Report - xtractrenew.z13.web.core.windows.net/

Report Overview

Submitted URL
xtractrenew.z13.web.core.windows.net/
IP
20.60.135.193
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-06-04 23:56:02
Access
public
Website Title
Final URL
Tags
phishing
urlquery detections
Phishing - Generic phishing

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
16

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2023-06-04	1.1 kB	3.1 kB	216.58.207.228
webmail.bell.net	468451	1997-05-20	2014-10-10	2023-06-02	12 kB	3.0 MB	209.71.212.18
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-04	439 B	1.0 kB	142.250.74.74
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2023-06-04	461 B	52 kB	104.18.10.207
xtractrenew.z13.web.core.windows.net	unknown	unknown	No data	No data	3.8 kB	74 kB	20.60.135.193
code.jquery.com	634	2005-12-10	2012-05-21	2023-06-04	488 B	24 kB	69.16.175.10
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-06-04	453 B	31 kB	142.250.74.170
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2023-06-04	507 B	15 kB	104.18.11.207
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-06-04	2.0 kB	173 kB	142.250.74.35
ebiller.z13.web.core.windows.net	unknown	1995-08-10	2023-04-05	2023-06-02	542 B	7.8 kB	52.239.170.33
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-06-04	513 B	7.2 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/
2023-06-04	medium	xtractrenew.z13.web.core.windows.net/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit	909 B	2023-06-03	2023-06-09
Pretty URL www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 09:08:34 Last Seen2023-06-09 04:38:59 Times Seen48 Hash ee67586e6e3cc98f18400d50cfdc7363 c4b4daaeb376bc86eccd1b80277f446ac6955601 9fa5995780938aabbcef6cedccdfaa126fbe68eda0859281386dc2879b0dd2d6 Loading...

	www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY	0 B	2023-03-07	2024-04-24
Pretty URL www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY IP 216.58.207.228 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 06:51:52 Times Seen37033304 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	webmail.bell.net/bell/header/js/header.js	8.5 kB	2023-03-07	2023-11-14
Pretty URL webmail.bell.net/bell/header/js/header.js IP 209.71.212.18 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:24:54 Last Seen2023-11-14 19:40:59 Times Seen43 Hash 1201ba2ad5dce59bcf0592bbd7fa5c7f de68c17b134a7eca60000ca59ec2a7ed71e72e8d 9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-04-24
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-24 06:39:10 Times Seen111078 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-04-24
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 06:39:10 Times Seen383291 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-04-24
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-24 06:34:09 Times Seen243733 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	xtractrenew.z13.web.core.windows.net/	2.5 kB	2023-06-05	2023-06-05
Pretty URL xtractrenew.z13.web.core.windows.net/ IP 20.60.135.193 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 01:56:09 Last Seen2023-06-05 01:56:09 Times Seen1 Hash 02366fb443c90eee8ce83c16d42bdc79 1990267a47024eb074f70c23bcf5cfdd5274b7c2 cb42f01ba62da3f85c1ec03ee3cab8ff980d572af6b6af50ff8bf85ef8a2ea40 Loading...

	webmail.bell.net/bell/login/js/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-24
Pretty URL webmail.bell.net/bell/login/js/jquery-3.5.1.min.js IP 209.71.212.18 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-04-24 06:44:55 Times Seen14170 Hash b61aa6e2d68d21b3546b5b418bf0e9c3 9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7 f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	70 kB	2023-03-07	2024-04-24
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 69.16.175.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-04-24 06:39:10 Times Seen106028 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-24
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-24 06:39:10 Times Seen136384 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js	417 kB	2023-06-01	2023-06-15
Pretty URL www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 21:02:24 Last Seen2023-06-15 18:56:33 Times Seen6805 Hash ee07ba65373413be83ec0d45887c2a44 13646acedb5d781fed2599c46634b4e58b8217db d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048 Loading...

