Report - ww.w.conductability.org/Login.php

Report Overview

Submitted URL
ww.w.conductability.org/Login.php
IP
68.66.226.93
ASN
#55293 A2HOSTING
Submitted
2023-02-04 05:03:27
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
112
Threat Detection Systems
430

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.entrust.net	1208	2014-01-10T03:18:45Z	2023-03-13T05:09:58Z	1.7 kB	9.8 kB	104.110.10.32
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	1.4 kB	3.9 kB	172.64.155.188
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ww.w.conductability.org	unknown	2022-12-28T11:45:31Z	2023-03-09T01:18:33Z	41 kB	64 kB	68.66.226.93
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.201.77.8
mybell.bell.ca	456739	2012-10-17T18:33:50Z	2023-03-09T21:41:05Z	9.4 kB	754 kB	184.150.212.207
pfobellweb.hs.llnwd.net	918999	2016-01-04T22:57:40Z	2023-02-04T07:34:47Z	9.7 kB	288 kB	95.140.229.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-04 05:03:50	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:50	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:51	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:52	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:53	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:54	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:55	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:56	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:57	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:58	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:58	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:58	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:58	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:58	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:59	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:59	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:59	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)
2023-02-04 05:03:59	medium	Client IP	68.66.226.93	ETPRO HUNTING Observed Unusual Host (ww.)

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	ww.w.conductability.org/Login.php	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada
2023-01-31	medium	ww.w.conductability.org/	Bell Canada

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	ww.w.conductability.org/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/mtagconfig.js	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/OpinionLab.js	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/custom/js/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/js/opinion_lab/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/custom/foresee/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/custom/foresee/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/custom/foresee/Login.php	Phishing
2023-02-04	medium	ww.w.conductability.org/custom/foresee/Login.php	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (32)

	URL	Size	First Seen	Last Seen
	unknown	0 B	2023-03-07	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-07 18:33:19 Times Seen37414327 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js	2.7 kB	2023-03-09	2024-04-26
Pretty URL mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:57:53 Last Seen2024-04-26 22:59:49 Times Seen42 Hash 76c5415b4a612a0dec80fb3a39ee4b0a e2d2a16a9fb7811b7e3e98b70c454e29fa8637c3 89da54af89d1dc132d88d36276efcf776b56d555b2b4ec4046af37bbebbedceb Loading...

	ww.w.conductability.org/Login.php	95 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash e09ec696e9f4fa41544f7405dc105f1e 7b0dd02a35b38540a9783bba88d607b4a74fecf7 63224534571dcf26da41f62ba115fc58d9f0c7b574e60a3a1724504bb2ab0613 Loading...

	mybell.bell.ca/framework/js/MicrosoftAjax.js	115 kB	2023-03-12	2024-01-01
Pretty URL mybell.bell.ca/framework/js/MicrosoftAjax.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2024-01-01 12:52:35 Times Seen3 Hash c0757477c8bd0715910811d90f3aa47e 604df9f3f24474baf6f2b67a165275fec32e1cad 99f07e7b88b828c0dbff82e95061f8226af3d5b9833bdfb8dd2c98c0a9406f98 Loading...

	mybell.bell.ca/web/js/bell.ui-kit.js	418 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.ui-kit.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 180fde6794676864495a275daaab4082 86662d5886591e7becd1bcefb73356cac538e91d 413c970f1a7531ae0c56afda5dcec00e7e025c17de25ec167a0e5d63901d90f1 Loading...

	ww.w.conductability.org/Login.php	1.6 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 934b1613f5ea2ef23d299adf878c2dd7 3ff1ded4be698b301d2857d745c15837731bcf03 5de2b53074a9cbf13918cce6b8536678f40dbc0426d681b4eb6bf1b48be55af6 Loading...

	ww.w.conductability.org/Login.php	873 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 21:00:28 Times Seen1 Hash 0a28ee6dabeee6301df5d14f160bd315 7bceee47c71104dc526587b6f67561e8aec7abcc 330c2dc1cc607b17bd0092e5531cbb58eb1995d9b813d8a7ea563a7b7b770192 Loading...

	mybell.bell.ca/web/js/bell.utils.js	40 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.utils.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 5dabea4284b774ccbbadbb35c688873d 0635bfd26b981c84d21059d5917fb74227ab5935 0083dcc14db0391e737b908bba1c19a0dafb3bd5dabc689e2e42a212a45bfb78 Loading...

	mybell.bell.ca/web/js/bell.resources.js	2.8 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.resources.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash ef9bea5eb215e67a7b9787ca191282e2 0e174b5f26a2be6ec218a8a3bea4e38df036de03 697203dceec67dcb974b62e34740f107ec904cce0e9bc0eebcccb7bd978cd6e7 Loading...

	mybell.bell.ca/web/js/bell.init.js	677 B	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.init.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 9326e81ba6fd972ab497bedc066fe6c2 c76838d07c5baf93144adfd741afe4dd7d34d11c 4d58ece359070708236f0c4e0a6a1025d0d05995db66c04f6ae3e38a200750cc Loading...

	ww.w.conductability.org/Login.php	22 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 7a16229e9b581ecc2ae71591af06bb3f 1b9e0aaa8f0990bc529241f9c578a652c9e94f3a 021bd069375548ed272d055269bed006d869bf886da4b9bd7bbc614823d2d6a8 Loading...

	ww.w.conductability.org/Login.php	929 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 16:23:50 Times Seen1 Hash 66a7eb6acc8dac458afbf34d3a4ff4de db0160740d1b2e7067c2eab0b7e8356a8e63e692 dfaa600db2d929329385817f80a0fd6ae26239498937d439072d696b4d95e87a Loading...

	mybell.bell.ca/web/js/bell.myBell.core.js	5.9 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.myBell.core.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 2c2d1ba3506307ff97bc7dfd0f0d5ce1 f088352b690c3b31f6c9ce3ff099cdf1dc4cc2ed c4ba7c438317f2d4de60759d0fcb3953f1c7941bfe7e89be56485e998af1c845 Loading...

	mybell.bell.ca/custom/js/customUtils.js	108 kB	2023-03-13	2023-03-13
Pretty URL mybell.bell.ca/custom/js/customUtils.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:49:29 Last Seen2023-03-13 18:51:46 Times Seen1 Hash b4fcaa482cc78513c8f3d93e2bdbf14a a899f632b8af65df40ed2d9164471d8b3305b80c d7803feb5a5df68e9b440cb8113a5ec94ed0181b6843504c2850df0598f2e688 Loading...

	mybell.bell.ca/custom/js/GlobalConnector.js	20 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/custom/js/GlobalConnector.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 066b3ae15a0d311864233fe8f16cc36a 1b65f2a2e4ce531b994418369ea15677940f78c8 e2947362e31f9484fb5a5926b0b71e315227bc9f8c80017e49e9bacc13ea56c2 Loading...

	ww.w.conductability.org/Login.php	3.0 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 262ae9109b896536df4024afc39bb309 d4f7235cefd517d435534d02a9c8b2ffcb11682a 5435134bf7c46462a6ebfe1f9aca2fe6198ac628dc3c7f43ec5fed2494bc8108 Loading...

	ww.w.conductability.org/Login.php	2.9 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 16:23:50 Times Seen1 Hash c0dacc9a43582e799c2f85da50d351fd d5f14aa252be708e42abb97e91269c971cd2868e d845b8a1354e683efce0cd2953471bfea0b7b28af6bef0c538940cf01573a106 Loading...

	mybell.bell.ca/framework/js/MicrosoftMVCAjax.js	5.9 kB	2023-03-12	2023-12-20
Pretty URL mybell.bell.ca/framework/js/MicrosoftMVCAjax.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-12-20 18:16:11 Times Seen13 Hash 5493bc5ddbe034e43972314457782d3a 57607917b91aaddcaa13171ff75e889223c51129 e3089f96afa53f3b13d758f75e8b0b77a225a5997411a3101e8e347dc29ecc96 Loading...

	mybell.bell.ca/web/js/bell.myBell.plugins.js	36 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell.myBell.plugins.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 35ae71394a370bb2ba293cb1d338ed22 a8f4eba60209a5b0c86be8648b81a55f2a05ac58 69b4972bfa53f8c1b0ce349d535668a710708632c05d9135b61fc704b92b00b0 Loading...

	mybell.bell.ca/custom/js/alerts.js	6.0 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/custom/js/alerts.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 2ab97af89fe682cdf611571fcd46b42a 2ccf850d4d29873b0f4faf258e0c979acded5e1c ee4d85c943d9632f12ee3afc33195031634e5e7a73c41ac867436c8e3ff644bd Loading...

	mybell.bell.ca/web/js/bell-dev.js	3.2 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell-dev.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash e7ca2a2207e62d6cee69fc26424e2dfd d716e869cf6981a3ab50a27bbd73ff617515cdc5 e735795037938915336008d73e19bc1f215a7f76f4e462d498aa8ef286155860 Loading...

	ww.w.conductability.org/Login.php	4.5 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 7880bef4b11e95c2aa82c246ae19009c e284be7a932505631b347bfb5ac87053728dd055 2a6b9357044a62130994ddd7c237d15d604d5345fb967cf52e5486c545c142d9 Loading...

	ww.w.conductability.org/Login.php	1.6 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 21:00:29 Times Seen1 Hash d41c8adc5814553e8c2250ee9ecf12e7 44f09eec80e1ab64ce9f00d36f9c572c29886607 ad57cedd272169d6436b2cadcf4af5c5e6778c8d3e827a3e6f8a728bfbaf08c7 Loading...

	mybell.bell.ca/web/js/bell_master.js	45 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/bell_master.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 2c58a3ba137020ee66ef402395b80458 de24234065a04126d88f908b926f533a3d91a568 3abfc729b52bc99bb090e8e322439d15c55fc5eb11d86e907168db0ed10b1436 Loading...

	mybell.bell.ca/web/js/jquery.js	102 kB	2023-03-12	2023-03-13
Pretty URL mybell.bell.ca/web/js/jquery.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 16:28:43 Times Seen1 Hash 710135bb1a57e59b4db34622b67d4ff2 b8cb92809ff909542f291f13c9e72d5d424da691 366ede238f19109627633efb6d793e62295ed2e1d3b8543214d3ab1f72ae207c Loading...

	mybell.bell.ca/web/js/modernizr.js	15 kB	2023-03-12	2024-04-22
Pretty URL mybell.bell.ca/web/js/modernizr.js IP 184.150.212.207 ASN #577 BACOM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2024-04-22 11:25:20 Times Seen6 Hash aaa0d0fa19f7fe585e3d3403ba2ca41e b7d7d522291eb5923cabb5ca26d8efc4fb1de8ed 6e2a3c19b2ba325ce0a07faeee24a8d01491cea411a092652a5d7ffe71f5dd1c Loading...

	ww.w.conductability.org/Login.php	45 B	2023-03-11	2024-02-22
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 12:34:36 Last Seen2024-02-22 18:32:46 Times Seen18 Hash 9fa104d60582fbcf59c8694765ff2fc2 d3b96fd9f19cf11c614defcf1cdf161bb09dc8cd 77f908f6a10e845e041ac873d83f474d56aded3bc5fbc69c6de35102a53644ed Loading...

	ww.w.conductability.org/Login.php	3.5 kB	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 8824195106b6372ab6523f6d6366f9d1 50000df45b7719253f21df069359a4f51b47589a 2458d75d6a6203524d8fc211e79d81b5eedebe50a7c3255f5013a80797f7c792 Loading...

	ww.w.conductability.org/Login.php	928 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 1fcea14a85bff6e9c53b0abac992fe5a 3b513cad94c843165dced204611511056da38381 308d1f633c83cfc863325baeeb2ff7a6011ccf7b3bc854124aac357c2790c086 Loading...

	ww.w.conductability.org/Login.php	260 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 18:51:46 Times Seen1 Hash 70d254634da610d08aa377f645aec955 6d7e12e5fa107499c480a0d7f42c2a397e800226 6931757b066d90371fa39e28e9971be1008b5b6ce00c4dbb686d770d07ca9bc4 Loading...

	ww.w.conductability.org/Login.php	296 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 16:23:50 Times Seen1 Hash 953bf0b6fe8d08d5bbe17a3bcc48d35b 68fc6d3e00db3fa557f7e99ae5e4c9de88cf733d 5a77dc1cdc84b54bb7c5876babe8b12eae794a4e3d64405f11869d1d12fec6a1 Loading...

	ww.w.conductability.org/Login.php	122 B	2023-03-12	2023-03-13
Pretty URL ww.w.conductability.org/Login.php IP 68.66.226.93 ASN #55293 A2HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 09:58:04 Last Seen2023-03-13 16:23:50 Times Seen1 Hash 4d97b642d41a7169127c047be6219531 11125c53c310f5e2f2cddbb18f9c887207b63d85 d78219a3881bc7c65340ad79cc921a7f476cd2e0357e41c544f89da6b6b24e1b Loading...

HTTP Transactions (184)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14826
Expires: Sat, 04 Feb 2023 09:10:22 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2346
Expires: Sat, 04 Feb 2023 05:42:22 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16668
Expires: Sat, 04 Feb 2023 09:41:04 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:43:35 GMT
content-type: application/json
age: 1181
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 34Vpso3GjIz2oAjRhk9RtbNS6KLcaVjrDcWZRBxy4VoPBEGYvYJQBlq0OPmSVY5odnaGNFcBCOI=
x-amz-request-id: KQ2PBT8G40Z8Z0EP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 04:52:42 GMT
age: 634
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:03:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ww.w.conductability.org/Login.php

68.66.226.93

200 OK

17 kB

URL HTTP/1.1
ww.w.conductability.org/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (362), with CRLF line terminators
Size
17 kB (17027 bytes)
Hash
dc4fcac8f3d4b91ac70d11f4eccd4f0e
c7eeb8f0cf487cf5dab9729d63b5ee014e5c6b78
ad38f85c05eaa2412db6ea279248d5a907bd3267c7c062f9f68f008fd5f1a040

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
content-length: 17027
content-encoding: gzip
vary: Accept-Encoding
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/mtagconfig.js

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/mtagconfig.js
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/mtagconfig.js HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/OpinionLab.js

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/OpinionLab.js
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/OpinionLab.js HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:49:07 GMT
age: 850
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2606
Expires: Sat, 04 Feb 2023 05:46:43 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sat, 04 Feb 2023 06:02:55 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive

push.services.mozilla.com/

54.201.77.8

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.201.77.8:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +6meQPlk+naEtGVFDSSdqQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1qUyAeH4EJiamX17GP3uaPEqVFQ=

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/css/myBell/bell.myBell.core.css

184.150.212.207

200 OK

9.0 kB

URL HTTP/1.1
mybell.bell.ca/web/css/myBell/bell.myBell.core.css
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (482)
Size
9.0 kB (8960 bytes)
Hash
aefc63ea7f7cea1a31481746d36b52b4
98812d18c629d818cf5869f48393a9afc455ee89
30dff95600ececcd9862503578f3b370e0928e70a3cde5438e693a984c043a97

HTTP Headers

GET /web/css/myBell/bell.myBell.core.css HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 18 Oct 2020 05:30:39 GMT
Accept-Ranges: bytes
ETag: "1D6A50FD0316980"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 8960
Set-Cookie: dtCookie=v_4_srv_7_sn_811C7F371BCCF3601F68611A8D3FA34F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.bell.ca
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.luckymobile.ca
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.virginplus.ca
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.luckymobile.ca
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc41df1889f79b0fc1d75ebf442ac0f0218d6988de5332988bd41172368aeeb6cb6d97d9254bb7f703fa498b576ef3ba590bdbda8455846ffde61cdd3eb4a184881519e1b3d4e75ce6394f6a1bb4f9f5e84acf665c332215f66c0741b4cc042d609f3051b6fc6aaa1feed3d3f2d85a9542da9ad0f7a38cf8e92db5feefd536a9be276401ebe0b2aaf6fe14e16305c601c7f537f03a5a0adb56613beea48801afb127a024061810cac4ec85d887a5ed3d5d2; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000fa512194732f93e8de445eaabde8ad4054db4261c111250f4af0cd5a72e389d708bfa57bbd113000a0d20073bf4896b55d0fef38902df55048f1c96a68be2483d5b278d69f5270a586d73185280877eab35534548c44aea4; Path=/

mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js

184.150.212.207

200 OK

1.5 kB

URL HTTP/1.1
mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (2631)
Size
1.5 kB (1502 bytes)
Hash
fd05a4f786abc2bcb7adcc5546bf2032
6a2a4390224414a7fda4a281ca5ac2c3c1ca6bc6
b969186c5196a69c2bc27bb0b44c7b92032f53714e91b527dca0afb98a5bf031

HTTP Headers

GET /framework/js/jquery.unobtrusive-ajax.min.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:02 GMT
Accept-Ranges: bytes
ETag: "1D4587BFB3EB700"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1888739761"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_50F1615FBE4E45630AEC79126AC855CC_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.bell.ca
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.luckymobile.ca
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.virginplus.ca
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.luckymobile.ca
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4ae2de3d89f0329a125401d11c6b375c2b81ed20a43dd0398a6500422cb676d8fdecc000e660879e563a96ed6cc7a6f3ad11c36e49b1c6c8e41609233c95464e09f07d14787e769e6fe29279e508d64237941959919ed42c85809350347083a7dab8287bf494484816137a30966e7736137d10155352e501e917866f44d4d3a5d10d6079ed24e7159e02fa3f298dba4155ebab1a847248cae72636b220e05eb28117311577592cfcef0b61ead53e1cd48; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20001a9943554002a6125e4eb79a7d4848b6b95be69737983abd9bbe7b18706615f50850522b94113000b933608f70b1925d5d0fef38902df550adf1437761b5f4149b03a723cf68f60ca1d7e13f076789b43e0370faadb7e951; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1502
Connection: Keep-Alive

mybell.bell.ca/web/js/bell.utils.js

184.150.212.207

200 OK

11 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.utils.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text
Size
11 kB (11172 bytes)
Hash
f26fada802d76f4b2285a26eb12078ef
e50e636103248315a5e95057206fbd23def76b1b
543a9df5f5b99d63184e3b1de458d0341345dc711f2bfac7fd220db499f1f21c

HTTP Headers

GET /web/js/bell.utils.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1185881673"
Date: Sat, 04 Feb 2023 05:03:16 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_B01A59F2CC1D8EE5B1FAC2895D0FBC1E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.bell.ca
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.luckymobile.ca
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.virginplus.ca
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.luckymobile.ca
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4964e935bed8487bf5799e5e6a5934e26fa029f37a017e6ddc091e8b642611af0df33a0ddbfc95b0983d85ba16091d514af4986db71e36c337b487cc32e360a9aa56fcccc06a0bf55084cf4b726dd9ef7133362b5695db74ea81e1834425f65003eb80b2c29aea97b283718722e0d4be788cf3cd16f16daa65a9128fa2a862879a66e6772e2c921f3d4ef59b5f95be302d8d464f3f73430ceebb2c67b58b0ffd74fedc1d1ca62a618447e191977b7628d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20007d79736dd29e8d6ffa7efac42f36939b7a45839542d7e80fd38c38940c75a69308e0aeac34113000e1b2049e4bbaabf15d0fef38902df55047302ef331364bbfc7e84ae04134fdc85ec6d9f2b492c343f57a9105a5590934; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11172
Connection: Keep-Alive

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335379,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91fabb4ed-OSL

mybell.bell.ca/web/js/bell.resources.js

184.150.212.207

200 OK

1.3 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.resources.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
Unicode text, UTF-8 text
Size
1.3 kB (1259 bytes)
Hash
a61f6111bdab7790cae119027424512b
323af826ac29e8291cd593832034055a152fe59a
b14b95a79f33dfaed74c11e7091cd4b9902094c6a8842acb5366e1a2a561d1c1

HTTP Headers

GET /web/js/bell.resources.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-2107561297"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_966042808C4113C516C6CE36A7CEA6B6_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.bell.ca
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.luckymobile.ca
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.virginplus.ca
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.luckymobile.ca
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4c835be4197fa334a4daf9f7d1ec7f3c327f07c99989d3dfa2ddb3e98aa79992ea0bc6069ceff8395f06d04778ad9e50d899d709adaba34d2be734de16c812cd326e2db4de422ab7417aeba7064d3ac8cc79d0a684b0ce40df4225a52996899d3a0c8232381deab60f02d86ec804971b920da1230615888f57051387defd3f74e6d23736bc95c2a3c48be798ef2f9571afc68a277ab572133ad6c6915d59ed2ab8307a17c4a29fc2991ceb88752a1efc2; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000cbfa6beb2b8931f382be6e9498dbf53e1afe4c7385b9a8e8c82e8251d816d37a082ddf573411300081ddc30956750ae35d0fef38902df550000f917087cf72c83bc069a917c7d22c63082d9721ba3c9d68b1dc4aeb368911; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1259
Connection: Keep-Alive

mybell.bell.ca/web/resources/css/bell.connector.css

184.150.212.207

200 OK

39 kB

URL HTTP/1.1
mybell.bell.ca/web/resources/css/bell.connector.css
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (379), with CRLF line terminators
Size
39 kB (39007 bytes)
Hash
1f26fa3dda9516dc696542613c10c8b0
0184132d49cbb4d9cb7897a66ef4905caa7faff5
db0222b26252a84999df346ce1cd1ac1892ef2fe0c6c7b8aac46f2fe41b8f295

HTTP Headers

GET /web/resources/css/bell.connector.css HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Thu, 01 Dec 2022 00:54:37 GMT
Accept-Ranges: bytes
ETag: "1D9051F7C334480"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 39007
Set-Cookie: dtCookie=v_4_srv_11_sn_1958B310C1F1950A0596276E2CDCD62F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.bell.ca
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.luckymobile.ca
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.virginplus.ca
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.luckymobile.ca
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4bc3953338658e952c7b7c351e571cd82440572337b73c00c267a420f8f82ceb86623ab2340ed10cee6d6b1eb21c4a9e932aac7741172f1b89311700759db5e813a8a4d0691826937000676498f68000a0cb8fa3c98177351cc286dad7b76b8aab5fea4dae41843d75ed4a9c11f198e7a13870341db013ccca7838176a2a19c42bc283b3208cd43bafbf54797c4fbc10fce4f900a8fb0b25581e8f847fb6c9596f673b47f1fef347650b758047d7ee917; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000793c6a2a2c69f21b8f9fe29a2ee03988fe0ecf30b374b5224e2837de2c62b8c80882758414113000fbc3784758a5d69c5d0fef38902df550c797c74a8c943665cc5019abdab1d88079d83c9ccbd8e1e572fa6cb061050a03; Path=/

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/js/bell_master.js

184.150.212.207

200 OK

13 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell_master.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with CRLF, LF line terminators
Size
13 kB (13360 bytes)
Hash
a23cde744b7e6bfe4b247697703bc1a4
97f4dc0d2e7aaf451d13228559fd667a6b93d15c
035b88c2c9088bf5809feeac1fdbfcb2465374bda5f603005ae3b650a985b22d

HTTP Headers

GET /web/js/bell_master.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1964492002"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_5CD3B8CC7DBD99F58BE9F5FBEA30E945_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.bell.ca
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.luckymobile.ca
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.virginplus.ca
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.luckymobile.ca
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4c11017fccee0cead66916d0c89d776b086da50d779ad138a7996cffe731636a4a19a19609705aa7bbd74f7c2ed3a51eee199adc45972446fc928d227a6e8b34f16ab833cd274c5aec20fbf36066e7bcba0fe55f569360b0c1018abe8af359e2c94a867804cd85f01abcaaf0f8a42af88c313705e94711114ae9f4cb5a8e98d3bbbfb7ff734266f337d5dca871b4a1307404058e401bdd9eeea662a65e6dff591f3d931c5a7c30b2819cbf58c189dd183; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005821572c2fe46db7e64f6a98b3858cc4e46cbca793152241ff0591dfd562ae8308f87df29b1130001905108714df84b25d0fef38902df550fac059417b670f14ef5f5ec9937defbf5154020a0a04f8a85cc40a039ffbec1b; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13360
Connection: Keep-Alive

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/js/jquery.js

184.150.212.207

200 OK

43 kB

URL HTTP/1.1
mybell.bell.ca/web/js/jquery.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (65181), with CRLF, LF line terminators
Size
43 kB (42557 bytes)
Hash
9bef531dbbbe3a0741fa84e6aa49bf06
ccfa0834528e94c0253ce7450e7e0a763c2af220
456f056c3bf5b5b16e286bd472c1ba2335e6e2fb80e88c0ef930ae351de0dbb3

