Report - necessarysynonym.z13.web.core.windows.net/

Report Overview

Submitted URL
necessarysynonym.z13.web.core.windows.net/
IP
20.150.90.65
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-06-05 13:07:43
Access
public
Website Title
Final URL
Tags
phishing
urlquery detections
Phishing - Generic phishing

Detections

urlquery
5
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-06-05	523 B	7.2 kB	104.17.24.14
code.jquery.com	634	2005-12-10	2012-05-21	2023-06-05	498 B	24 kB	69.16.175.42
ocsp.entrust.net	1208	1997-07-28	2014-01-10	2023-06-05	1.7 kB	9.8 kB	104.110.10.32
webmail.bell.net	468451	1997-05-20	2014-10-10	2023-06-03	12 kB	2.9 MB	209.71.212.18
ebiller.z13.web.core.windows.net	unknown	1995-08-10	2023-04-05	2023-06-03	547 B	7.8 kB	52.239.170.33
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2023-06-05	519 B	50 kB	104.18.10.207
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2023-06-05	466 B	52 kB	104.18.10.207
necessarysynonym.z13.web.core.windows.net	unknown	unknown	No data	No data	4.3 kB	74 kB	20.150.90.65
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-05	2.3 kB	4.9 kB	142.250.74.131
www.google.com	7	1997-09-15	2015-05-10	2023-06-05	1.1 kB	3.1 kB	142.250.74.132
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-06-05	458 B	31 kB	216.58.207.234
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-05	439 B	1.8 kB	142.250.74.106
www.gstatic.com	unknown	2008-02-11	2016-07-26	2023-06-05	2.0 kB	173 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/
2023-06-04	medium	necessarysynonym.z13.web.core.windows.net/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	webmail.bell.net/bell/header/js/header.js	8.5 kB	2023-03-07	2023-11-14
Pretty URL webmail.bell.net/bell/header/js/header.js IP 209.71.212.18 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:24:54 Last Seen2023-11-14 19:40:59 Times Seen43 Hash 1201ba2ad5dce59bcf0592bbd7fa5c7f de68c17b134a7eca60000ca59ec2a7ed71e72e8d 9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b Loading...

	www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js	417 kB	2023-06-01	2023-06-15
Pretty URL www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 21:02:24 Last Seen2023-06-15 18:56:33 Times Seen6805 Hash ee07ba65373413be83ec0d45887c2a44 13646acedb5d781fed2599c46634b4e58b8217db d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048 Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	19 kB	2023-03-07	2024-04-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 22:55:05 Times Seen111975 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-04-26
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-26 23:21:50 Times Seen384932 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit	909 B	2023-06-03	2023-06-09
Pretty URL www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-03 09:08:34 Last Seen2023-06-09 04:38:59 Times Seen48 Hash ee67586e6e3cc98f18400d50cfdc7363 c4b4daaeb376bc86eccd1b80277f446ac6955601 9fa5995780938aabbcef6cedccdfaa126fbe68eda0859281386dc2879b0dd2d6 Loading...

	www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY	0 B	2023-03-07	2024-04-26
Pretty URL www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 23:45:01 Times Seen37104909 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	webmail.bell.net/bell/login/js/jquery-3.5.1.min.js	90 kB	2023-03-07	2024-04-26
Pretty URL webmail.bell.net/bell/login/js/jquery-3.5.1.min.js IP 209.71.212.18 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:09 Last Seen2024-04-26 20:48:15 Times Seen14192 Hash b61aa6e2d68d21b3546b5b418bf0e9c3 9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7 f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	70 kB	2023-03-07	2024-04-26
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:43 Last Seen2024-04-26 22:55:05 Times Seen106617 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-26
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 22:55:05 Times Seen137276 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	51 kB	2023-03-07	2024-04-26
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-26 23:21:50 Times Seen244872 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	necessarysynonym.z13.web.core.windows.net/	2.1 kB	2023-06-05	2023-06-05
Pretty URL necessarysynonym.z13.web.core.windows.net/ IP 20.150.90.65 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 15:07:51 Last Seen2023-06-05 15:07:51 Times Seen1 Hash 8b6583f115239f608a190a4beca60156 29e860b04d255c2ccb542ad3bf0e988386191f4f be274f66e5169f0655bccc6aded37e609a66cc3dc26c9d9025d4833f1ad9c52f Loading...