HTTP Transactions (46)

URL IP Response Size

xtractrenew.z13.web.core.windows.net/

20.60.135.193

200 OK

23 kB

URL User Request GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Size
23 kB (23341 bytes)
Hash
2173468ceea92c6cdc1a014dc0c9dfb3
690b321161b25c9f37011c7f89ae8ec4d9d571e6
d0971367dcde56e5da0d2de92a8805e927cfd6dd8998dec32d41f3f2b6a00168

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4a720-901e-0037-3c40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3302839
expires: Fri, 24 May 2024 23:55:43 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Y9s%2B3UgstuNaq8JcnMEzyGXe4ABUhLlG0O5DAXnzo3Dg6RaCjgIzPp%2BfLJg9vnduYIpAEhLjFDhp8ioYL9rXfdWLI8jUWR43VNo4fervWLJN50tvZ5hvFmm3gucrbb8um5ecVNC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d241bbecc9db509-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

69.16.175.10

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
69.16.175.10:443
ASN
#20446 STACKPATH-CDN

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685922943.dop018.sk1.t,1685922943.cds026.sk1.hn,1685922943.cds235.sk1.c
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

216.58.207.228

200 OK

580 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP
216.58.207.228:443
ASN
#15169 GOOGLE

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintA8:95:C3:CB:D6:3F:BC:0A:7D:FF:36:72:5E:2F:56:26:9F:EB:77:0E
ValidityFri, 19 May 2023 12:58:13 GMT - Fri, 11 Aug 2023 12:58:12 GMT

File type
ASCII text, with very long lines (909), with no line terminators
Size
580 B (580 bytes)
Hash
ee67586e6e3cc98f18400d50cfdc7363
c4b4daaeb376bc86eccd1b80277f446ac6955601
9fa5995780938aabbcef6cedccdfaa126fbe68eda0859281386dc2879b0dd2d6

HTTP Headers

GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Sun, 04 Jun 2023 23:55:43 GMT
date: Sun, 04 Jun 2023 23:55:43 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.74.170

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.74.170:443
ASN
#15169 GOOGLE

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 12:31:43 GMT
expires: Fri, 31 May 2024 12:31:43 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 300240
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

xtractrenew.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q

20.60.135.193

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
134fd2b50282d442ece1c29034104cf1
300f8f5c8d4f71cdc8c07a58da974dca58cec85e
07afcd4d16dabdc28d67499fd10c7b07466253034b332bccc4e0ca3728f49962

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a811-901e-0037-2040-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT

xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8

20.60.135.193

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
28663d01cbfc51febe57f7a625758e07
60ba953df1dda44159f0c4eb0dc31c0b4febf3f8
2f27e883cc9b7c8577b916d397ea3f5fd26193646f258163a29f172ce245001f

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a864-901e-0037-6d40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT

xtractrenew.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8

20.60.135.193

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
a57ae0770ec8d8a8b93ebbbc938347d5
77ffa34e9b94a346006cb72da659d285ecfb3dcd
f7c443f4e00b7575e1d6df5ba0adc964bb6e7c5ac196f42397c69166de242f23

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/localization.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4a90e-901e-0037-0840-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT

xtractrenew.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8

20.60.135.193

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
8ec908e9726c13729940d585a6cdf836
8d3b223ccae022ea19a0c4fde955989bc7f0e709
2e3f3669940c1dd1b45821249e77c60e14f0464b895a03a523bb50bce47e4494

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/UXConfig.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: e369db4d-a01e-002c-0d40-971c29000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:43 GMT

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.11.207

200 OK

14 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (48664)
Size
14 kB (13850 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 4ab4a8ce4f740f06dc6fc6caea9cf230
cdn-cache: HIT
cf-cache-status: HIT
age: 60290
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d241bbefd8db4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

webmail.bell.net/bell/login/css/login.css

209.71.212.18

200

2.3 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/login.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (305), with CRLF line terminators
Size
2.3 kB (2288 bytes)
Hash
b2a72fe3696b22d1d024aca6a8c48036
d6c9d63f57589ef3a1b2d6974882abefab534996
e5cfaa79c2e7ceebd28f0743bee907a9659aa64257c61d3276002099ff87d0c4

HTTP Headers

GET /bell/login/css/login.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"2288-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 2288
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!k5Wfway9KchN9RmKjod15JPsKvsaUjwDGmxWVB2DQaS3vIBECQ5M2eQmruaVKrwUe3XDsg3GkvUJkhlWGoXTAVQVA5y/+lJfZLjo7Q+L4e4Djw==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/css/bell_prime_mod.css

209.71.212.18

200

12 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/bell_prime_mod.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
12 kB (11957 bytes)
Hash
858d8fc28e05148b1af4bcd6a011409e
af9389b926e99dc52bff5aa64b23e4f82fa710b8
f7ed0fe3268f25fa30c600f83207f34963b4cecea90170f3f48c070662626839

HTTP Headers

GET /bell/login/css/bell_prime_mod.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"11957-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 11957
Date: Sun, 04 Jun 2023 23:55:44 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!fv60r7zHLJh8HnxEUwqVUcceXQbKqemCDQMeGfEDYFoPfvTkXG36WiPygT+AGC5JesLb1F4LApzlYWTeTq7hGBRh6RkZ4MQTjn0oIdzJz0VUAA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell.connector-rui.css

209.71.212.18

200

96 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.connector-rui.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
assembler source, ASCII text, with very long lines (379), with CRLF line terminators
Size
96 kB (96334 bytes)
Hash
d7cf083ecd7bdc3e5814a5c8ea510d9f
0c2be17d3281569c1ea7a2291c41f3c69dbe4f01
219d913d55643e64cc00af92f3edfa4a125603cfcf5ebaa68f601c9fdea0d190

HTTP Headers

GET /bell/header/css/bell.connector-rui.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"96334-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 96334
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!0yYFO7iukJKlGG51X38/VDhJ/s0IP64Wo+icl/GF3QzCpBC72+aY+g9eYS3PcV/DB5SNrjeooMn3aOv+O7oka/Yjwsx7g+T7FCpHK4XFeD+3lg==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/js/jquery-3.5.1.min.js

209.71.212.18

200

90 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/js/jquery-3.5.1.min.js
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
90 kB (89478 bytes)
Hash
b61aa6e2d68d21b3546b5b418bf0e9c3
9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

HTTP Headers

GET /bell/login/js/jquery-3.5.1.min.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"89478-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 89478
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!bK3NoTJMsn4q43OKjod15JPsKvsaUmGi8NO8j3f1y2M3Egba0y41C+hqkrRIeBMlFUMm4uRFagCIT3/lKKyp2qFw/03MU7T412jzOEQG/QodVA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/css/flush.css

209.71.212.18

200

84 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/flush.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65348), with CRLF line terminators
Size
84 kB (83485 bytes)
Hash
425b6e1032251ddb65c460512364ebc5
b039d06c59bf683a63d256898c30a2c84decd1f1
752a2fd980c99dcabae0aa552cd99fe9794cdf49febea1ee1c90319990b6566c

HTTP Headers

GET /bell/login/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83485-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83485
Date: Sun, 04 Jun 2023 23:55:43 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!rQE5SEgFkezME7t1X38/VDhJ/s0IPwmLZRHjSbxl+2xLd+6VrPOeWo6NEWNzxV/+2If3E+mnMINbY/WrcnN+U7Tm/2UAH+SxCfwTH7cIMVW+EQ==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:45 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8

209.71.212.18

200

1.8 MB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (1519)
Size
1.8 MB (1849088 bytes)
Hash
f779ea15bd3f9c6856eed9a7b5cef5c9
eae7f309e932ba0618627e3d77d8ecb953a9108b
5a2b976e853b3b0b1f2e8da24b41a5abdf23a8ef2ac6bbfb93beb4195c7b7c0f

HTTP Headers

GET /bell/ux/ux.css?v=3.1.3.28.1-8 HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"1849088-1682648909000"
Last-Modified: Fri, 28 Apr 2023 02:28:29 GMT
Content-Type: text/css
Content-Length: 1849088
Date: Sun, 04 Jun 2023 23:55:44 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Son0EBYzg8UBm6tEUwqVUcceXQbKqW+1EIWgEgWlwwPPrbr6HsyBSahvZnCSSdflQwradsZIMNNc+xpmab5fiJqrUCuk2jQpQYlTWtW948yZIA==; expires=Sun, 11-Jun-2023 23:55:44 GMT; path=/; Httponly; Secure
Cache-Control: no-store

xtractrenew.z13.web.core.windows.net/

20.60.135.193

200 OK

23 kB

URL User Request GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Size
23 kB (23341 bytes)
Hash
2173468ceea92c6cdc1a014dc0c9dfb3
690b321161b25c9f37011c7f89ae8ec4d9d571e6
d0971367dcde56e5da0d2de92a8805e927cfd6dd8998dec32d41f3f2b6a00168

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4ae1d-901e-0037-5b40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT

webmail.bell.net/bell/header/img/favicon.ico

209.71.212.18

200

5.4 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/img/favicon.ico
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
71e639807dd6f7bd6d9382624b837574
2a6afcb240f07f37794e1d9c34dbe5d673c738b4
5c82b38e75516678c187c1cb7003482cffd310bf384207ea539ced9af87d6d92

HTTP Headers

GET /bell/header/img/favicon.ico HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5430-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/x-icon
Content-Length: 5430
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!eY5Vg7HN1xX4/Cp1X38/VDhJ/s0IP7+mo95f5wUHCRNr/4w+dbi+rkyUWQ2wMqJIb8Ch5KRKGmxnKm7MCziEgscQer7LGVusIir7Wc4QQtsF2w==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8

20.60.135.193

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
5b865773c52f264e39d894c4b696a692
3e4086fc194ee1302ff468c56b9ae15b68bf21bc
815e07ac5ac9dc64895c138d5e0f6cff05ea79eab4f7f97e72f29637cfaf9441

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: f1b4ae8c-901e-0037-4840-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT

fonts.googleapis.com/css?family=NTR&display=swap

142.250.74.74

200 OK

379 B

URL GET HTTP/2
fonts.googleapis.com/css?family=NTR&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
gzip compressed data, max compression\012- data
Size
379 B (379 bytes)
Hash
1b294a78a39059d694937708f4f57a8f
83069a6c5750eae59fb67b7058af549ceef37446
c3afd317b5981ef6f1c07269da5da59ce9d82b4a849dbba2fd5893fa4f4c3835

HTTP Headers

GET /css?family=NTR&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Jun 2023 23:55:46 GMT
date: Sun, 04 Jun 2023 23:55:46 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.bell.net/bell/login/img/bg_gradRibbon.gif

209.71.212.18

200

227 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_gradRibbon.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 1 x 800\012- data
Size
227 B (227 bytes)
Hash
c8caa40d55e69e4109c79e2110ee7fe0
9333a2d29161f6ac95a0dea68bbbd9adcdd968cb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592

HTTP Headers

GET /bell/login/img/bg_gradRibbon.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"227-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 227
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!i4bnIU2lU5iU4NJ1X38/VDhJ/s0IPzSgnAZG6Roi3v2U0oOQnYlrPFbGI6JEt7FCCKlYsd2dIq7tte0Z2gzHCOcIXp5ZdVGMzC7ySpeATEpccA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/img/bg_cBoxExtra.png

209.71.212.18

200

811 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_cBoxExtra.png
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
PNG image data, 1050 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
811 B (811 bytes)
Hash
12ad0db519b84a4856fd00ecd76f8a21
3b5d2057841adcb928100f00843d5e2f163037a3
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00

HTTP Headers

GET /bell/login/img/bg_cBoxExtra.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"811-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 811
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!wsCsd7SwwtQHF8mKjod15JPsKvsaUn6MVIy/sUwFOqptRoyEO/7WJHe32J8VjmSpMOGSREL41le6L8Qzs8KfhtxquCYrwlySRjdtRqoXK4O9bA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/img/bg_mainExtra.gif

209.71.212.18

200

493 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_mainExtra.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 975 x 13\012- data
Size
493 B (493 bytes)
Hash
bb78fc14f637ca27ac6cb6d6671ea294
a6b72cd3feca0cefbde05f9161a1f533bad2895e
b42ec6173d78f4ed24a22cce44c8321afeebefec5fbe97e49deec25cce73bf98

HTTP Headers

GET /bell/login/img/bg_mainExtra.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"493-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 493
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!ZFGML2H+z2OXynV1X38/VDhJ/s0IPwe1d0lMNR0lUc3NboJy53dcmvBVSd14t+hCkO6NcpIfAbstYt+Q8wJqYdEKwH5BgqcK4f7poeGgTjgQtQ==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY

216.58.207.228

200 OK

1.2 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
IP
216.58.207.228:443
ASN
#15169 GOOGLE

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.2 kB (1157 bytes)
Hash
cd3669b65e8bcff4ec6756ab8cb992f5
4a030c1b9c7986560cc3b98aa813966881acd773
70f770dc7daa1b76775c3d24a86fcc239ee0f53233d27692ce82431e64ed06e1

HTTP Headers

GET /recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Jun 2023 23:55:46 GMT
content-security-policy: script-src 'nonce-I7GK9Ml2-CbPBlaLhSCgMA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1157
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js

142.250.74.35

200 OK

166 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (749)
Size
166 kB (166186 bytes)
Hash
ee07ba65373413be83ec0d45887c2a44
13646acedb5d781fed2599c46634b4e58b8217db
d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048

HTTP Headers

GET /recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 13:34:38 GMT
expires: Fri, 31 May 2024 13:34:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 30 May 2023 00:01:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 296468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
74f920b2d198dc352519f4082ecc0837
36a173239a76f25567778cafcf60bce9a0a67d87
b0ffb1f4c9c0fe3878c75531f2b4e2fc0f2c3f8e26b35f04880625120c3dae8d

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Sun, 04 Jun 2023 23:55:46 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ebiller.z13.web.core.windows.net/

52.239.170.33

200 OK

7.4 kB

URL GET HTTP/1.1
ebiller.z13.web.core.windows.net/
IP
52.239.170.33:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint13:61:0C:95:DD:B7:35:22:1D:4E:FB:4E:F8:38:3C:4D:F8:09:40:7B
ValidityWed, 22 Mar 2023 00:18:32 GMT - Fri, 22 Mar 2024 00:18:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3546), with CRLF line terminators
Size
7.4 kB (7395 bytes)
Hash
34af9e91706380f1ac3de96af17384b8
5662106a716fef9771fa8b5cccbc62e699b97461
f20f1deea159d245f00bcc89df9ca7290a92465a044728c0f21f6ebf8e38cba6

HTTP Headers

GET / HTTP/1.1
Host: ebiller.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7395
Content-Type: text/html
Content-MD5: NK+ekXBjgPGsPelq8XOEuA==
Last-Modified: Thu, 16 Mar 2023 16:13:22 GMT
Accept-Ranges: bytes
ETag: "0x8DB26395D4AA64C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2779888a-601e-001f-1c40-976c6b000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:46 GMT

webmail.bell.net/bell/header/css/header.css

209.71.212.18

200

5.8 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/header.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
5.8 kB (5781 bytes)
Hash
77fc8ab4fb59d1143bddce1252c83794
e0fb745274ca9a83bd5d64d7cfc20dc8e240c056
14e72a142eec1c65433ecb350e38c51798b6e01a37f237c023e5e5bff168f0c1

HTTP Headers

GET /bell/header/css/header.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5781-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 5781
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!LGZJVJFWaKaKJHtEUwqVUcceXQbKqfYKi/nOzgWGKZ0idm4Bku2OQjuY56kMNWidxBOiJz75mtAGQ5fvNjLbURRq/8dx37jirsCccaRaZMVNIw==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/js/header.js

209.71.212.18

200

8.5 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/js/header.js
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
8.5 kB (8489 bytes)
Hash
1201ba2ad5dce59bcf0592bbd7fa5c7f
de68c17b134a7eca60000ca59ec2a7ed71e72e8d
9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b

HTTP Headers

GET /bell/header/js/header.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"8489-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 8489
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!QSBDEdWHpt43JZd1X38/VDhJ/s0IPxfAKVZ7Vyb8tqqPqAcSNOUHpgtQsbRmxFcP0KNgnmiSmOGZKp2UID921UzpW0nRV8m+XXFyZ8Je92ItGg==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell.myBell.core.css

209.71.212.18

200

32 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.myBell.core.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (482), with CRLF line terminators
Size
32 kB (31939 bytes)
Hash
ab346f9b0aa4486e099268f98aac64ee
0e193cba17e823936a39053c7295533599a65af7
d3e85b8c519c92d5c82e4e1b89a0e3464c9d5b2d4a82695d8cd8827329d921a1

HTTP Headers

GET /bell/header/css/bell.myBell.core.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"31939-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 31939
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!q6LaKG2yW2+iCSZ1X38/VDhJ/s0IPwFtpsOBuAq45mWoV2i7ny2Pv+BcdpV25o3L9kUH5YF4k0UVbMeJ9RPuoCOrzfWEyq3ovNGOFCfzvOU1lA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/flush.css

209.71.212.18

200

83 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/flush.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65348), with CRLF line terminators
Size
83 kB (83220 bytes)
Hash
0f60835165193685b3f67824b0ddbfc3
f74bc0e2d6d4cd24d45ae34b9c3e8f402c160164
7e5465fea0c74f1a06e035893dfd0fe6c16a0c734c764f775e669682ae4fca4a

HTTP Headers

GET /bell/header/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83220-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83220
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!26OP1W62T/fdwzqKjod15JPsKvsaUqfMEtgN6ft4Wk11lMQGj/ijMEi85rA5Pi9U7hzYmCfqxO/YSTM8rPx0kYGE/2lzQbv3WjStxYjtvqEbVQ==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_prime.css

209.71.212.18

200

74 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_prime.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (426), with CRLF line terminators
Size
74 kB (73599 bytes)
Hash
33c8a043c81f25d4266725e03d30edb6
a0c3c1442f617e4944b49c4e1b962316b86d8581
e37b11690600f7bcba340bdda3e347656b4a52ef532392ff076b26a7e785e1a2

HTTP Headers

GET /bell/header/css/bell_prime.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"73599-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 73599
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!12IITRg67sRJXXlEUwqVUcceXQbKqbEQlLMFI0WpLeqfzoyjO4EH2fWk0JkKvt/5TLH/pA1hnFK/fxlJicqsZJdpARUX/HPGsQhEVGZ+dTGztA==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff

209.71.212.18

200

28 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Web Open Font Format, TrueType, length 26676, version 1.0\012- data
Size
28 kB (28299 bytes)
Hash
9f56626dc884196325f86c85db54fc99
028bdd2a6efdaca7dc40213683e89d8494dca887
b700b624d0b8c501b76cc4418dfabadfada8fc8b7b646da4f27fbaf4401d17a0

HTTP Headers

GET /bell/login/font/bellslim_semibold-webfont.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"26676-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/woff
Content-Length: 26676
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!5V8qtzgHlNnoWjWKjod15JPsKvsaUjqBqVLgCpBcQWYgHglIPUqykdLUiB5XlJjMJI5S0DhAbfZ71hEJamvgPhrwzy/CSTzMjtVDPhPGgqrICA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_master_a.css

209.71.212.18

200

110 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_master_a.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (338), with CRLF line terminators
Size
110 kB (110483 bytes)
Hash
adb1d4cac1dd7af9b6ad2e35116765d5
376c7517be00d4cbad201157f121339fdb221e19
4c7a96357059b132cedc58b1bac711127f2f8fc5f2b7768b9e13a696f758b9de

HTTP Headers

GET /bell/header/css/bell_master_a.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"110483-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 110483
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!wNGik+X/30vpOIV1X38/VDhJ/s0IPy/mVeTRJgFdlPHOmCFfSk3jZMJlsc8ZjGaOjkbHLj/foMOWPfo9NUwLyQiz5rK9HEeb1NU2hZRcY9OV6g==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_master.css

209.71.212.18

200

153 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_master.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (466), with CRLF line terminators
Size
153 kB (153090 bytes)
Hash
f1375ffc988dbdfd4dfcc3b57360dd83
1876a7b83425eca4bf61bcb2349994e47fa9dd8c
27f935f11d6d8196622ac0144bfdb36815277977b4a9b9f74d2c1644caca990c

HTTP Headers

GET /bell/header/css/bell_master.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"153090-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 153090
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Whf4QHc0dAOfLwl1X38/VDhJ/s0IP3uR5OYWS9eRkDX79aaRKoZNOZwSUPGUod/AnnA+RiasDRwJlkV4T/BzxvhKPDrIYobJqhyABdXbfkUlww==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell.connector.css

209.71.212.18

200

142 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.connector.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (379), with CRLF line terminators
Size
142 kB (142518 bytes)
Hash
60afd7252434863601e228e354eb2781
46cb2eb033519c060bb4a7eb994abeaf8513e37d
beb19ccd981b1b2219adf7a8b5c0108825dc1222b33e8fdadcaa7ef68b0d6a3c

HTTP Headers

GET /bell/header/css/bell.connector.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"142518-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 142518
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!O1zEpT6h8jVv1x1EUwqVUcceXQbKqU8YqocLdwn4q4bTVxDdQA9txYkl3lU3GIpqhx8PZv0ULOtIXM8Q/n0avZpdA5VkHG63R1vl4dJzDRjICw==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/img/bg_iconSprite.png

209.71.212.18

200

103 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/img/bg_iconSprite.png
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
PNG image data, 635 x 311, 8-bit/color RGBA, non-interlaced\012- data
Size
103 kB (102729 bytes)
Hash
b57802d1e1438ee085728b93e8588d56
837684b7ff84da66972f2253564be2f9a9503c4c
21e39e30e42373a43a58733e1e5e589f042ab79c36fd48e890d00d2cb5979e84

HTTP Headers

GET /bell/header/img/bg_iconSprite.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.connector.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"102729-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 102729
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!6Eteoj+vjS90Ac5EUwqVUcceXQbKqUmNichmnN11/8bXx62EwT/aZeimjCflmNGfZALysxwPO6OcAFZjbDOLl9hY6PYYYChRhtifm+LV1LgGeQ==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/img/bg_transparent.gif

209.71.212.18

200

43 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_transparent.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /bell/login/img/bg_transparent.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"43-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Jun 2023 23:55:45 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Y28qhaKc44UjNx9EUwqVUcceXQbKqWUjsXme9uI4vTaOIIrvS046sM1ptEDV0UzXdYMHgrc4gcmp3ZFKDG5uO8ae1sOdrYpUsfqCEi+e5OXwDA==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/ux/font/fontello.ttf

209.71.212.18

200

13 kB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/font/fontello.ttf
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
TrueType Font data, 15 tables, 1st "GSUB"\012- data
Size
13 kB (13032 bytes)
Hash
1cc7ccd253fbfa847849f7b330a61c65
70bea37108d0ad6810f7a17c276b3f73b5e6fae0
176ba26504f702e2e232cc0d1768b567750b11e79a41ca6643faf34deaef19d7

HTTP Headers

GET /bell/ux/font/fontello.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"71236-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/ttf
Content-Length: 71236
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!mF1vCmEVYYh56Pl1X38/VDhJ/s0IP0AaPFJvrQg54GM7jkIay8gJiCV4oVxIdtpAy3rUTFWywdFzJ80omP3JANglE3GLmpe3J768D99MN/IwMg==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/jquery-ui.custom.css

209.71.212.18

200

15 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/jquery-ui.custom.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (1398), with CRLF line terminators
Size
15 kB (14804 bytes)
Hash
086f28b5548ea46cb27b98a5444d4681
1267603b3aae6ac49c50c0e9a60d550cf5042b09
9f0e9989236ae195a552662370ecde07998665e8e8a8c89c9e9995a3f64f2b9f

HTTP Headers

GET /bell/header/css/jquery-ui.custom.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"14804-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 14804
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!MKjm8MSeosZEbEKKjod15JPsKvsaUvSFPlw519HMSRx5I4bJFlVv7F6eCz7qM68Uo66Jlxn+FBirpAapjZmn+qrx6LpiJbKIx8mLuKCU93bBPw==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Jun 2023 23:55:43 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 28966791
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d241bbefcbbb509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

webmail.bell.net/bell/ux/font/fontello.woff

209.71.212.18

200

14 kB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/font/fontello.woff
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Web Open Font Format, TrueType, length 41232, version 1.0\012- data
Size
14 kB (13495 bytes)
Hash
6bf1ddf0854b7a3d4765726e2c18bddd
00e96103a59d6de0af77440105903dde909df3ab
10c3cd7614428b8100d4256158588ae208fdd6c004c08288aa937267db57d1b8

HTTP Headers

GET /bell/ux/font/fontello.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"41232-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/woff
Content-Length: 41232
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!l/YpE+7qMTM7ohB1X38/VDhJ/s0IPwGL8VkNkHVH26ATJ8iAsIrkP8sVrqZT3Qshzj+L6VEtQLHv5qc+xsxaJ5EZCLKABzafnABlPNjE4F9Kkg==; expires=Sun, 11-Jun-2023 23:55:46 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf

209.71.212.18

200

14 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
TrueType Font data, 18 tables, 1st "FFTM"\012- data
Size
14 kB (13496 bytes)
Hash
2a4dcb55326caf6a22cc5fb5f0978566
e2233433b41008e82482a8303cd65ca13e041f67
204b75cfdd0aaa69af4ddd3a65f8aaef3632c56e35749f49b2767b05b4cee712

HTTP Headers

GET /bell/login/font/bellslim_semibold-webfont.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://xtractrenew.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"46512-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/ttf
Content-Length: 46512
Date: Sun, 04 Jun 2023 23:55:46 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!5CHbYzGJ1ibOzYOKjod15JPsKvsaUidmT3+55Wk/le8BDf8PI5hDszm8N8GJtC+cQi9Hw3CyQjZw9hmS5lJKgBFgKEyOWqeWvcU2xziDqWNVMg==; expires=Sun, 11-Jun-2023 23:55:47 GMT; path=/; Httponly; Secure
Cache-Control: no-store

xtractrenew.z13.web.core.windows.net/

20.60.135.193

200 OK

23 kB

URL GET HTTP/1.1
xtractrenew.z13.web.core.windows.net/
IP
20.60.135.193:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://xtractrenew.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint10:03:D5:D9:32:A4:4E:F1:3F:2D:1E:91:86:09:76:3C:10:49:5F:69
ValidityMon, 20 Mar 2023 09:35:58 GMT - Wed, 20 Mar 2024 09:35:58 GMT

File type

Size
23 kB (23341 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: xtractrenew.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://xtractrenew.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 23341
Content-Type: text/html
Content-MD5: IXNGjO6pLGzcGgFNwMnfsw==
Last-Modified: Fri, 02 Jun 2023 20:37:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB63A92F554757"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f1b4ae1d-901e-0037-5b40-97222a000000
x-ms-version: 2018-03-28
Date: Sun, 04 Jun 2023 23:55:45 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML