xtractrenew.z13.web.core.windows.net/
20.60.135.193200 OK 23 kB URL User Request GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Hash 2173468ceea92c6cdc1a014dc0c9dfb3
690b321161b25c9f37011c7f89ae8ec4d9d571e6
d0971367dcde56e5da0d2de92a8805e927cfd6dd8998dec32d41f3f2b6a00168
Analyzer Verdict Alert urlquery phishing Phishing - Generic phishing
openphish Bell Canada
GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4a720-901e-0037-3c40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
104.17.25.14200 OK 6.2 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP 104.17.25.14:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT
File type ASCII text, with very long lines (19015)
Hash 70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3302839
expires: Fri, 24 May 2024 23:55:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Y9s%2B3UgstuNaq8JcnMEzyGXe4ABUhLlG0O5DAXnzo3Dg6RaCjgIzPp%2BfLJg9vnduYIpAEhLjFDhp8ioYL9rXfdWLI8jUWR43VNo4fervWLJN50tvZ5hvFmm3gucrbb8um5ecVNC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d241bbecc9db509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.2.1.slim.min.js
69.16.175.10200 OK 24 kB URL GET HTTP/2 code.jquery.com/jquery-3.2.1.slim.min.js
IP 69.16.175.10:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (32012)
Hash 5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685922943.dop018.sk1.t,1685922943.cds026.sk1.hn,1685922943.cds235.sk1.c
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
216.58.207.228200 OK 580 B URL GET HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 216.58.207.228:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintA8:95:C3:CB:D6:3F:BC:0A:7D:FF:36:72:5E:2F:56:26:9F:EB:77:0E
ValidityFri, 19 May 2023 12:58:13 GMT - Fri, 11 Aug 2023 12:58:12 GMT
File type ASCII text, with very long lines (909), with no line terminators
Hash ee67586e6e3cc98f18400d50cfdc7363
c4b4daaeb376bc86eccd1b80277f446ac6955601
9fa5995780938aabbcef6cedccdfaa126fbe68eda0859281386dc2879b0dd2d6
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Sun, 04 Jun 2023 23:55:43 GMT
date: Sun, 04 Jun 2023 23:55:43 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
142.250.74.170200 OK 30 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP 142.250.74.170:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 12:31:43 GMT
expires: Fri, 31 May 2024 12:31:43 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 300240
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xtractrenew.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q
20.60.135.193404 The requested content does not exist. 321 B URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Hash 134fd2b50282d442ece1c29034104cf1
300f8f5c8d4f71cdc8c07a58da974dca58cec85e
07afcd4d16dabdc28d67499fd10c7b07466253034b332bccc4e0ca3728f49962
Analyzer Verdict Alert openphish Bell Canada
GET /static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a811-901e-0037-2040-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT
xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
20.60.135.193404 The requested content does not exist. 321 B URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Hash 28663d01cbfc51febe57f7a625758e07
60ba953df1dda44159f0c4eb0dc31c0b4febf3f8
2f27e883cc9b7c8577b916d397ea3f5fd26193646f258163a29f172ce245001f
Analyzer Verdict Alert openphish Bell Canada
GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a864-901e-0037-6d40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT
xtractrenew.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8
20.60.135.193404 The requested content does not exist. 321 B URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Hash a57ae0770ec8d8a8b93ebbbc938347d5
77ffa34e9b94a346006cb72da659d285ecfb3dcd
f7c443f4e00b7575e1d6df5ba0adc964bb6e7c5ac196f42397c69166de242f23
Analyzer Verdict Alert openphish Bell Canada
GET /ux/localization.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a90e-901e-0037-0840-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT
xtractrenew.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8
20.60.135.193404 The requested content does not exist. 321 B URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Hash 8ec908e9726c13729940d585a6cdf836
8d3b223ccae022ea19a0c4fde955989bc7f0e709
2e3f3669940c1dd1b45821249e77c60e14f0464b895a03a523bb50bce47e4494
Analyzer Verdict Alert openphish Bell Canada
GET /ux/UXConfig.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: e369db4d-a01e-002c-0d40-971c29000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
104.18.11.207200 OK 14 kB URL GET HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP 104.18.11.207:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (48664)
Hash 14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 4ab4a8ce4f740f06dc6fc6caea9cf230
cdn-cache: HIT
cf-cache-status: HIT
age: 60290
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d241bbefd8db4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
webmail.bell.net/bell/login/css/login.css
209.71.212.18200 2.3 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/css/login.css
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (305), with CRLF line terminators
Hash b2a72fe3696b22d1d024aca6a8c48036
d6c9d63f57589ef3a1b2d6974882abefab534996
e5cfaa79c2e7ceebd28f0743bee907a9659aa64257c61d3276002099ff87d0c4
GET /bell/login/css/login.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"2288-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 2288
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!k5Wfway9KchN9RmKjod15JPsKvsaUjwDGmxWVB2DQaS3vIBECQ5M2eQmruaVKrwUe3XDsg3GkvUJkhlWGoXTAVQVA5y/+lJfZLjo7Q+L4e4Djw==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/css/bell_prime_mod.css
209.71.212.18200 12 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/css/bell_prime_mod.css
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with CRLF line terminators
Hash 858d8fc28e05148b1af4bcd6a011409e
af9389b926e99dc52bff5aa64b23e4f82fa710b8
f7ed0fe3268f25fa30c600f83207f34963b4cecea90170f3f48c070662626839
GET /bell/login/css/bell_prime_mod.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"11957-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 11957
Date: Sun, 04 Jun 2023 23:55:44 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!fv60r7zHLJh8HnxEUwqVUcceXQbKqemCDQMeGfEDYFoPfvTkXG36WiPygT+AGC5JesLb1F4LApzlYWTeTq7hGBRh6RkZ4MQTjn0oIdzJz0VUAA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell.connector-rui.css
209.71.212.18200 96 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell.connector-rui.css
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type assembler source, ASCII text, with very long lines (379), with CRLF line terminators
Hash d7cf083ecd7bdc3e5814a5c8ea510d9f
0c2be17d3281569c1ea7a2291c41f3c69dbe4f01
219d913d55643e64cc00af92f3edfa4a125603cfcf5ebaa68f601c9fdea0d190
GET /bell/header/css/bell.connector-rui.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"96334-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 96334
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!0yYFO7iukJKlGG51X38/VDhJ/s0IP64Wo+icl/GF3QzCpBC72+aY+g9eYS3PcV/DB5SNrjeooMn3aOv+O7oka/Yjwsx7g+T7FCpHK4XFeD+3lg==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/js/jquery-3.5.1.min.js
209.71.212.18200 90 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/js/jquery-3.5.1.min.js
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash b61aa6e2d68d21b3546b5b418bf0e9c3
9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
GET /bell/login/js/jquery-3.5.1.min.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"89478-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 89478
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!bK3NoTJMsn4q43OKjod15JPsKvsaUmGi8NO8j3f1y2M3Egba0y41C+hqkrRIeBMlFUMm4uRFagCIT3/lKKyp2qFw/03MU7T412jzOEQG/QodVA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/css/flush.css
209.71.212.18200 84 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/css/flush.css
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (65348), with CRLF line terminators
Hash 425b6e1032251ddb65c460512364ebc5
b039d06c59bf683a63d256898c30a2c84decd1f1