HTTP Transactions (59)

URL IP Response Size

necessarysynonym.z13.web.core.windows.net/

20.150.90.65

200 OK

23 kB

URL User Request GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Size
23 kB (22930 bytes)
Hash
66fabbab473075da1baf7ebbedfe7937
3ebcfa5f3233bd43c6767f70820403f1312ef653
5a934655d4e69455e571701a9ebb03f62e1fda45233a5bd63a04e24bb3afe5a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 22930
Content-Type: text/html
Content-MD5: Zvq7q0cwddobr3677f55Nw==
Last-Modified: Fri, 17 Mar 2023 16:28:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB2704A491D9D3"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fdd74160-301e-000b-05ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:23 GMT

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.24.14

200 OK

6.2 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F
ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

File type
ASCII text, with very long lines (19015)
Size
6.2 kB (6157 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:07:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3350340
expires: Sat, 25 May 2024 13:07:24 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q1O3LB9F2NTJSEsj00hABbsgHXekTA5Ds3Wm52OQ34JKRk5YjKOq9z4cX3reIOLa5%2FhjttCr5SIRwBYZ%2FfFs1vNjDRt5bgtMGjaRCCzre3bFpw%2FAf2WI2IFBL6QnRJXodv6BQo9m"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d28a36ffe1db524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

69.16.175.42

200 OK

24 kB

URL GET HTTP/2
code.jquery.com/jquery-3.2.1.slim.min.js
IP
69.16.175.42:443
ASN
#20446 STACKPATH-CDN

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32012)
Size
24 kB (23856 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:07:24 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1685970444.dop208.sk1.t,1685970444.cds002.sk1.hn,1685970444.cds235.sk1.c
X-Firefox-Spdy: h2

necessarysynonym.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
1fa6c4d0af25cbac930d77a2e9a77c7f
5613cf50221bf9e4d9b15587afe38bd85d7ebb4f
6f967a96ad29233fe94210a28d79d86c594e2215a674d9dfe35ab8c44831fd65

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fdd7433e-301e-000b-34ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:23 GMT

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4213a8781121945333307a54d318355d
131499425454e1b0d402cb56534a5425feb8b9aa
6d874c13595072502141c93df344de38934313ac583be6569e370aa5a549a5e4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

142.250.74.132

200 OK

580 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
FingerprintA8:95:C3:CB:D6:3F:BC:0A:7D:FF:36:72:5E:2F:56:26:9F:EB:77:0E
ValidityFri, 19 May 2023 12:58:13 GMT - Fri, 11 Aug 2023 12:58:12 GMT

File type
ASCII text, with very long lines (909), with no line terminators
Size
580 B (580 bytes)
Hash
ee67586e6e3cc98f18400d50cfdc7363
c4b4daaeb376bc86eccd1b80277f446ac6955601
9fa5995780938aabbcef6cedccdfaa126fbe68eda0859281386dc2879b0dd2d6

HTTP Headers

GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Mon, 05 Jun 2023 13:07:24 GMT
date: Mon, 05 Jun 2023 13:07:24 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

216.58.207.234

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (32065)
Size
30 kB (30028 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:16:38 GMT
expires: Thu, 30 May 2024 00:16:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 478246
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

necessarysynonym.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
0909fe43cc7c791d593ffae5870d0d2a
d3f242901ccb7ebafd50b4bc70af7f1b5c3c6c4f
6ad32ab6de047fa25bb63ae30e817ce3b8ba3778feb5e3925e54b6231e167043

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/localization.js?v=3.1.3.28.1-8 HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 1215da11-501e-00a4-45ae-97db09000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:24 GMT

necessarysynonym.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
c2828bc65a9aead445df12f3759d4dee
011ce4c66cbc178621aa3eecac9b201a4d831b49
8f2f8b3b1d97d6a86dc4a498db5e5c08652e2d4842d060650ce695536a47b65f

HTTP Headers

GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fdd7437c-301e-000b-71ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:24 GMT

ocsp.entrust.net/

104.110.10.32

1.6 kB

URL
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6ca1d5fd689587a93ba608ca0a52c63
a3e9c644f943db9182efceced70678ef9aab09f9
ee6ec270449b19c91ef779c2daa9615d6c89ac645acd9f31550a0409e43b9b75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "EE6EC270449B19C91EF779C2DAA9615D6C89AC645ACD9F31550A0409E43B9B75"
Last-Modified: Mon, 05 Jun 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3560
Expires: Mon, 05 Jun 2023 14:06:45 GMT
Date: Mon, 05 Jun 2023 13:07:25 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

1.6 kB

URL
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6ca1d5fd689587a93ba608ca0a52c63
a3e9c644f943db9182efceced70678ef9aab09f9
ee6ec270449b19c91ef779c2daa9615d6c89ac645acd9f31550a0409e43b9b75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "EE6EC270449B19C91EF779C2DAA9615D6C89AC645ACD9F31550A0409E43B9B75"
Last-Modified: Mon, 05 Jun 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Mon, 05 Jun 2023 14:07:25 GMT
Date: Mon, 05 Jun 2023 13:07:25 GMT
Connection: keep-alive

necessarysynonym.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/ux/UXConfig.js?v=3.1.3.28.1-8
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
8ecf6306895a2af68255cd066854516f
0e43157157b58a928f311f088982e079a4a7e616
390e66255c17116a005422226f4421f1bbacff3fce5f108e1dc147ae3e6719f6

HTTP Headers

GET /ux/UXConfig.js?v=3.1.3.28.1-8 HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: 972e7074-601e-0016-40ae-972478000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:24 GMT

ocsp.entrust.net/

104.110.10.32

1.6 kB

URL
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6ca1d5fd689587a93ba608ca0a52c63
a3e9c644f943db9182efceced70678ef9aab09f9
ee6ec270449b19c91ef779c2daa9615d6c89ac645acd9f31550a0409e43b9b75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "EE6EC270449B19C91EF779C2DAA9615D6C89AC645ACD9F31550A0409E43B9B75"
Last-Modified: Mon, 05 Jun 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Mon, 05 Jun 2023 14:07:25 GMT
Date: Mon, 05 Jun 2023 13:07:25 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

1.6 kB

URL
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6ca1d5fd689587a93ba608ca0a52c63
a3e9c644f943db9182efceced70678ef9aab09f9
ee6ec270449b19c91ef779c2daa9615d6c89ac645acd9f31550a0409e43b9b75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "EE6EC270449B19C91EF779C2DAA9615D6C89AC645ACD9F31550A0409E43B9B75"
Last-Modified: Mon, 05 Jun 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3504
Expires: Mon, 05 Jun 2023 14:05:49 GMT
Date: Mon, 05 Jun 2023 13:07:25 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

1.6 kB

URL
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
a6ca1d5fd689587a93ba608ca0a52c63
a3e9c644f943db9182efceced70678ef9aab09f9
ee6ec270449b19c91ef779c2daa9615d6c89ac645acd9f31550a0409e43b9b75

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "EE6EC270449B19C91EF779C2DAA9615D6C89AC645ACD9F31550A0409E43B9B75"
Last-Modified: Mon, 05 Jun 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3555
Expires: Mon, 05 Jun 2023 14:06:40 GMT
Date: Mon, 05 Jun 2023 13:07:25 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
df2c4343cb60d7b80a236621d9420bcf
d3469e9e2c43c94b12975da73fdfd44d75b53505
34dd045a98470df1fd958512c63d10a8d346b3201c8fad27b3dc391e30e93943

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

webmail.bell.net/bell/login/css/bell_prime_mod.css

209.71.212.18

200

12 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/bell_prime_mod.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
12 kB (11957 bytes)
Hash
858d8fc28e05148b1af4bcd6a011409e
af9389b926e99dc52bff5aa64b23e4f82fa710b8
f7ed0fe3268f25fa30c600f83207f34963b4cecea90170f3f48c070662626839

HTTP Headers

GET /bell/login/css/bell_prime_mod.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"11957-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 11957
Date: Mon, 05 Jun 2023 13:07:24 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!aAovGYdgaDpO86VEUwqVUcceXQbKqcYDh0AWnHdffcZGTLIeNjd80QAVWX4YTH2kLnK7tpzqnFRUBXSZD51AefWJbSw0zzd7q/1vap2YofMLEA==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

necessarysynonym.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/ux/localization.js?v=3.1.3.28.1-8
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
e8964d01aab930e1eab69741986f4554
b7d7acd10f4e0ac1d67e54f269b8aedd1598b76f
e51c5698dc970439e6f93cd80045d30dbc0412cf303dcd7d828c52dea2877888

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

HTTP Headers

GET /ux/localization.js?v=3.1.3.28.1-8 HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fdd74487-301e-000b-49ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:24 GMT

webmail.bell.net/bell/login/css/login.css

209.71.212.18

200

2.3 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/login.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (305), with CRLF line terminators
Size
2.3 kB (2288 bytes)
Hash
b2a72fe3696b22d1d024aca6a8c48036
d6c9d63f57589ef3a1b2d6974882abefab534996
e5cfaa79c2e7ceebd28f0743bee907a9659aa64257c61d3276002099ff87d0c4

HTTP Headers

GET /bell/login/css/login.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"2288-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 2288
Date: Mon, 05 Jun 2023 13:07:24 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!JsZyiMCkTE7UumeKjod15JPsKvsaUm8NMlv+cSQXeUjlkL9l/RjitYrTakhxFlsf/v+iqIaeG1twJzZ2p+T/R2RSFxanN3EKV4cIGE2FoTyd8g==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/js/jquery-3.5.1.min.js

209.71.212.18

200

90 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/js/jquery-3.5.1.min.js
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
90 kB (89478 bytes)
Hash
b61aa6e2d68d21b3546b5b418bf0e9c3
9c1398f0de4c869dacb1c9ab1a8cc327f5421ff7
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

HTTP Headers

GET /bell/login/js/jquery-3.5.1.min.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"89478-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 89478
Date: Mon, 05 Jun 2023 13:07:24 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Bts59SLKj3y2bOKKjod15JPsKvsaUpl6JecemQr8zsyTCx08qKxq1B1qpC+upyXy839xyj+uOiAG6qmN1Ug3IsSuq8BFnGd6qHg33tQYR1y5tA==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/css/flush.css

209.71.212.18

200

84 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/css/flush.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65348), with CRLF line terminators
Size
84 kB (83485 bytes)
Hash
425b6e1032251ddb65c460512364ebc5
b039d06c59bf683a63d256898c30a2c84decd1f1
752a2fd980c99dcabae0aa552cd99fe9794cdf49febea1ee1c90319990b6566c

HTTP Headers

GET /bell/login/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83485-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83485
Date: Mon, 05 Jun 2023 13:07:25 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!o2QrgWFyyMtG1cBEUwqVUcceXQbKqRWwer8yNwG8TfgPpKWz5ZT5JONxQtvYKUnI4ngK4zU8eUEdu62mFB7JogpYUEhzkh3s4+qpRHP3vVJFag==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell.connector-rui.css

209.71.212.18

200

96 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.connector-rui.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
assembler source, ASCII text, with very long lines (379), with CRLF line terminators
Size
96 kB (96334 bytes)
Hash
d7cf083ecd7bdc3e5814a5c8ea510d9f
0c2be17d3281569c1ea7a2291c41f3c69dbe4f01
219d913d55643e64cc00af92f3edfa4a125603cfcf5ebaa68f601c9fdea0d190

HTTP Headers

GET /bell/header/css/bell.connector-rui.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"96334-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 96334
Date: Mon, 05 Jun 2023 13:07:24 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!LRwoASJ8xbJbR5qKjod15JPsKvsaUsSrxtAdVSZz/Grr3HyxJ4XZgqcjdij5I8A8VuQCJiWbRaKD+7dqA6gNKnUbNhIwMDv61a94eR2VCOAdHA==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8

209.71.212.18

200

1.8 MB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (1519)
Size
1.8 MB (1849088 bytes)
Hash
f779ea15bd3f9c6856eed9a7b5cef5c9
eae7f309e932ba0618627e3d77d8ecb953a9108b
5a2b976e853b3b0b1f2e8da24b41a5abdf23a8ef2ac6bbfb93beb4195c7b7c0f

HTTP Headers

GET /bell/ux/ux.css?v=3.1.3.28.1-8 HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"1849088-1682648946000"
Last-Modified: Fri, 28 Apr 2023 02:29:06 GMT
Content-Type: text/css
Content-Length: 1849088
Date: Mon, 05 Jun 2023 13:07:24 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!VbrAHoEkjnr9LhiKjod15JPsKvsaUhwqdNBcY2GwrrKwDER3Mon1hBXOxR0LpBZ9zhx86+5rEe0+OQR4VCV1+3LXUISsXdb7yPXTeSEL/zVtiQ==; expires=Mon, 12-Jun-2023 13:07:25 GMT; path=/; Httponly; Secure
Cache-Control: no-store

necessarysynonym.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8

20.150.90.65

404 The requested content does not exist.

321 B

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/ux/ux.js?v=3.1.3.28.1-8
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (321), with no line terminators
Size
321 B (321 bytes)
Hash
066f1053310af5bb2e15e03f9e2101ce
83696a1486fe9a0c6bbf6ac0129faf15d663c457
49bfe2ab3b4c372500af8c83b0aa6590cc9aff250b6190cf3766e41903b4b1cf

HTTP Headers

GET /ux/ux.js?v=3.1.3.28.1-8 HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 The requested content does not exist.
Content-Length: 321
Content-Type: text/html
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-error-code: WebContentNotFound
x-ms-request-id: fdd749ad-301e-000b-31ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:26 GMT

webmail.bell.net/bell/login/img/bg_transparent.gif

209.71.212.18

200

43 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_transparent.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /bell/login/img/bg_transparent.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"43-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 43
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Q9j9vKkFpwHXFs2Kjod15JPsKvsaUjcyiTrsUpFXOEhmgvvtnbRKbmufy6WgPJDv4aU7DU1P2L+c0lQTgWDQnojT6XB1iqE78Qg97BHCfiRewQ==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/img/bg_gradRibbon.gif

209.71.212.18

200

227 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_gradRibbon.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 1 x 800\012- data
Size
227 B (227 bytes)
Hash
c8caa40d55e69e4109c79e2110ee7fe0
9333a2d29161f6ac95a0dea68bbbd9adcdd968cb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592

HTTP Headers

GET /bell/login/img/bg_gradRibbon.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"227-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 227
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Fq4aEkScn9P6Ai+Kjod15JPsKvsaUlkf8h20mZwyJ/HYXITuaSmDnwGx2xNs6TALm83zl60zvujVfVXT46wVlAxvo0Vrc5E+n65QO2Lq52aPzw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

fonts.googleapis.com/css?family=NTR&display=swap

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=NTR&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
gzip compressed data, max compression\012- data
Size
1.1 kB (1147 bytes)
Hash
21659508702ac9255fde46e85fde3a4f
37b882cc9239a72dbf7e05ccbf64b868676f7b6c
508030ebb2475de2ff3d055d3e7ddb02a8e85c89b661bd8d8b76ff413ddd4ec0

HTTP Headers

GET /css?family=NTR&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 05 Jun 2023 13:07:26 GMT
date: Mon, 05 Jun 2023 13:07:26 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.bell.net/bell/login/img/bg_mainExtra.gif

209.71.212.18

200

493 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_mainExtra.gif
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
GIF image data, version 89a, 975 x 13\012- data
Size
493 B (493 bytes)
Hash
bb78fc14f637ca27ac6cb6d6671ea294
a6b72cd3feca0cefbde05f9161a1f533bad2895e
b42ec6173d78f4ed24a22cce44c8321afeebefec5fbe97e49deec25cce73bf98

HTTP Headers

GET /bell/login/img/bg_mainExtra.gif HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"493-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/gif
Content-Length: 493
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!WWMQLMuyRKXSZJdEUwqVUcceXQbKqdMTBwCEaq3qfNSaZkeClaBqAzUi2mRLXmIdKthnVHl99MiNp9fFSOgy8QQs/6EznwwuK6JUwaE0fLb9xw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY

142.250.74.132

200 OK

1.2 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
1.2 kB (1154 bytes)
Hash
5af046c7370e81f23c0bbf6f2abaf795
a9f8bf74441075c276d08ac1d63b847e71c80238
ab889f2674e9f5272dc3f01092b8965d3aee6e42c8997d5ba9bb84b9622d76e4

HTTP Headers

GET /recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Jun 2023 13:07:27 GMT
content-security-policy: script-src 'nonce-jiWfxDqbqzNUhu8cemFF6A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1154
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1620 bytes)
Hash
74f920b2d198dc352519f4082ecc0837
36a173239a76f25567778cafcf60bce9a0a67d87
b0ffb1f4c9c0fe3878c75531f2b4e2fc0f2c3f8e26b35f04880625120c3dae8d

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Mon, 05 Jun 2023 13:07:27 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1620
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Mon, 05 Jun 2023 13:07:27 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 13:07:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ebiller.z13.web.core.windows.net/

52.239.170.33

200 OK

7.4 kB

URL GET HTTP/1.1
ebiller.z13.web.core.windows.net/
IP
52.239.170.33:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
Fingerprint13:61:0C:95:DD:B7:35:22:1D:4E:FB:4E:F8:38:3C:4D:F8:09:40:7B
ValidityWed, 22 Mar 2023 00:18:32 GMT - Fri, 22 Mar 2024 00:18:32 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3546), with CRLF line terminators
Size
7.4 kB (7395 bytes)
Hash
34af9e91706380f1ac3de96af17384b8
5662106a716fef9771fa8b5cccbc62e699b97461
f20f1deea159d245f00bcc89df9ca7290a92465a044728c0f21f6ebf8e38cba6

HTTP Headers

GET / HTTP/1.1
Host: ebiller.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 7395
Content-Type: text/html
Content-MD5: NK+ekXBjgPGsPelq8XOEuA==
Last-Modified: Thu, 16 Mar 2023 16:13:22 GMT
Accept-Ranges: bytes
ETag: "0x8DB26395D4AA64C"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b6ad95b6-501e-0092-24ae-975bb9000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:26 GMT

webmail.bell.net/bell/header/css/header.css

209.71.212.18

200

5.8 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/header.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
5.8 kB (5781 bytes)
Hash
77fc8ab4fb59d1143bddce1252c83794
e0fb745274ca9a83bd5d64d7cfc20dc8e240c056
14e72a142eec1c65433ecb350e38c51798b6e01a37f237c023e5e5bff168f0c1

HTTP Headers

GET /bell/header/css/header.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5781-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 5781
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!J4t2lT/gLZ6mVsSKjod15JPsKvsaUolQfpidEtDwrK1/4iEztH0x9gpBuq1D+5nRbB74lwr/2N1EBDtnE0qrUsyU6SRtzEsTtjcJCs3ctDJdEw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/js/header.js

209.71.212.18

200

8.5 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/js/header.js
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with CRLF line terminators
Size
8.5 kB (8489 bytes)
Hash
1201ba2ad5dce59bcf0592bbd7fa5c7f
de68c17b134a7eca60000ca59ec2a7ed71e72e8d
9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b

HTTP Headers

GET /bell/header/js/header.js HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"8489-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: application/javascript;charset=UTF-8
Content-Length: 8489
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!xehqw55iyM1HnFyKjod15JPsKvsaUrEMgfLCU4vlNH7nIZ16lENJ+Y7BUelRInLIGssAmOjz50rP2CqDZ4WeV0ruxk+DdgWKkt8PpxiHiwKFBw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js

142.250.74.35

200 OK

166 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (749)
Size
166 kB (166186 bytes)
Hash
ee07ba65373413be83ec0d45887c2a44
13646acedb5d781fed2599c46634b4e58b8217db
d946e8f3fb4fe90a5ae3027b91a76703106e2c5c1d762fc3fc230895db7b6048

HTTP Headers

GET /recaptcha/releases/sNQO7xVld1CuA2hfFHvkpVL-/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 13:34:38 GMT
expires: Fri, 31 May 2024 13:34:38 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 30 May 2023 00:01:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 343969
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webmail.bell.net/bell/header/css/bell.myBell.core.css

209.71.212.18

200

32 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.myBell.core.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (482), with CRLF line terminators
Size
32 kB (31939 bytes)
Hash
ab346f9b0aa4486e099268f98aac64ee
0e193cba17e823936a39053c7295533599a65af7
d3e85b8c519c92d5c82e4e1b89a0e3464c9d5b2d4a82695d8cd8827329d921a1

HTTP Headers

GET /bell/header/css/bell.myBell.core.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"31939-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 31939
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!Bgtd4pEYTzZRSNJEUwqVUcceXQbKqZb39SCxrK00wLBID22aHocJiTPil3Xxpqd9wTQH74LVIsJRzr/VZedK4VSwa4K7TTuM8hSGmGfp8eZfKQ==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

142.250.74.35

404 Not Found

1.6 kB

URL GET HTTP/2
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1136)
Size
1.6 kB (1621 bytes)
Hash
e8ab1f79b23175025c32db6ca6eea154
5b2f8e04a1c72d594952fb2706066423d0d74067
9f5e5cc07b100daf42cc9f9eece5953fe2aa7cfcaa0ddee7fe039ac4c421a548

HTTP Headers

GET /recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
date: Mon, 05 Jun 2023 13:07:27 GMT
content-type: text/html; charset=UTF-8
server: sffe
content-length: 1621
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

necessarysynonym.z13.web.core.windows.net/

20.150.90.65

200 OK

23 kB

URL User Request GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (9315), with CRLF line terminators
Size
23 kB (22930 bytes)
Hash
66fabbab473075da1baf7ebbedfe7937
3ebcfa5f3233bd43c6767f70820403f1312ef653
5a934655d4e69455e571701a9ebb03f62e1fda45233a5bd63a04e24bb3afe5a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 22930
Content-Type: text/html
Content-MD5: Zvq7q0cwddobr3677f55Nw==
Last-Modified: Fri, 17 Mar 2023 16:28:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB2704A491D9D3"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fdd74b77-301e-000b-53ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:26 GMT

webmail.bell.net/bell/header/img/favicon.ico

209.71.212.18

200

5.4 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/img/favicon.ico
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
71e639807dd6f7bd6d9382624b837574
2a6afcb240f07f37794e1d9c34dbe5d673c738b4
5c82b38e75516678c187c1cb7003482cffd310bf384207ea539ced9af87d6d92

HTTP Headers

GET /bell/header/img/favicon.ico HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"5430-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/x-icon
Content-Length: 5430
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!WikDSmkzclIlmRmKjod15JPsKvsaUgHmDXpW3RqJ9E0kOKfyT+mEtGXVjjhtPPbJI6wzY8/dZj+ml0MmDc2nqKQVZJBrFE5prj5uV7Uh7XXFYA==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/flush.css

209.71.212.18

200

83 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/flush.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (65348), with CRLF line terminators
Size
83 kB (83220 bytes)
Hash
0f60835165193685b3f67824b0ddbfc3
f74bc0e2d6d4cd24d45ae34b9c3e8f402c160164
7e5465fea0c74f1a06e035893dfd0fe6c16a0c734c764f775e669682ae4fca4a

HTTP Headers

GET /bell/header/css/flush.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"83220-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 83220
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!5kje3OWab1OaB4SKjod15JPsKvsaUtpbLqkEIEgGVLXAEQxd2lwSFuLwzNYtxSBXpSQpFxx8w/48AUL/He9eF3a/hyUSuHbS3uktcWqQ1Tu7tw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_prime.css

209.71.212.18

200

74 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_prime.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (426), with CRLF line terminators
Size
74 kB (73599 bytes)
Hash
33c8a043c81f25d4266725e03d30edb6
a0c3c1442f617e4944b49c4e1b962316b86d8581
e37b11690600f7bcba340bdda3e347656b4a52ef532392ff076b26a7e785e1a2

HTTP Headers

GET /bell/header/css/bell_prime.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"73599-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 73599
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!XzEpqMpX1w2LtRyKjod15JPsKvsaUoq5dCj9FkILIuboFd9oZnEGf//6vxConvU0agZP5eZzXSNK4EhIxLbVeo2T2GTWL02i1cpHjmbFYv+QZw==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/jquery-ui.custom.css

209.71.212.18

200

15 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/jquery-ui.custom.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (1398), with CRLF line terminators
Size
15 kB (14804 bytes)
Hash
086f28b5548ea46cb27b98a5444d4681
1267603b3aae6ac49c50c0e9a60d550cf5042b09
9f0e9989236ae195a552662370ecde07998665e8e8a8c89c9e9995a3f64f2b9f

HTTP Headers

GET /bell/header/css/jquery-ui.custom.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"14804-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 14804
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!EBz1HIPj7RyoS0uKjod15JPsKvsaUtpVg5a7t0Qi6mtV9/CZPZJIY6c9RwTFhJ9djkHFVo1DqHm58NTJiYckcHOahmP0XjahD9DCSEo4dBshew==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell.connector.css

209.71.212.18

200

142 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell.connector.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (379), with CRLF line terminators
Size
142 kB (142518 bytes)
Hash
60afd7252434863601e228e354eb2781
46cb2eb033519c060bb4a7eb994abeaf8513e37d
beb19ccd981b1b2219adf7a8b5c0108825dc1222b33e8fdadcaa7ef68b0d6a3c

HTTP Headers

GET /bell/header/css/bell.connector.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ebiller.z13.web.core.windows.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"142518-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 142518
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!3q1c5jkYIgnz8qFEUwqVUcceXQbKqTEOSmsUKjEBXfdTdwoQTO8ugOY8mjPnFvfx1vKeDG5HRdHZdTHwIQ2GIDZedx7Yy5yTi8KRWR639q63yQ==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_master.css

209.71.212.18

200

153 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_master.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (466), with CRLF line terminators
Size
153 kB (153090 bytes)
Hash
f1375ffc988dbdfd4dfcc3b57360dd83
1876a7b83425eca4bf61bcb2349994e47fa9dd8c
27f935f11d6d8196622ac0144bfdb36815277977b4a9b9f74d2c1644caca990c

HTTP Headers

GET /bell/header/css/bell_master.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"153090-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 153090
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!tk+gruOaRjIKr/VEUwqVUcceXQbKqXDKLWO2+sHVelopqzbh+CMHb8PoTQyw1osz6vu8FTLj+akM5ODLDncBqXgeH6amVB2CnqJ4EUxQMYmd+Q==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/css/bell_master_a.css

209.71.212.18

200

110 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/css/bell_master_a.css
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
ASCII text, with very long lines (338), with CRLF line terminators
Size
110 kB (110483 bytes)
Hash
adb1d4cac1dd7af9b6ad2e35116765d5
376c7517be00d4cbad201157f121339fdb221e19
4c7a96357059b132cedc58b1bac711127f2f8fc5f2b7768b9e13a696f758b9de

HTTP Headers

GET /bell/header/css/bell_master_a.css HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.myBell.core.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"110483-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: text/css
Content-Length: 110483
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!0Fb4r9zc1LaS72iKjod15JPsKvsaUttK5//wlAFC2ZErMivigfn1KzxOQCwku0pR2iTAnzh/zCDe5pnrqNygjM98WhLucng1d1Oxz77aBhSkbQ==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/header/img/bg_iconSprite.png

209.71.212.18

200

103 kB

URL GET HTTP/1.1
webmail.bell.net/bell/header/img/bg_iconSprite.png
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://ebiller.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
PNG image data, 635 x 311, 8-bit/color RGBA, non-interlaced\012- data
Size
103 kB (102729 bytes)
Hash
b57802d1e1438ee085728b93e8588d56
837684b7ff84da66972f2253564be2f9a9503c4c
21e39e30e42373a43a58733e1e5e589f042ab79c36fd48e890d00d2cb5979e84

HTTP Headers

GET /bell/header/img/bg_iconSprite.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/header/css/bell.connector.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"102729-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 102729
Date: Mon, 05 Jun 2023 13:07:28 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!9d6HCPa2Am60aKCKjod15JPsKvsaUu0I+dPTtb9pNdUri7x4QB4PpQj3VFW4utQJwtO9pXyGPlxwjgyzrYQoCMpmdTzJBwI4WR34QL/lC46+kw==; expires=Mon, 12-Jun-2023 13:07:28 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf

209.71.212.18

200

14 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.ttf
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
TrueType Font data, 18 tables, 1st "FFTM"\012- data
Size
14 kB (13496 bytes)
Hash
2a4dcb55326caf6a22cc5fb5f0978566
e2233433b41008e82482a8303cd65ca13e041f67
204b75cfdd0aaa69af4ddd3a65f8aaef3632c56e35749f49b2767b05b4cee712

HTTP Headers

GET /bell/login/font/bellslim_semibold-webfont.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"46512-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/ttf
Content-Length: 46512
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!k3Vi6oTrWIqqra6Kjod15JPsKvsaUu+XmMAxwf/0WumBahZXTjFaRD/7i/Jz3Ss5oRUBmjtZWXXYdANxlfTS1IHbJLgNslXd6nAq4blu9auVug==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

49 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (48664)
Size
49 kB (48944 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:07:24 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 00b5219e0248445f823d8adee10db9b0
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d28a36ffbfbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

webmail.bell.net/bell/ux/font/fontello.ttf

209.71.212.18

200

13 kB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/font/fontello.ttf
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
TrueType Font data, 15 tables, 1st "GSUB"\012- data
Size
13 kB (13032 bytes)
Hash
1cc7ccd253fbfa847849f7b330a61c65
70bea37108d0ad6810f7a17c276b3f73b5e6fae0
176ba26504f702e2e232cc0d1768b567750b11e79a41ca6643faf34deaef19d7

HTTP Headers

GET /bell/ux/font/fontello.ttf HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"71236-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/ttf
Content-Length: 71236
Date: Mon, 05 Jun 2023 13:07:27 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!ThE2opepa5Dl3MiKjod15JPsKvsaUgTZ7gHv1wMKv7rdNHAZDn4wcPQANKq98DtJW66Q/tS7XCpBjAozuU8NpZwU9MOB1g6n1RtjknzV8BGCQg==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/login/img/bg_cBoxExtra.png

209.71.212.18

200

811 B

URL GET HTTP/1.1
webmail.bell.net/bell/login/img/bg_cBoxExtra.png
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
PNG image data, 1050 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
811 B (811 bytes)
Hash
12ad0db519b84a4856fd00ecd76f8a21
3b5d2057841adcb928100f00843d5e2f163037a3
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00

HTTP Headers

GET /bell/login/img/bg_cBoxExtra.png HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/bell/login/css/bell_prime_mod.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"811-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: image/png
Content-Length: 811
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!ykTivZx/3pYu3zWKjod15JPsKvsaUse0UUsniUBEx0ALdB+8kzIFN8/jf1y3knhI9tVNeqoPhMs8nhYw4cnCmsVYQ94p4MoOxn++oRIh/Wsv+w==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET HTTP/2
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 05 Jun 2023 13:07:24 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 29014292
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d28a370080b0b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff

209.71.212.18

200

14 kB

URL GET HTTP/1.1
webmail.bell.net/bell/login/font/bellslim_semibold-webfont.woff
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Web Open Font Format, TrueType, length 26676, version 1.0\012- data
Size
14 kB (13495 bytes)
Hash
a72239ac0ebfed82db8362fcfc59492b
4139c93c2fd13ae1de2863363080e829a1e5cb8c
5aff4ab9743bdf588b64f1ee933805ef85b8e7c0ed77f6fce6ec6c719a053802

HTTP Headers

GET /bell/login/font/bellslim_semibold-webfont.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"26676-1657482736000"
Last-Modified: Sun, 10 Jul 2022 19:52:16 GMT
Content-Type: font/woff
Content-Length: 26676
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!AGOivA0mp515hgyKjod15JPsKvsaUqa/kyT5Gs3PrSq35aCap9HecTItFR5P7VpInnbe6NoY0APssT2yu41zkiYdboJ2VXodZ6DV2p0k5EpE/A==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

webmail.bell.net/bell/ux/font/fontello.woff

209.71.212.18

200

14 kB

URL GET HTTP/1.1
webmail.bell.net/bell/ux/font/fontello.woff
IP
209.71.212.18:443
ASN
#577 BACOM

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerEntrust, Inc.
Subjectbell.net
Fingerprint69:62:4F:91:5C:7A:85:39:2F:DE:7C:C5:AC:A1:F5:B7:7B:E8:A8:4C
ValidityMon, 11 Jul 2022 14:26:34 GMT - Thu, 10 Aug 2023 14:26:34 GMT

File type
Web Open Font Format, TrueType, length 41232, version 1.0\012- data
Size
14 kB (13495 bytes)
Hash
6bf1ddf0854b7a3d4765726e2c18bddd
00e96103a59d6de0af77440105903dde909df3ab
10c3cd7614428b8100d4256158588ae208fdd6c004c08288aa937267db57d1b8

HTTP Headers

GET /bell/ux/font/fontello.woff HTTP/1.1
Host: webmail.bell.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://necessarysynonym.z13.web.core.windows.net
DNT: 1
Connection: keep-alive
Referer: https://webmail.bell.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Dns-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
Accept-Ranges: bytes
ETag: W/"41232-1657482738000"
Last-Modified: Sun, 10 Jul 2022 19:52:18 GMT
Content-Type: font/woff
Content-Length: 41232
Date: Mon, 05 Jun 2023 13:07:26 GMT
Set-Cookie: BIGipServerU47vgdC1jlGeImoUghs+Dw=!KFwB1YvlSttpURh1X38/VDhJ/s0IP1fIkEZAcBDtNYWzU67GxO2kjBMmKvqC03EE0cr+/r4ynpGZCVOne9cVi2fzFc6NNH79V9WuAOpq/mQCvA==; expires=Mon, 12-Jun-2023 13:07:27 GMT; path=/; Httponly; Secure
Cache-Control: no-store

necessarysynonym.z13.web.core.windows.net/

20.150.90.65

200 OK

23 kB

URL GET HTTP/1.1
necessarysynonym.z13.web.core.windows.net/
IP
20.150.90.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://necessarysynonym.z13.web.core.windows.net/
Certificate
IssuerMicrosoft Corporation
Subject*.web.core.windows.net
FingerprintC9:3D:8F:1F:21:6B:3C:C4:E0:BF:E5:4F:03:B6:8D:E1:D6:80:42:22
ValidityWed, 22 Mar 2023 00:18:56 GMT - Fri, 22 Mar 2024 00:18:56 GMT

File type

Size
23 kB (22930 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Generic phishing
openphish	Bell Canada

HTTP Headers

GET / HTTP/1.1
Host: necessarysynonym.z13.web.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://necessarysynonym.z13.web.core.windows.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 22930
Content-Type: text/html
Content-MD5: Zvq7q0cwddobr3677f55Nw==
Last-Modified: Fri, 17 Mar 2023 16:28:29 GMT
Accept-Ranges: bytes
ETag: "0x8DB2704A491D9D3"
Server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: fdd74b77-301e-000b-53ae-9729c4000000
x-ms-version: 2018-03-28
Date: Mon, 05 Jun 2023 13:07:26 GMT

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML