Report - correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331

Report Overview

Visited public
2025-03-13 04:27:34
Tags
microsoft phishing
URL
correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Finishing URL
correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
IP / ASN
212.81.174.167
#3262 SAREnet, S.A.
Title
Outlook Web App
Phishing - Microsoft

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
correo.osakidetza.net	unknown	1996-12-06	2016-03-20	2025-03-13	10 kB	58 kB	77.228.139.167

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1	ScriptElement	512 B	2023-03-07	2025-05-09
Pretty URL correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1 IP 77.228.139.167 ASN #12430 Vodafone Spain Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:19 Last Seen2025-05-09 04:00 Times Seen451 Hash c70b1fd16daf4535e1c4ab0fcec832e1 149c457f2182400601fe428f9caf3c53ac45c463 2742d10a8b4b670a85f87dd11eabfa3e0045c9e87eb12b8cc672c0bfed3caeae Loading...

	correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1	EventHandler	23 B	2023-04-19	2025-05-09
Pretty URL correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1 IP 77.228.139.167 ASN #12430 Vodafone Spain Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-19 02:35 Last Seen2025-05-09 04:00 Times Seen768 Hash 054e877d2edf41b70598e6376d4f66d8 b8bacd603f7a40260d6755e5ef7d873f65a452bd ac05721c88cde9f5041a4722d1f86b6971985645817b1d4a05444c4e78036e0f Loading...

	correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=flogon.js	ScriptElement	17 kB	2023-03-07	2025-05-09
Pretty URL correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=flogon.js IP 77.228.139.167 ASN #12430 Vodafone Spain Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:12 Last Seen2025-05-09 04:00 Times Seen244 Hash f26366035bb6bcd3d966bc497df05d8c 4536c3e8ffd066f3c7cc57095285dccd9b1785f9 d87ecfce8a144ca47d88ccf59b11da2cc8813e1aaa2e8d3c79150cbfe4dcd053 Loading...

HTTP Transactions (14)

URL IP Response Size

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif

77.228.139.167

200 OK

61 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 22 x 22
Size
61 B (61 bytes)
Hash
873c522598fb6da9f70d5dde7ccf6213
c09fdcf5e3933b8efdae4505825e786462cdad51
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnexlogo.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 61
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=favicon.ico

77.228.139.167

200 OK

1.2 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=favicon.ico
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
738c26ac73a5817089c30ef2da9a707e
8832d1f0830554f33c62df6f52814410ef950f88
ee6a7f6889908066f36944f85661471d18eb93fa8577e7a719f3ad4b867cf381

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=favicon.ico HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 1150
Content-Type: image/x-icon
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css

77.228.139.167

200 OK

3.7 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
ASCII text, with very long lines (4436), with no line terminators
Size
3.7 kB (3746 bytes)
Hash
9b2012ab567bcda019e83aaf6f07049d
85da76c650c9c22afbb9ef0ea2bf4fb270e37798
99e4e97ba8320d9d703c5a97c951f5e6c4688db9f074a09816265892a363d8ca

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=logon_style.css HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/css
Cache-control: max-age=604800
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=owafont.css

77.228.139.167

200 OK

5.3 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=owafont.css
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
ASCII text, with very long lines (5894), with no line terminators
Size
5.3 kB (5252 bytes)
Hash
2aa2a7a7a285bde3fcceba19e0bd7092
21da6d71f4ad48efd8e45ed89caf05855b32936b
8d119eb33b14b6dba0fdc2f8a35d0ccb384dd05282d0d152f0cf698914d7c90e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=owafont.css HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/css
Cache-control: max-age=604800
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif

77.228.139.167

200 OK

581 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 45 x 115
Size
581 B (581 bytes)
Hash
031bed6f568fbddddf550a97400b273f
69342ba98b1a924ea4f984f5ef6b244ba0177cb3
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopr.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 581
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif

77.228.139.167

200 OK

290 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 15 x 200
Size
290 B (290 bytes)
Hash
baf34665612f4d59f7cfc06ea82da21d
2c8cf5f76499e66d609ddaac026720ef28078421
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnleft.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 290
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif

77.228.139.167

200 OK

306 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 15 x 200
Size
306 B (306 bytes)
Hash
391603f1faee60db855bd11650dbbf72
9728452459447efcc7c453c2150139839fa174bc
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnright.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 306
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1

77.228.139.167

200 OK

11 kB

URL User Request GET
correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
HTML document, ASCII text, with very long lines (470), with CRLF line terminators
Size
11 kB (10937 bytes)
Hash
4b12d8689928cd46f2f4dfae799b8c02
91d54e20439e273774af3a37a9583bee7aef9971
342b599e59c71f370922b279ebd66ac7f6e5831cdba97300fd16a77e4de68cad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1 HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html
Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif

77.228.139.167

200 OK

4.5 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 456 x 115
Size
4.5 kB (4455 bytes)
Hash
6ae33a65d15f6bb5113e066fca7fa73a
fa8477f0eaed3ade4a217e91133ba37242be0c19
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopl.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 4455
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif

77.228.139.167

200 OK

58 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 1 x 115
Size
58 B (58 bytes)
Hash
0615717b3645a8573f07347cdb74d69f
b707c5a9ede57d3232138ed7ccdb0b4ee9e56043
9d894a6800fd18d20423c66066097b9653be9eb3796f6a0e216dca220c45d6d6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgntopm.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 58
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=flogon.js

77.228.139.167

200 OK

17 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=flogon.js
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
ASCII text, with CRLF line terminators
Size
17 kB (17405 bytes)
Hash
f26366035bb6bcd3d966bc497df05d8c
4536c3e8ffd066f3c7cc57095285dccd9b1785f9
d87ecfce8a144ca47d88ccf59b11da2cc8813e1aaa2e8d3c79150cbfe4dcd053

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=flogon.js HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 17405
Content-Type: application/x-javascript
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif

77.228.139.167

200 OK

9.3 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 456 x 54
Size
9.3 kB (9311 bytes)
Hash
e0a2c263c6745f251720fe0876d140c4
51b2196c6b10b8c6443e4f91b4c6281134755f33
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotl.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 9311
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif

77.228.139.167

200 OK

2.4 kB

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 45 x 54
Size
2.4 kB (2392 bytes)
Hash
43b7c46b32691aa778c5e49d139db8f5
e72b87c696eed81b71b853ce245a30377dce205e
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotr.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 2392
Content-Type: image/gif
Cache-control: max-age=604800

correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif

77.228.139.167

200 OK

276 B

URL GET
correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif
IP
77.228.139.167:443
ASN
#12430 Vodafone Spain

Requested by
https://correo.osakidetza.net/CookieAuth.dll?GetLogon?curl=Z2FowaZ2FZ3FaeZ3DItemZ26tZ3DIPM.NoteZ26aZ3DNewZ26toZ3DZ252foZ253dOsakidetzaZ252fouZ253dExchangeZ2520AdministrativeZ2520GroupZ2520Z28FYDIBOHF23SPDLTZ29Z252fcnZ253dRecipientsZ252fcnZ253dCARLOSZ2520VALDAZ5AOZ2520MARTINe8cZ26nmZ3DCARLOSZ2520VALDAZ5AOZ2520MARTINZ26aoZ3D2Z26pspidZ3D_1658081760331_1191&reason=0&formdir=1
Certificate
IssuerIZENPE S.A.
Subject*.osakidetza.net
Fingerprint53:F2:B0:90:9D:FA:16:55:B7:8E:8A:38:30:49:43:3A:D5:F3:4E:83
ValidityWed, 22 May 2024 13:56:18 GMT - Sat, 21 Jun 2025 13:56:18 GMT

File type
GIF image data, version 89a, 1 x 54
Size
276 B (276 bytes)
Hash
704330b6d293ce2d32780739218696b9
6ebd408ff617f5317595121191a92bd9ba69a01f
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft

HTTP Headers

GET /CookieAuth.dll?GetPic?formdir=1&image=lgnbotm.gif HTTP/1.1
Host: correo.osakidetza.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://correo.osakidetza.net/CookieAuth.dll?GetPic?formdir=1&image=logon_style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Connection: close
Content-Length: 276
Content-Type: image/gif
Cache-control: max-age=604800

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type