752a2fd980c99dcabae0aa552cd99fe9794cdf49febea1ee1c90319990b6566c
GET /bell/login/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83485-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83485
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!rQE5SEgFkezME7t1X38/VDhJ/s0IPwmLZRHjSbxl+2xLd+6VrPOeWo6NEWNzxV/+2If3E+mnMINbY/WrcnN+U7Tm/2UAH+SxCfwTH7cIMVW+EQ==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
142.250.74.35404 Not Found 1.6 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548
GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:45 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8
209.71.212.18200 1.8 MB URL GET HTTP/1.1 webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type Unicode text, UTF-8 text, with very long lines (1519)
Size 1.8 MB (1849088 bytes)
Hash f779ea15bd3f9c6856eed9a7b5cef5c9
eae7f309e932ba0618627e3d77d8ecb953a9108b
5a2b976e853b3b0b1f2e8da24b41a5abdf23a8ef2ac6bbfb93beb4195c7b7c0f
GET /bell/ux/ux.css?v=3.1.3.28.1-8 HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"1849088-1682648909000"
Last-Modified: Fri, 28 Apr 2023 02:28:29 GMT
Content-Type: text/css
Content-Length: 1849088
Date: Sun, 04 Jun 2023 23:55:44 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Son0EBYzg8UBm6tEUwqVUcceXQbKqW+1EIWgEgWlwwPPrbr6HsyBSahvZnCSSdflQwradsZIMNNc+xpmab5fiJqrUCuk2jQpQYlTWtW948yZIA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store
xtractrenew.z13.web.core.windows.net/
20.60.135.193200 OK 23 kB URL User Request GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Hash 2173468ceea92c6cdc1a014dc0c9dfb3
690b321161b25c9f37011c7f89ae8ec4d9d571e6
d0971367dcde56e5da0d2de92a8805e927cfd6dd8998dec32d41f3f2b6a00168
Analyzer Verdict Alert urlquery phishing Phishing - Generic phishing
openphish Bell Canada
GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4ae1d-901e-0037-5b40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT
webmail.bell.net/bell/header/img/favicon.ico
209.71.212.18200 5.4 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/img/favicon.ico
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 71e639807dd6f7bd6d9382624b837574
2a6afcb240f07f37794e1d9c34dbe5d673c738b4
5c82b38e75516678c187c1cb7003482cffd310bf384207ea539ced9af87d6d92
GET /bell/header/img/favicon.ico HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5430-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/x-icon
Content-Length: 5430
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!eY5Vg7HN1xX4/Cp1X38/VDhJ/s0IP7+mo95f5wUHCRNr/4w+dbi+rkyUWQ2wMqJIb8Ch5KRKGmxnKm7MCziEgscQer7LGVusIir7Wc4QQtsF2w==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
20.60.135.193404 The requested content does not exist. 321 B URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Hash 5b865773c52f264e39d894c4b696a692
3e4086fc194ee1302ff468c56b9ae15b68bf21bc
815e07ac5ac9dc64895c138d5e0f6cff05ea79eab4f7f97e72f29637cfaf9441
Analyzer Verdict Alert openphish Bell Canada
GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4ae8c-901e-0037-4840-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT
fonts.googleapis.com/css?family=NTR&display=swap
142.250.74.74200 OK 379 B URL GET HTTP/2 fonts.googleapis.com/css?family=NTR&display=swap
IP 142.250.74.74:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type gzip compressed data, max compression\012- data
Hash 1b294a78a39059d694937708f4f57a8f
83069a6c5750eae59fb67b7058af549ceef37446
c3afd317b5981ef6f1c07269da5da59ce9d82b4a849dbba2fd5893fa4f4c3835
GET /css?family=NTR&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 23:55:46 GMT
date: Sun, 04 Jun 2023 23:55:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
webmail.bell.net/bell/login/img/bg_gradRibbon.gif
209.71.212.18200 227 B URL GET HTTP/1.1 webmail.bell.net/bell/login/img/bg_gradRibbon.gif
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type GIF image data, version 89a, 1 x 800\012- data
Hash c8caa40d55e69e4109c79e2110ee7fe0
9333a2d29161f6ac95a0dea68bbbd9adcdd968cb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592
GET /bell/login/img/bg_gradRibbon.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"227-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 227
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!i4bnIU2lU5iU4NJ1X38/VDhJ/s0IPzSgnAZG6Roi3v2U0oOQnYlrPFbGI6JEt7FCCKlYsd2dIq7tte0Z2gzHCOcIXp5ZdVGMzC7ySpeATEpccA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/img/bg_cBoxExtra.png
209.71.212.18200 811 B URL GET HTTP/1.1 webmail.bell.net/bell/login/img/bg_cBoxExtra.png
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type PNG image data, 1050 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 12ad0db519b84a4856fd00ecd76f8a21
3b5d2057841adcb928100f00843d5e2f163037a3
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00
GET /bell/login/img/bg_cBoxExtra.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"811-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 811
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!wsCsd7SwwtQHF8mKjod15JPsKvsaUn6MVIy/sUwFOqptRoyEO/7WJHe32J8VjmSpMOGSREL41le6L8Qzs8KfhtxquCYrwlySRjdtRqoXK4O9bA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/img/bg_mainExtra.gif
209.71.212.18200 493 B URL GET HTTP/1.1 webmail.bell.net/bell/login/img/bg_mainExtra.gif
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type GIF image data, version 89a, 975 x 13\012- data
Hash bb78fc14f637ca27ac6cb6d6671ea294
a6b72cd3feca0cefbde05f9161a1f533bad2895e
b42ec6173d78f4ed24a22cce44c8321afeebefec5fbe97e49deec25cce73bf98
GET /bell/login/img/bg_mainExtra.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"493-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 493
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!ZFGML2H+z2OXynV1X38/VDhJ/s0IPwe1d0lMNR0lUc3NboJy53dcmvBVSd14t+hCkO6NcpIfAbstYt+Q8wJqYdEKwH5BgqcK4f7poeGgTjgQtQ==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
216.58.207.228200 OK 1.2 kB URL GET HTTP/3 www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
IP 216.58.207.228:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash cd3669b65e8bcff4ec6756ab8cb992f5
4a030c1b9c7986560cc3b98aa813966881acd773
70f770dc7daa1b76775c3d24a86fcc239ee0f53233d27692ce82431e64ed06e1
GET /recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Jun 2023 23:55:46 GMT
content-security-policy: script-src 'nonce-I7GK9Ml2-CbPBlaLhSCgMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1157
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js
142.250.74.35200 OK 166 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type ASCII text, with very long lines (749)
Size 166 kB (166186 bytes)
Hash ee07ba65373413be83ec0d45887c2a44
13646acedb5d781fed2599c46634b4e58b8217db
d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048
GET /recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 13:34:38 GMT
expires: Fri, 31 May 2024 13:34:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 30 May 2023 00:01:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 296468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
142.250.74.35404 Not Found 1.6 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
IP 142.250.74.35:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash 74f920b2d198dc352519f4082ecc0837
36a173239a76f25567778cafcf60bce9a0a67d87
b0ffb1f4c9c0fe3878c75531f2b4e2fc0f2c3f8e26b35f04880625120c3dae8d
GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
142.250.74.35404 Not Found 1.6 kB URL GET HTTP/3 www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP 142.250.74.35:443
Requested by https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Hash e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548
GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ebiller.z13.web.core.windows.net/
52.239.170.33200 OK 7.4 kB URL GET HTTP/1.1 ebiller.z13.web.core.windows.net/
IP 52.239.170.33:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint13:61:0C:95:DD:B7:35:22:1D:4E:FB:4E:F8:38:3C:4D:F8:09:40:7B
ValidityWed, 22 Mar 2023 00:18:32 GMT - Fri, 22 Mar 2024 00:18:32 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3546), with CRLF line terminators
Hash 34af9e91706380f1ac3de96af17384b8
5662106a716fef9771fa8b5cccbc62e699b97461
f20f1deea159d245f00bcc89df9ca7290a92465a044728c0f21f6ebf8e38cba6
GET / HTTP/1.1
Host: ebiller.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 7395
Content-Type: text/html
Content-MD5: NK+ekXBjgPGsPelq8XOEuA==
Last-Modified: Thu, 16 Mar 2023 16:13:22 GMT
Accept-Ranges: bytes
ETag: "0x8DB26395D4AA64C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2779888a-601e-001f-1c40-976c6b000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:46 GMT
webmail.bell.net/bell/header/css/header.css
209.71.212.18200 5.8 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/header.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with CRLF line terminators
Hash 77fc8ab4fb59d1143bddce1252c83794
e0fb745274ca9a83bd5d64d7cfc20dc8e240c056
14e72a142eec1c65433ecb350e38c51798b6e01a37f237c023e5e5bff168f0c1
GET /bell/header/css/header.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5781-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 5781
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!LGZJVJFWaKaKJHtEUwqVUcceXQbKqfYKi/nOzgWGKZ0idm4Bku2OQjuY56kMNWidxBOiJz75mtAGQ5fvNjLbURRq/8dx37jirsCccaRaZMVNIw==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/js/header.js
209.71.212.18200 8.5 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/js/header.js
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with CRLF line terminators
Hash 1201ba2ad5dce59bcf0592bbd7fa5c7f
de68c17b134a7eca60000ca59ec2a7ed71e72e8d
9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b
GET /bell/header/js/header.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"8489-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 8489
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!QSBDEdWHpt43JZd1X38/VDhJ/s0IPxfAKVZ7Vyb8tqqPqAcSNOUHpgtQsbRmxFcP0KNgnmiSmOGZKp2UID921UzpW0nRV8m+XXFyZ8Je92ItGg==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell.myBell.core.css
209.71.212.18200 32 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell.myBell.core.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (482), with CRLF line terminators
Hash ab346f9b0aa4486e099268f98aac64ee
0e193cba17e823936a39053c7295533599a65af7
d3e85b8c519c92d5c82e4e1b89a0e3464c9d5b2d4a82695d8cd8827329d921a1
GET /bell/header/css/bell.myBell.core.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"31939-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 31939
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!q6LaKG2yW2+iCSZ1X38/VDhJ/s0IPwFtpsOBuAq45mWoV2i7ny2Pv+BcdpV25o3L9kUH5YF4k0UVbMeJ9RPuoCOrzfWEyq3ovNGOFCfzvOU1lA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/flush.css
209.71.212.18200 83 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/flush.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (65348), with CRLF line terminators
Hash 0f60835165193685b3f67824b0ddbfc3
f74bc0e2d6d4cd24d45ae34b9c3e8f402c160164
7e5465fea0c74f1a06e035893dfd0fe6c16a0c734c764f775e669682ae4fca4a
GET /bell/header/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83220-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83220
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!26OP1W62T/fdwzqKjod15JPsKvsaUqfMEtgN6ft4Wk11lMQGj/ijMEi85rA5Pi9U7hzYmCfqxO/YSTM8rPx0kYGE/2lzQbv3WjStxYjtvqEbVQ==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell_prime.css
209.71.212.18200 74 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell_prime.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (426), with CRLF line terminators
Hash 33c8a043c81f25d4266725e03d30edb6
a0c3c1442f617e4944b49c4e1b962316b86d8581
e37b11690600f7bcba340bdda3e347656b4a52ef532392ff076b26a7e785e1a2
GET /bell/header/css/bell_prime.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"73599-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 73599
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!12IITRg67sRJXXlEUwqVUcceXQbKqbEQlLMFI0WpLeqfzoyjO4EH2fWk0JkKvt/5TLH/pA1hnFK/fxlJicqsZJdpARUX/HPGsQhEVGZ+dTGztA==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff
209.71.212.18200 28 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type Web Open Font Format, TrueType, length 26676, version 1.0\012- data
Hash 9f56626dc884196325f86c85db54fc99
028bdd2a6efdaca7dc40213683e89d8494dca887
b700b624d0b8c501b76cc4418dfabadfada8fc8b7b646da4f27fbaf4401d17a0
GET /bell/login/font/bellslim_semibold-webfont.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"26676-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/woff
Content-Length: 26676
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!5V8qtzgHlNnoWjWKjod15JPsKvsaUjqBqVLgCpBcQWYgHglIPUqykdLUiB5XlJjMJI5S0DhAbfZ71hEJamvgPhrwzy/CSTzMjtVDPhPGgqrICA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell_master_a.css
209.71.212.18200 110 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell_master_a.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (338), with CRLF line terminators
Size 110 kB (110483 bytes)
Hash adb1d4cac1dd7af9b6ad2e35116765d5
376c7517be00d4cbad201157f121339fdb221e19
4c7a96357059b132cedc58b1bac711127f2f8fc5f2b7768b9e13a696f758b9de
GET /bell/header/css/bell_master_a.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"110483-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 110483
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!wNGik+X/30vpOIV1X38/VDhJ/s0IPy/mVeTRJgFdlPHOmCFfSk3jZMJlsc8ZjGaOjkbHLj/foMOWPfo9NUwLyQiz5rK9HEeb1NU2hZRcY9OV6g==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell_master.css
209.71.212.18200 153 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell_master.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (466), with CRLF line terminators
Size 153 kB (153090 bytes)
Hash f1375ffc988dbdfd4dfcc3b57360dd83
1876a7b83425eca4bf61bcb2349994e47fa9dd8c
27f935f11d6d8196622ac0144bfdb36815277977b4a9b9f74d2c1644caca990c
GET /bell/header/css/bell_master.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"153090-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 153090
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Whf4QHc0dAOfLwl1X38/VDhJ/s0IP3uR5OYWS9eRkDX79aaRKoZNOZwSUPGUod/AnnA+RiasDRwJlkV4T/BzxvhKPDrIYobJqhyABdXbfkUlww==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/bell.connector.css
209.71.212.18200 142 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/bell.connector.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (379), with CRLF line terminators
Size 142 kB (142518 bytes)
Hash 60afd7252434863601e228e354eb2781
46cb2eb033519c060bb4a7eb994abeaf8513e37d
beb19ccd981b1b2219adf7a8b5c0108825dc1222b33e8fdadcaa7ef68b0d6a3c
GET /bell/header/css/bell.connector.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"142518-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 142518
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!O1zEpT6h8jVv1x1EUwqVUcceXQbKqU8YqocLdwn4q4bTVxDdQA9txYkl3lU3GIpqhx8PZv0ULOtIXM8Q/n0avZpdA5VkHG63R1vl4dJzDRjICw==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/img/bg_iconSprite.png
209.71.212.18200 103 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/img/bg_iconSprite.png
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type PNG image data, 635 x 311, 8-bit/color RGBA, non-interlaced\012- data
Size 103 kB (102729 bytes)
Hash b57802d1e1438ee085728b93e8588d56
837684b7ff84da66972f2253564be2f9a9503c4c
21e39e30e42373a43a58733e1e5e589f042ab79c36fd48e890d00d2cb5979e84
GET /bell/header/img/bg_iconSprite.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.connector.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"102729-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 102729
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!6Eteoj+vjS90Ac5EUwqVUcceXQbKqUmNichmnN11/8bXx62EwT/aZeimjCflmNGfZALysxwPO6OcAFZjbDOLl9hY6PYYYChRhtifm+LV1LgGeQ==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/img/bg_transparent.gif
209.71.212.18200 43 B URL GET HTTP/1.1 webmail.bell.net/bell/login/img/bg_transparent.gif
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /bell/login/img/bg_transparent.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"43-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Y28qhaKc44UjNx9EUwqVUcceXQbKqWUjsXme9uI4vTaOIIrvS046sM1ptEDV0UzXdYMHgrc4gcmp3ZFKDG5uO8ae1sOdrYpUsfqCEi+e5OXwDA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/ux/font/fontello.ttf
209.71.212.18200 13 kB URL GET HTTP/1.1 webmail.bell.net/bell/ux/font/fontello.ttf
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type TrueType Font data, 15 tables, 1st "GSUB"\012- data
Hash 1cc7ccd253fbfa847849f7b330a61c65
70bea37108d0ad6810f7a17c276b3f73b5e6fae0
176ba26504f702e2e232cc0d1768b567750b11e79a41ca6643faf34deaef19d7
GET /bell/ux/font/fontello.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"71236-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/ttf
Content-Length: 71236
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!mF1vCmEVYYh56Pl1X38/VDhJ/s0IP0AaPFJvrQg54GM7jkIay8gJiCV4oVxIdtpAy3rUTFWywdFzJ80omP3JANglE3GLmpe3J768D99MN/IwMg==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/header/css/jquery-ui.custom.css
209.71.212.18200 15 kB URL GET HTTP/1.1 webmail.bell.net/bell/header/css/jquery-ui.custom.css
IP 209.71.212.18:443
Requested by https://ebiller.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type ASCII text, with very long lines (1398), with CRLF line terminators
Hash 086f28b5548ea46cb27b98a5444d4681
1267603b3aae6ac49c50c0e9a60d550cf5042b09
9f0e9989236ae195a552662370ecde07998665e8e8a8c89c9e9995a3f64f2b9f
GET /bell/header/css/jquery-ui.custom.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"14804-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 14804
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!MKjm8MSeosZEbEKKjod15JPsKvsaUvSFPlw519HMSRx5I4bJFlVv7F6eCz7qM68Uo66Jlxn+FBirpAapjZmn+qrx6LpiJbKIx8mLuKCU93bBPw==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
104.18.10.207200 OK 51 kB URL GET HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP 104.18.10.207:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (50758)
Hash 67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 28966791
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d241bbefcbbb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
webmail.bell.net/bell/ux/font/fontello.woff
209.71.212.18200 14 kB URL GET HTTP/1.1 webmail.bell.net/bell/ux/font/fontello.woff
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type Web Open Font Format, TrueType, length 41232, version 1.0\012- data
Hash 6bf1ddf0854b7a3d4765726e2c18bddd
00e96103a59d6de0af77440105903dde909df3ab
10c3cd7614428b8100d4256158588ae208fdd6c004c08288aa937267db57d1b8
GET /bell/ux/font/fontello.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"41232-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/woff
Content-Length: 41232
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!l/YpE+7qMTM7ohB1X38/VDhJ/s0IPwGL8VkNkHVH26ATJ8iAsIrkP8sVrqZT3Qshzj+L6VEtQLHv5qc+xsxaJ5EZCLKABzafnABlPNjE4F9Kkg==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf
209.71.212.18200 14 kB URL GET HTTP/1.1 webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf
IP 209.71.212.18:443
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT
File type TrueType Font data, 18 tables, 1st "FFTM"\012- data
Hash 2a4dcb55326caf6a22cc5fb5f0978566
e2233433b41008e82482a8303cd65ca13e041f67
204b75cfdd0aaa69af4ddd3a65f8aaef3632c56e35749f49b2767b05b4cee712
GET /bell/login/font/bellslim_semibold-webfont.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"46512-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/ttf
Content-Length: 46512
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!5CHbYzGJ1ibOzYOKjod15JPsKvsaUidmT3+55Wk/le8BDf8PI5hDszm8N8GJtC+cQi9Hw3CyQjZw9hmS5lJKgBFgKEyOWqeWvcU2xziDqWNVMg==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store
xtractrenew.z13.web.core.windows.net/
20.60.135.193200 OK 23 kB URL GET HTTP/1.1 xtractrenew.z13.web.core.windows.net/
IP 20.60.135.193:443
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://xtractrenew.z13.web.core.windows.net/
Certificate IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Generic phishing
openphish Bell Canada
GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4ae1d-901e-0037-5b40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT