 15.1.2507.37
x-powered-by: ASP.NET
x-feserver: FR-TH2-MBX11
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 218
webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
194.50.29.104 28 kB URL webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
IP 194.50.29.104:0
File type HTML document, ASCII text, with very long lines (1062), with CRLF, LF line terminators
Hash 3c019467ec484f071108cc928f9fadde
fd220adc23676f11df1241748aca7eeb9b0458f4
7393335dc65c66f8b7463877592b8a030a05d06a07d25398e76f5e042758f7d4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0 HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: de860af3-7948-477a-a3bc-84d2971f7f10
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 27978
webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
194.50.29.104200 OK 60 kB URL User Request GET HTTP/1.1 webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
IP 194.50.29.104:443
Certificate IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (11614), with CRLF, LF line terminators
Hash 3d336b7f3a1e4cec2ab88b138dc62a73
ffa5b23b9813e018f773a08056014f14d9d6c6b6
180f085a8bc505b4942cf3524699164ceccb5b73ddb5f8e183e98ae9ecfc4b43
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f&reason=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: no-cache, no-store
pragma: no-cache
content-type: text/html; charset=utf-8
expires: -1
server: Microsoft-IIS/10.0
request-id: db2d281d-bc00-4791-b725-57646ded3a35
x-frame-options: SAMEORIGIN
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 59981
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
194.50.29.104200 OK 57 kB URL GET HTTP/1.1 webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf
IP 194.50.29.104:443
Requested by https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT
File type TrueType Font data, 18 tables, 1st "LTSH", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI RegularVersion 0.81 Build 159S
Hash 8af990b6ad3ba192c2dd6a193890bf5f
4db5bf117ff8f1392fab3b438216d7cff4ae4976
c147c2ec76a8ab8bd5082f1f4d3f80a43c689165cb164cdd812e44048fe38708
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/segoeui-regular.ttf HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:39:34 GMT
accept-ranges: bytes
etag: "017f650683cd81:0"
server: Microsoft-IIS/10.0
request-id: 55451349-fe59-4dae-be68-8690719c43df
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 56760
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
194.50.29.104200 OK 42 kB URL GET HTTP/1.1 webmail.xelya.io/owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf
IP 194.50.29.104:443
Requested by https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT
File type TrueType Font data, 16 tables, 1st "OS/2", 11 names, Microsoft, language 0x409, � 2010 Microsoft Corporation. All Rights Reserved.RegularSegoe UI SemilightVersion 1.00 build 16
Hash 6c26c24aabe31040657665b1e0d9505c
b3bdc48643752665e3e5798a192b27432a87d234
2d508a6e8979bba74b6fdf804c01a09a620c781e0fea73a8eefda904f5bcab25
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/segoeui-semilight.ttf HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: application/octet-stream
last-modified: Sun, 20 Mar 2022 14:41:26 GMT
accept-ranges: bytes
etag: "0efb793683cd81:0"
server: Microsoft-IIS/10.0
request-id: 25fc791a-d60a-4f41-a508-82d81733d65b
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 41560
webmail.xelya.io/owa/auth/15.1.2507/themes/resources/favicon.ico
194.50.29.104200 OK 7.9 kB URL GET HTTP/1.1 webmail.xelya.io/owa/auth/15.1.2507/themes/resources/favicon.ico
IP 194.50.29.104:443
Requested by https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Certificate IssuerSectigo Limited
Subjectmail.xelya.io
Fingerprint19:E9:08:C4:ED:54:CD:8C:5D:4C:68:65:89:AD:2A:FB:70:08:7C:E8
ValidityWed, 07 Jun 2023 00:00:00 GMT - Thu, 06 Jun 2024 23:59:59 GMT
File type MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
Hash 759fade9033aa298629e4b000dcd6dde
34a1adf5c7326d7bde5b5735471b5d81e611c189
cf0808a61ec571e0c4975663903b288009d55502ac0445d9948983b339a5cf6e
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /owa/auth/15.1.2507/themes/resources/favicon.ico HTTP/1.1
Host: webmail.xelya.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.xelya.io/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fwebmail.xelya.io%2fowa%2f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
cache-control: public,max-age=2592000
content-type: image/x-icon
last-modified: Sat, 26 Mar 2022 18:40:39 GMT
accept-ranges: bytes
etag: "806d40fd4041d81:0"
server: Microsoft-IIS/10.0
request-id: b91779e1-fb57-40d5-9422-dc51202afd52
x-powered-by: ASP.NET
date: Wed, 17 Apr 2024 07:07:21 GMT
content-length: 7886