HTTP Headers

GET /web/js/jquery.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Mar 2015 07:57:09 GMT
Accept-Ranges: bytes
ETag: "1D06475CBFC3880"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="525916092"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_7_sn_4184640CD66C6F7DE0BE3D3E8C4D44CF_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.bell.ca
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.luckymobile.ca
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.virginplus.ca
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.luckymobile.ca
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4959c2402e3762d1c00e918e8511ea2fd70de20171d136371bb8bf87b7b34c6ec35796445f335f3a98bb742d61408ba7a5fb307d1cbabd0e34c494bbbfff1dada3234e1e9bb408882799e7366487c56bf37159ec9d53c7591441e67eb478d6883fb22a80258c190f146416571e6956eee182c41189894ffa14b3f71deab6bf886932f28072673aea004ae9410aa116a2ec11024b17fc673d39553767eff7c0d0ba20e8ebdc97b867f967d625305de044e; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200059846abd8a85de369cf4de4dad887b0859affa03d26cd9867bcf7de830b3732d086e1307f41130005283bb3b6b7d9ea25d0fef38902df5502ed0e3bb0ba2eba306b7f3b192d7e6661135ebfc1be07d230ea1c0fdc8fb838d; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/framework/js/MicrosoftMVCAjax.js

184.150.212.207

200 OK

2.5 kB

URL HTTP/1.1
mybell.bell.ca/framework/js/MicrosoftMVCAjax.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (1215), with CRLF, LF line terminators
Size
2.5 kB (2506 bytes)
Hash
5831942b3558e03c8d3b1a392d2b9b55
1261127a755d36072e79ea5c1851b87a81bcea2a
9821fefc3852ec554ae89c573af199cc8aa9757e5f98012008e32d7a9fdd78da

HTTP Headers

GET /framework/js/MicrosoftMVCAjax.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Accept-Ranges: bytes
ETag: "1CF8DF32DAE4A00"
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="540605714"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_6_sn_673694816C0719A8677FD004D99B82B2_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.bell.ca
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.luckymobile.ca
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.virginplus.ca
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.luckymobile.ca
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4117c27134fc310e67c4ce8546e368f6224ee62538f6aca7013df93309176d65ff075a3b6d4ea85fcd019bf443afd9f4cfbd652f6d5242c662dbe43a58e04efb23a4eeb2754dff2324b27a773c2b76d6c49ffb4337913970c3a9e6189bdc4ac30999aa2eab3823c88b0ab8c1bed56aeac64b7891a8d0e778bb2d85dd5057d7035d513fb10857a2f4a12e7ed9ba33e780db448b4ecf2b6dee3d683f2ade571d299e147ac520ab8128531768227e163fb00; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200060ccd899ff78fa7a4b30958008d888865ddd1693fd58adc828a9c385983eb941086c7677c41130005b9b0530dc47a8f2d1b82227fa3af13597e71665cb84ca7511f7225e57fa52afe69a8f75d4e585ef0259bfb4f42f4e81; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2506
Connection: Keep-Alive

pfobellweb.hs.llnwd.net/resource/web/css/bell_master.css?ver=202302032225

95.140.229.2

200 OK

38 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/css/bell_master.css?ver=202302032225
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
ASCII text, with very long lines (525), with CRLF line terminators
Size
38 kB (37824 bytes)
Hash
b28501772bce35187d1b3e8181ca0cd4
9b56bd5f817f39f0972edd76e900d69d1a484eea
ce428060dcf0843aefc4b2026cd270a40fe0130ef6e6b9203cfdc776c94b5d7e

HTTP Headers

GET /resource/web/css/bell_master.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 37824
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5819
Last-Modified: Sun, 17 Jul 2022 07:43:04 GMT
Expires: Sun, 05 Feb 2023 03:26:19 GMT
X-LLID: f88a9d6cda9006f80b1ef94911f8cd1d

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91fe2b4e8-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91d80b50b-OSL

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe919f4fac4-OSL

mybell.bell.ca/web/js/modernizr.js

184.150.212.207

200 OK

7.7 kB

URL HTTP/1.1
mybell.bell.ca/web/js/modernizr.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
HTML document, ASCII text, with very long lines (14641)
Size
7.7 kB (7722 bytes)
Hash
dd03a8a2a63fcefed68b0c1692e733c0
a23606c2ea2ecd58ef93d84cb631184c7d82641e
2590b1abd32d78525fec7f91eaaeeb564897589130cc0f115eda419588a733e2

HTTP Headers

GET /web/js/modernizr.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1371426710"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_3226A55B854C6E214F53A1CDB074271D_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.bell.ca
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.luckymobile.ca
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.virginplus.ca
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.luckymobile.ca
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc42871a45ecf2364ec4aae8da3eba60af8463359f10b843dace2480f7eec4e81d5bb4700b37707a499042098ca51b5c545f3e6c1af4d8c12cf861c085168f9e224ac021412f59be7a45a7f7dccb8cf9d5f71bf64e6f8cfeec3022a97a464ddc8db82b89401a44e553f52cec475895b6e4847bcf6958117a6f8aebb0fe13c9818b0c62358985a17713ead3b9094afa131b082b07ff69422144952b9738f76e579ee17951949b8e365e1e7b3b6d8ecd87756; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000168fab779efd71e6ef7f4adefb8a3ae5a46701b6c08b09f1e5800e97f75ae07c08b327d78611300072728a6ecf46a542d1b82227fa3af135a5bdb5e9964123eaa096324a4ff85e2287d5a083fa9c4ee5979885dca6ca9414; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7722
Connection: Keep-Alive

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/js/bell.myBell.core.js

184.150.212.207

200 OK

2.4 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.myBell.core.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text
Size
2.4 kB (2384 bytes)
Hash
36c94a43b3dba120461494199d36a9f2
116545b2334eb249a496531226ae28ee9e8f1a0d
ab3a4aa8f2b67870aa3fe9c8610982b9427f8e8b1f28f23c0055090a25ad8928

HTTP Headers

GET /web/js/bell.myBell.core.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2071765912"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_1E9A3FE2E4C85A5EFC152F7C39C30876_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.bell.ca
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.luckymobile.ca
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.virginplus.ca
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.luckymobile.ca
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4da43262bab62322f8ceb541f07514a65de8ecf366bc916a8b5f61cab06ba1ed3388d955d2f9450923d6adc43c3d25646fe292ae538685d5644aba108c2bf95ff3baf4904d657aab3fcec975ac1415f5ce6eeba56a4a2d46bf81e0e4d2664a624c00306b545adcd6671b203c4bd161c278636e8073130a0bdaa6ac8c390a0014d0e4aeb6d3b317ec7d02b70ddea259f51db8e4bc5270e5ab44b1e0c21e83469815ab88aa05d77c19e9d859aa99f1541c5; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005f9417c8ae16f4871b72b5f4ec32b7c4092bcf58a661865eadac59b4cf7a1e9808699d16d51130001a955a7f868a5a3fd1b82227fa3af135d7b88c32a9c274549c99a5dbb4e81f8eca3e326dc6b42f829f0b860918629ccc; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2384
Connection: Keep-Alive

mybell.bell.ca/framework/js/MicrosoftAjax.js

184.150.212.207

200 OK

37 kB

URL HTTP/1.1
mybell.bell.ca/framework/js/MicrosoftAjax.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (65326), with CRLF line terminators
Size
37 kB (36653 bytes)
Hash
8b169be73ffe6320f005301b4b6834d2
3f7bc1539d1120ef739682bd6eb1fe25ee1b667c
8a8cb3375e08db8a08f0d8e272aec0e6144581662d32bea6279037d85e60292a

HTTP Headers

GET /framework/js/MicrosoftAjax.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Accept-Ranges: bytes
ETag: "1CF8DF32DAE4A00"
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="300768273"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_8_sn_9B9563253EE70ADFF489D45D94B66823_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=868293804.47873.0000; path=/; Httponly; Secure
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.bell.ca
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.luckymobile.ca
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.virginplus.ca
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.luckymobile.ca
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4d0e0d4b0874b8b7549afd65773d182dcecbf78cb6e8f02e2afac3bf2619b86c72bf08beb70e0c2cd96d062053f3b0d03ff65a7842db926c93535de9dd637e21d48cb29bff1228a4de81c9056c0e4e89ebe2b928f65914cb6011903cd1943a2b33ac80a7a574ba3a26e70038a849fb623fe9bd4d12bc5e3d3a5dabc9e75cbae3d75ec5066865ee58c894a4f012e9704668fecaa78ff75b36c94ce09f7911e4dd32c28a68087b75d3e4d56dcbe25f903ac; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200043ccff270f676b8dd3c70917a5da700314198a185e81140b5ccea6f2609db477083b38d9221130005f138be7a3a00a3ad1b82227fa3af135efc682a69e5fc4daf1a1a2ef94fba885994ca4c3e45398d6915edd98722331d2; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/js/bell.plugins.js

184.150.212.207

200 OK

136 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.plugins.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
Unicode text, UTF-8 (with BOM) text
Size
136 kB (135778 bytes)
Hash
56f516c3677a339de73424c8608ba79f
847d55d08ebf7a64abe40b6d2a77c1d057393f1e
99f64cee4ed2c8ad3d98ae33755e328060dcda435d9454163697aa5ae4d0543c

HTTP Headers

GET /web/js/bell.plugins.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="847318869"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_FC64BFD627340B9B041EDD7E0CACE608_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.bell.ca
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.luckymobile.ca
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.virginplus.ca
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.luckymobile.ca
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc48fda0dcfb2e66508b8a2fa60f22302efc230e8c870b9270ba67633641b40f6bcf8a771b2aa5855bcb4b57609044824d97da1d7ed01a0cd58dfea9545f777fcbeb834168e936b51b9b4232ad800176fabb5270df018ebe9865ad59a4f092c6b538f2dd35795c9c5d5865480ad463cf6d4e7f05285e9086b271d87117084acd41ebcaaab0b6515494310f4b69d723d7b5e80b8fb530d7b84aafa763f750d08bd63c1281a2394973ecea0fae39e61f11b32; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200017704c6d0b689e560b38da10185baadcbeee40bc1b7bbef8e0e174b98e26ebf60877062f691130006bbea8622154bef05d0fef38902df550f60a698a82e6bfd3abdc2603dd8110bd1c47f76eda50d66ba205cf04e1242f3b; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

mybell.bell.ca/web/js/bell.myBell.plugins.js

184.150.212.207

200 OK

12 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.myBell.plugins.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with CRLF line terminators
Size
12 kB (11452 bytes)
Hash
edce8faac7d76099adb400bb4bc9e38b
9ee1b6e6dc0fb02cb7d310040e567a86505f8bbc
8dd4d893cc00e7125e5a3284692baef893d922d4b1340d7390dffa3d5b0c04e9

HTTP Headers

GET /web/js/bell.myBell.plugins.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Mar 2015 07:57:09 GMT
Accept-Ranges: bytes
ETag: "1D06475CBFC3880"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-971825556"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_41F62A42DA9132CF31D67C9BF05BB90E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.bell.ca
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.luckymobile.ca
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.virginplus.ca
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.luckymobile.ca
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc45919baf5a0215151b319c046c976c3c81606938c9599fd6742f11794c53eaf80dd9aad696961cfd93fc6e1ff8117f899d262c5f7272931e31bba627638e381ff2f58909404a8bb1fc8784845742be5e91dad45c2827ceaaf319e9bd66bd2b2ec9cf2d7203a9cda1e36b512de446bc60689c6d87355bc32cbc2b87a2423c937a761c66ce4de0e05a166b23d8c39931eed9e00082aa76f17186efd6a2ce279bf7fc894aabbb94f21eb66b522aa03a51f6d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005871296e5052a4d3304e490d913b285b2a82898561e33883f2549a79da273d170842686d2211300086cf7accb2f4cb03d1b82227fa3af135a97c5acfaa5f4b640143cb2f37453af95fa71cdb6fc6ac43a1aaf603c77bdbbc; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11452
Connection: Keep-Alive

mybell.bell.ca/custom/js/customUtils.js

184.150.212.207

200 OK

29 kB

URL HTTP/1.1
mybell.bell.ca/custom/js/customUtils.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
29 kB (29048 bytes)
Hash
e30430beeda9d135c90f4b83dd645d3f
1afad19cf2f83306d9b853de56e8f679ad1fcfa9
7800b367a026c540bb8379fb4925f9fe58ab451300bb2db459bfc1e70e52838d

HTTP Headers

GET /custom/js/customUtils.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 15 Jan 2023 07:34:55 GMT
Accept-Ranges: bytes
ETag: "1D928B3DCA1F980"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-224030462"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_1CDE5E7210F59C9FAA5B3C7A3F17E7C2_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.bell.ca
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.luckymobile.ca
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.virginplus.ca
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.luckymobile.ca
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc404c61ba7f21a9be258d5b5c208c1395aac7b35e70002c644cf3abc6b1a8e7ea9a81dbfc81a0c00f0e8340d583fd899dd9a6ca174634ac71ae8166b4359d677d368de934f447fddde04376bff29def2f0fbcb7f856973603ffd0f3cd5c3aa69d7ca0d65fc283a49d1e605f430f20bc58a39dc0c4f00dfa2a440c340b24bc18b3325b965a21fa2233284fd60182b5a130bf29d088700ad036c10c66b48e0513249a54c0544c6a72be3ffc5ca9eb43e6212; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200077b8780a748e696d02aee05bd89908719398657e94843a26206ea79f2f573a0608ee40682011300060abe68a90dad63ad1b82227fa3af1358b722dd662c3942444138b6fa6ce4db5f1783de882f0559dd01305bb9f38c847; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

mybell.bell.ca/web/js/bell.ui-kit.js

184.150.212.207

200 OK

138 kB

URL HTTP/1.1
mybell.bell.ca/web/js/bell.ui-kit.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (18608)
Size
138 kB (138076 bytes)
Hash
645ae2c45e9214b96a09c7c31efded50
0a3949a82e378686523629c0b39aceec9161c230
29114303ab2fd00181d4df40e9a484245f991af3b6efbd417ad5d61f9c9776f5

HTTP Headers

GET /web/js/bell.ui-kit.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1647225404"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_6_sn_C5389DBF83599E0F32B98EA38F883F5E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.bell.ca
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.luckymobile.ca
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.virginplus.ca
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.luckymobile.ca
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc460232c6e146197cafe4c4084fe860bf53a371b68f6981545bd41ca134a204eb83a6188157171f400de7535785c60dab85fc1f8a55d4df10ffc98fdf2de495ada386ab4e57bc071c9e63c4850c8db0c06c9a0f1f67b69216bfe019f717a402222fa61b337bc356e8153fbbf266f47dcedd3d67d99f75a9c25f793bc463044ab7200acf0c5b37b2734bb1552bbb8ea93ef65442cff71763effdb9b1ca33163be3aa3b3746d0d09612c8ab7ee44ee152bba; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000a48f6822a786ce39c9047d96131d8ae4e846ead5a1e46e91e1b66749112c68d90859926c41113000081791be651337235d0fef38902df550d4e637df6627d5dd2f94ed6e22e96555d09bf23842a15bb53a6db3a4a1dd7713; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/custom/foresee/foresee-trigger.js

184.150.212.207

200 OK

59 kB

URL HTTP/1.1
mybell.bell.ca/custom/foresee/foresee-trigger.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with very long lines (639), with CRLF, LF line terminators
Size
59 kB (58928 bytes)
Hash
c180061039e8d80dc33c02f562452415
22c976d7bfab51486faa826581e1a03f9923163b
a34302fde082626e445c55df00d0ad349cf1d921d7608143890c854b869e2c69

HTTP Headers

GET /custom/foresee/foresee-trigger.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Tue, 23 Jan 2018 02:19:07 GMT
Accept-Ranges: bytes
ETag: "1D393F08BC11F80"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1272420543"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_F18A51FF4C4E4B83BD653D4D72E7BAB5_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.bell.ca
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.luckymobile.ca
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.virginplus.ca
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.luckymobile.ca
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4a25866f8296869ecdf4436db3bf5b79bacceea520e821f61ee714ba3856c85a79f802d6dc8d927ba862d67f75b6e40dec6c28db0e025cbac27ac4fef9ae7e1455cf8487e6abdcf35958eed35c4c24489a553b9c65ab25ca6dbc6e2761a6d60e6182556489248d0ec519bf2145774fe68408be6835498fe1a83ef5e7741b482b38b14637175a99317272eb51e62cdc889d019784f41102940c387987c0fbd2636459d61af5aca77463dbe5adfdb399528; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000de05bcff4a22b762995d9ea903d6577f41986240a2124c447e8877bc13610d420882f5913f1130000998a2735e24bfced1b82227fa3af135f15946a6421901c1a57266c3dcfa8a2290413a764734e2a9a52365ea42117a3c; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

mybell.bell.ca/custom/js/GlobalConnector.js

184.150.212.207

200 OK

5.9 kB

URL HTTP/1.1
mybell.bell.ca/custom/js/GlobalConnector.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with CRLF line terminators
Size
5.9 kB (5872 bytes)
Hash
dce0d28b95529eeb82759edae10a5800
a4916137ee56e7e2754099126641541d5a68eef3
a8433b0aa02055b1fdba54ad07222313f20a5a04cef67ac03f3d83bb11c1ee1f

HTTP Headers

GET /custom/js/GlobalConnector.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:01 GMT
Accept-Ranges: bytes
ETag: "1D4587BFAA62080"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="137536645"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_00FBFA65106712A0F2FDAF7C6B1840B7_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.bell.ca
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.luckymobile.ca
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.virginplus.ca
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.luckymobile.ca
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc494f7e77fc39f4c6a6c9e9401d88c5c919e8497b715d978abe9e9f02ea43ec0a07a9f371df34a846830c27b327291d881bda8a2750c434bf4e15f15a5935d501c12f6a28c5652de21a1444b028b663f3db117c1da2332fbb163ed12fd5e6d9f7d33434e104d06323f9e990ca8ba47c0de669eba3db1378f19c6d8965076f8f55fcfdc45c4a3d9e9254a843f3ff0a9b5b97c13fdbf9fc18f28d729c5cae77ea030d6d7e59a9590888375a7695d1ce07aac; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200058d3ec404f05bf3d2ed5fcc5cb36180e974bd54323598776e42115e2e12b437a08eeb5fccb1130000937edcb6e5060bfd1b82227fa3af1358312a5acf340b696c855b56faa4ab6560bd273a36581ea661c7763c7254d0e6c; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5872
Connection: Keep-Alive

mybell.bell.ca/custom/js/alerts.js

184.150.212.207

200 OK

1.9 kB

URL HTTP/1.1
mybell.bell.ca/custom/js/alerts.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1909 bytes)
Hash
5cef56c2c0a60b506d082de56e8d6566
c21a627753eb503007257d4ed04d4b837b3a97ef
d2b8e1bfcdd6369dfd89f9664858a400a89fd81d956ccfd09289e59bd2f2c604

HTTP Headers

GET /custom/js/alerts.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 24 Apr 2022 07:59:54 GMT
Accept-Ranges: bytes
ETag: "1D857B14839B900"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-262923238"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_7_sn_157C20186DB10BBC62CD76E39A841DDE_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.bell.ca
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.luckymobile.ca
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.virginplus.ca
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.luckymobile.ca
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4ace742527dca5f1b8223fba89cc647bf66f01fe3b1a95b80b443d6519e0ac65f29ee9d5b3c49b1b905128781f2aeb12111a72e6ffd4836ea0d4a3a239221fefad82fbc9476aeacabf61776e6bd03a5bd2dd9aa23daca2395e01228d9ce8e9834a1a5e87174da39f8fc1c87d7ac336fd1e0d76e173456a3faa077a408a1cc52622330df8b354f70d130569d3ae5b527a7e2913288e18cfcc7d0b35aad5b3088c6d302bb6472f86a14d77412d50fce5184; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000fcaad8b9844eea411724e53a3bcd67cb11f416c03401ac90b16ee3029eb6fb3c08282be29c1130003e4b3900da0b2e2ed1b82227fa3af135cdcaf4b39b6ec5b3f9d5e85d852f80ce5fbe8088c7e2a0e25b6fa71f933861d6; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1909
Connection: Keep-Alive

mybell.bell.ca/web/js/bell.init.js

184.150.212.207

200 OK

677 B

URL HTTP/1.1
mybell.bell.ca/web/js/bell.init.js
IP
184.150.212.207:0
ASN
#577 BACOM

File type
ASCII text
Size
677 B (677 bytes)
Hash
9326e81ba6fd972ab497bedc066fe6c2
c76838d07c5baf93144adfd741afe4dd7d34d11c
4d58ece359070708236f0c4e0a6a1025d0d05995db66c04f6ae3e38a200750cc

HTTP Headers

GET /web/js/bell.init.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-497812773"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 677
Set-Cookie: dtCookie=v_4_srv_8_sn_0F494E070369A669AEB1260B04D1D965_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.bell.ca
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.luckymobile.ca
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.virginplus.ca
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.luckymobile.ca
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4bda2146b0db05b675eeec5c2b40fbb9a1b78218b3767fc6701f76bb5eb5b59da257de9852d67b70db6231b35e920fa98d717231de2323526b52498ee07ad7ee9fa5d5d81ba44cdd30d6feed2f6b45204ffac734155d74085bde39a495fdaa79a141f0bd949376b6965b2e3ec35fa4b44ba64edaedda8772fa4a2d75ef2aa7fc27aecc77cf2d843e29093026df737603b3629db4c3f9bee70c80c20c782575964c3e6a337273d984916eb7d343e55aa7a; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20009502f5d059c81ff02b4cbff218ee33ec690e46d0501383f5e53f4a738d155d53086d93c4aa113000f291626cfb97bb99d1b82227fa3af135999789e7153dd29bee0afab2e438f92d09150d9674e857ed4a37187a31417526; Path=/
Vary: Accept-Encoding

pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225

95.140.229.2

200 OK

21 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (485), with CRLF line terminators
Size
21 kB (20834 bytes)
Hash
ad5da7368d46dd57640211011a44ac0b
29db31ffbe9529099cf4e2d55b862cee209b84bd
2c850e28ab20d888a23f1ad5fba93fd21522089d7d543eec01c03c58e3f4805a

HTTP Headers

GET /resource/web/css/bell_prime.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 20834
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5803
Last-Modified: Thu, 01 Dec 2022 00:54:37 GMT
Expires: Sun, 05 Feb 2023 03:26:35 GMT
X-LLID: b3fe933518c1edf36cf8a20db24dca41

pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225

95.140.229.2

200 OK

28 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
ASCII text, with very long lines (397), with CRLF line terminators
Size
28 kB (28162 bytes)
Hash
da726b37bd21849e8da698efccc14333
e59e1e40aebeb523601ef354dfa66c033351ec03
11b9b3660116bf0c405f5617cfe4f3d9e954000a06b33614cdf617618c4c182a

HTTP Headers

GET /resource/web/css/bell_master_a.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 28162
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5877
Last-Modified: Sat, 14 Nov 2020 11:31:57 GMT
Expires: Sun, 05 Feb 2023 03:25:21 GMT
X-LLID: a7a13c8f9ff3880325176ee9f45b2ba1

mybell.bell.ca/web/resources/images/logo-bell-blue-47x28.png

184.150.212.207

200 OK

2.3 kB

URL HTTP/1.1
mybell.bell.ca/web/resources/images/logo-bell-blue-47x28.png
IP
184.150.212.207:0
ASN
#577 BACOM

File type
PNG image data, 47 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2281 bytes)
Hash
40a5354259fa7c6eafb901f28b9fa068
d9b4d2c00bca1398b07d60624d5886693d9034c8
d0eb56a3b02a0632526e3b2bd062bdd0c3b1803948b881dea9ac25ab345c408e

HTTP Headers

GET /web/resources/images/logo-bell-blue-47x28.png HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/png
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Accept-Ranges: bytes
ETag: "1CF8DF3330B9480"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 2281
Set-Cookie: dtCookie=v_4_srv_8_sn_C11795DB0F10D6DC44087EA36E747066_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.bell.ca
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.luckymobile.ca
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.virginplus.ca
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.luckymobile.ca
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc477296dcf121c8c83d8b02bed583e1c74d3e6ac88b098bd18c460604eb866a5533c270d8163242f7e5914944d1db3107795e69a33a0fa08ad34867268ae3d3141d157d9edb3bf665121393a90ab84feaca8393b976b4d4ba75024e2daec7f82a37eb1e93889dca4ddc2c246d43732021c03e1cb6df4ff3ec170fa0e9d6138cb2645bee766725d9d147d7e35aef31d92e9c5f19a00b5fbd4e85c8dd564fa65cb3083adf6d86654ff17e7aaa926a4edb04d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200045dc08c03300657acb2d41df827404b60ecda827b8bc6a6d035b120b328a060608f5e44a571130005dba19d18acac3a5d1b82227fa3af1357efa6c607accb6077b7394bc6688f0a54b389ce96d5339d09fac4fb960cbad95; Path=/

mybell.bell.ca/web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg

184.150.212.207

200 OK

5.8 kB

URL HTTP/1.1
mybell.bell.ca/web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg
IP
184.150.212.207:0
ASN
#577 BACOM

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 170x155, components 3\012- data
Size
5.8 kB (5762 bytes)
Hash
6ff8b5688ec3a0c1c5820dc7ebc7877b
aa26095b27d04311d9fdde14c204891592862a3c
2369f95bbeced1c99b833aa9a0cb4b3286c7a675cd3cd561cc9e4a4d4fc17743

HTTP Headers

GET /web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/jpeg
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 07 Dec 2014 07:21:29 GMT
Accept-Ranges: bytes
ETag: "1D011EE6B126280"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 5762
Set-Cookie: dtCookie=v_4_srv_8_sn_3ADF7A398F54EA9F723763FD11C9C90A_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.bell.ca
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.luckymobile.ca
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.virginplus.ca
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.luckymobile.ca
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4de44ffb080beb3f2bf28efd9b1ed56a194fdf18a636b78aa25ecdbd79a08c6f3e3acd0e2406ca4512ce73bd0a342b84fbb14d05c221e4dd08a346a3b67a2a10522bfefa2af9e29b759bbcf85ac0fc99dc0dad2626824b85b177c35b7fe62009ba4ebf15a90e70a74428606e85d929cfa0e2248ef37551fc89f3e921a2619d8b10f340c76ff648d3e02db43240f71c75a9fb7bdef44d7e6d7e587973500c4982afa5703f8ae9b27390d554d7fc43196c5; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000272d0f07212cceda5a7b6edc95f9c628cba3e7a1341ff0ac759221ff4a2a77cf08dba60fd71130004d0ec28a8899877cd1b82227fa3af135e1e371d3c8ef803000d28d1001a1c21299e117041c3656ad5bb656a4fc061e97; Path=/

mybell.bell.ca/web/common/all_languages/all_regions/images/login/not_register_yet.jpg

184.150.212.207

200 OK

8.1 kB

URL HTTP/1.1
mybell.bell.ca/web/common/all_languages/all_regions/images/login/not_register_yet.jpg
IP
184.150.212.207:0
ASN
#577 BACOM

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 170x155, components 3\012- data
Size
8.1 kB (8142 bytes)
Hash
cc1eeaae90343c9a7d0d74012baff655
ebbb2c93453b78301a55dccf1d704356431fb558
517dc416497e529b17399864d06116294060f0b858d63fe933abb90dd4ef998d

HTTP Headers

GET /web/common/all_languages/all_regions/images/login/not_register_yet.jpg HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/jpeg
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 07 Dec 2014 07:21:29 GMT
Accept-Ranges: bytes
ETag: "1D011EE6B126280"
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 8142
Set-Cookie: dtCookie=v_4_srv_10_sn_4DDD7E0152B065DB9E5388971080B8DA_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=868293804.47873.0000; path=/; Httponly; Secure
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.bell.ca
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.luckymobile.ca
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.virginplus.ca
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.luckymobile.ca
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4fda363db2b0b9db8a7a0a42480cca1392584b9404805167445f52430c7b9a054a05f124410199a22df7e07a4aff0bd3c1122f501ff42697f71ce9b4da065576dfc626bc262c134db1e8f93ecccc7c03c78d477a18e0052e2be846acdf91feffc62d811b14467971b4d542feb123be0434c2a9148515be2ae2f845f9b61ef08d7a25f5d8fcda89275d4c284fc07eec335ac762ad54648b546020247f52d5d0e0b3521578a5ce45e221123703c4bdbc0e0; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000499f63863d3f2b9868e72c423f5cac0cbca5671feaf394d8b5761ed17523b69c0806c212fa1130000b3f9289dbff37d9d1b82227fa3af1359aabaff4fb95f27af9b36ffd4384c03b613dbf13c5f7f663779041b7b1d6437b; Path=/

ww.w.conductability.org/web/common/en/all_regions/images/logos/entrust_seal.gif

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/entrust_seal.gif
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/entrust_seal.gif HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13065 bytes)
Hash
cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 26181
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7249 bytes)
Hash
d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 24777
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8909 bytes)
Hash
a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 24745
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9500 bytes)
Hash
3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 23562
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7992 bytes)
Hash
65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 24777
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 24777
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/js/actualXFTag.js?ver=94.0

184.150.212.207

404 Not Found

34 kB

URL HTTP/1.1
mybell.bell.ca/web/js/actualXFTag.js?ver=94.0
IP
184.150.212.207:0
ASN
#577 BACOM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7448), with CRLF, LF line terminators
Size
34 kB (34245 bytes)
Hash
2361d2eaa2dccaf59bfa851488c9bf4e
ac6c957cf13fcc9bf889f580d8ed3aafc0038f80
0d1c1cbeadcc65e8c2aad00dd08e89d7d7fc3eb26c607bb90259dafb05e6204f

HTTP Headers

GET /web/js/actualXFTag.js?ver=94.0 HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store, no-store
Pragma: no-cache,no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Set-Cookie: ASP.NET_SessionId=3hwoewc3ejof0fvu4nctfszy; path=/;SameSite=Lax; secure; HttpOnly; SameSite=Lax
gemini=region=|language=en|province=ON; domain=.bell.ca; expires=Fri, 05-May-2023 04:03:18 GMT; path=/;SameSite=Lax;SameSite=Lax; secure
gemini=region=|language=en|province=ON; domain=.bell.ca; expires=Fri, 05-May-2023 04:03:18 GMT; path=/;SameSite=Lax;SameSite=Lax; secure
SessionCk=c6ef0bab-1651-471b-9539-5216394d17a1; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:18:18 GMT; path=/; secure; HttpOnly
SessionCk=c6ef0bab-1651-471b-9539-5216394d17a1; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:18:18 GMT; path=/; secure; HttpOnly
InActivityCK=a2ee2eec-af65-4424-877e-177ccf3589dd; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:33:18 GMT; path=/; secure; HttpOnly
ConsistentActivityCK=a2ee2eec-af65-4424-877e-177ccf3589dd; domain=.bell.ca; expires=Sat, 04-Feb-2023 17:03:18 GMT; path=/; secure; HttpOnly
OmniturePageName=Mybell:Error; domain=.bell.ca; path=/; secure; HttpOnly
dtCookie=v_4_srv_5_sn_D4DC1FB76D56A8E89D54D58D1294C4E0_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.bell.ca
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.luckymobile.ca
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.virginplus.ca
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.luckymobile.ca
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc44380d594a02e82eb9af79a39079d4cb5748184996f7fb8a5352405072715e19dd3117d0db0b6bd456c0eba4edf3027a39f55053bb0a1e44562f078bf7869a7beb4dd8096937ab1c579da05315c31e9f93232d33e426db898eeb48f09766789026e73c7996554bf01982181538736d4c5be19ddb9ad86bd3e948013c641cbdfc7b17388794df5cb2966e73e17db8f269b3d7b0a6ccbeff8bb2e1406368f96927d31750649bc8b8babe84318f98050b9dd2e3c1adb80b458365a59fc73bb1a523dd4a8ca6bb545bba0608d25e00478f10092fd4603143b688c4b74f3a26c371a67551ad54a83ef2b68eff4bb103612b3e97dc7a8136198f2037a5b8a0bf58c2b829875c1f13235879dfe9d30eded010f1f13a9251dfd13f2efab80b1c831b2a2a1bd25d7fd54940fd00fd794e47ef60f4a; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200088b6b83046e3614b89a57d1decc5f7321f0fec74701d5ba5755a495f1ec6890708d5b67ed1113000dc80b6eef78cb24fd1b82227fa3af13501efc8acb59386540ffe88cd0f825abaad8550815afd3799bc7928a2e3bfb206; Path=/
X-Generated-By: O-BC010
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1443258655"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/custom/js/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/custom/js/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/js/opinion_lab/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/js/opinion_lab/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

pfobellweb.hs.llnwd.net/resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511

95.140.229.2

200 OK

27 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
Web Open Font Format, TrueType, length 26676, version 1.0\012- data
Size
27 kB (26676 bytes)
Hash
d390666bb096d61b31bbf0a7db646a15
0f496d2ec716aec051e43ee64fc1e4de19d6bee6
bb953410afd56c025f342f51c0f872e998085a81e56bdf336f94d5eb6685f829

HTTP Headers

GET /resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww.w.conductability.org
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:21 GMT
Content-Type: application/octet-stream
Content-Length: 26676
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 30273
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Expires: Sat, 04 Feb 2023 20:38:48 GMT
X-LLID: bbed85dea59f9b4903bca42b5f450091

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038121

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

mybell.bell.ca/web/common/all_languages/all_regions/skin/favicon.ico

184.150.212.207

200 OK

74 kB

URL HTTP/1.1
mybell.bell.ca/web/common/all_languages/all_regions/skin/favicon.ico
IP
184.150.212.207:0
ASN
#577 BACOM

File type
MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel\012- data
Size
74 kB (73758 bytes)
Hash
bcdba058bf6b99e78e7e8ba712f3d3af
3c08ea5cf75ea3fba13f8d8d453aa38970b7ba81
aa8e33f2d864cc8e3825f164c0524fb26ebee04a36bfe81d66a570b2088f4c99

HTTP Headers

GET /web/common/all_languages/all_regions/skin/favicon.ico HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache,no-cache
Content-Type: image/x-icon
Expires: -1
Accept-Ranges: bytes
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:23 GMT
Content-Length: 73758
Set-Cookie: dtCookie=v_4_srv_10_sn_4871704836A918BEDB39927DB3F2A90F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.bell.ca
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.luckymobile.ca
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.virginplus.ca
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:24 GMT
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.luckymobile.ca
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc42b767371cc7e3e5f28e942ed6048a70b3d250ab6f255e0857841eea89f76987657f673d20a1af654ae4591eed4ba72c9adde1d44e6d028b5fa11b1fa1113a703d673e78326f326bc60ba1386b3f265195320486786d3ac988a90505ff0d7a5e89c7832ef8e01a379ccade486321d10c2a9388e0a6b57fa37ad958475edf9cb7aa615e838324a6b9caeb47f4ef2d58bbd86e8c80a9ddcf66b5903806069258a76a847024424b96017aeff026b1fc86439; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000937fef2ea45c8bfa6ee92235adcd7e5e42fad2eb4deab2d36c37f82a7ec2c8d2088c6eb30a113000592ec3362178d7e5b0c8defd3d29999b8655947c18284243cd1c507a728061a6154c9d09b0c0017bf74e34473ff729f9; Path=/

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823

95.140.229.2

200 OK

108 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 1 x 44\012- data
Size
108 B (108 bytes)
Hash
959bdca997efaea10551f9fa9c7b4f44
5de8b879d0cc11f8a2536e681ed46ecdee16c488
3683c037c1d1fc8118772798825d3c5ba19e10ab668cb3208b99b29963a72390

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 108
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 11559
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 01:50:45 GMT
X-LLID: b056c189461e783d79a33f7a856c9b94

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511

95.140.229.2

200 OK

43 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 936578f72e8b8eef79b6ca4bf6e68926

pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_gradient_p.png?ver=201809300511

95.140.229.2

200 OK

179 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_gradient_p.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 20 x 52, 8-bit/color RGB, non-interlaced\012- data
Size
179 B (179 bytes)
Hash
334a20c75253578c10d316b684f0eda2
b2bea245dee6c3b9bbdb30487e98fbfb6e8b341a
f13da5db0700750e0463d7622ce45ace827223ad78bd981563b346f834c7eca6

HTTP Headers

GET /resource/web/resources/images/bg_gradient_p.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 179
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 1801
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 04:33:23 GMT
X-LLID: 8cb83a54accc8cf7b73d674eb43f92cd

pfobellweb.hs.llnwd.net/resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511

95.140.229.2

200 OK

1.5 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 47 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1472 bytes)
Hash
1121cc9cd550ffa93d1c8e66f8c22c1a
34aa6f48ee0f6944f1069379ba38ff71763aedfb
d7b4775e7024e0b85aa37326a0602167088077f0377a1e08b9fde22e8ab78cbe

HTTP Headers

GET /resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 1472
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: c6ae0e0fae9fc505fdbff3d0184a6645

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823

95.140.229.2

200 OK

43 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 1 x 2\012- data
Size
43 B (43 bytes)
Hash
2bd4449d026922ec48008e2e8413c604
17c867174391326c083e338609dfdd41b61da225
7c32a3d1ded45902e167d47d0fdbfc895bfaa97a16a3c44bdf49468227ffc032

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 13349
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 01:20:55 GMT
X-LLID: f020a6b6e0dc66f5ed594ca399001ea3

ww.w.conductability.org/custom/foresee/foresee-surveydef.js?build=24

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/custom/foresee/foresee-surveydef.js?build=24
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /custom/foresee/foresee-surveydef.js?build=24 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
Cookie: fsr.a=1675487038121; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511

95.140.229.2

200 OK

227 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 1 x 800\012- data
Size
227 B (227 bytes)
Hash
c8caa40d55e69e4109c79e2110ee7fe0
9333a2d29161f6ac95a0dea68bbbd9adcdd968cb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 227
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 71b690eb3308d58c0f010e8f7df0a684

pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_dot.png?ver=201809300511

95.140.229.2

200 OK

158 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_dot.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 5 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
158 B (158 bytes)
Hash
138ab723cf3b0f450f90087950bf5816
a1529837c28628844cf441fa95bb09f950cfa103
d98bd5697470b321bba10d47df58b8667887b41bd09e380f86387d9f5b1aa9e8

HTTP Headers

GET /resource/web/resources/images/bullet_dot.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 158
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 13131
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 01:24:33 GMT
X-LLID: 06b73139b6963e9570fa890cd0f0c45d

pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511

95.140.229.2

200 OK

3.3 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 1024 x 86, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3303 bytes)
Hash
58e7357250cacd7cf7d0c1f0b4afd1e4
45c106329d0da885e70064f9d07bce9b7e2e0c18
929906e7a1eadc89feea37117f760c7e08debedfb4f2bc6b335ca81846d2fe52

HTTP Headers

GET /resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 3303
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 11556
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 01:50:48 GMT
X-LLID: 17888953f6ac1260b86aeca2c411ab0e

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823

95.140.229.2

200 OK

14 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 400 x 906, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14448 bytes)
Hash
8cdc9205bfb8337e915ff3a0f1f694c2
3756f1c84f09e856c3e389a4f0474d9820610e0c
dc97c9ceea06b8f7e47c01aae0564a3c4e1686c122cbee880a7011f1e2fa61bd

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 14448
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 038ef61e635eb183ef61edee14d5ad51

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511

95.140.229.2

200 OK

811 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 1050 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
811 B (811 bytes)
Hash
12ad0db519b84a4856fd00ecd76f8a21
3b5d2057841adcb928100f00843d5e2f163037a3
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 811
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 9c58ae543f308b226bafcf579d3408b8

ww.w.conductability.org/custom/foresee/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/custom/foresee/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038121; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_iconSprite.png?ver=201809300511

95.140.229.2

200 OK

103 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_iconSprite.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 635 x 311, 8-bit/color RGBA, non-interlaced\012- data
Size
103 kB (102729 bytes)
Hash
b57802d1e1438ee085728b93e8588d56
837684b7ff84da66972f2253564be2f9a9503c4c
21e39e30e42373a43a58733e1e5e589f042ab79c36fd48e890d00d2cb5979e84

HTTP Headers

GET /resource/web/resources/images/bg_iconSprite.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 102729
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 13116
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 01:24:48 GMT
X-LLID: 8e55918727fdcfc844505e3781bb4070

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823

95.140.229.2

200 OK

493 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 975 x 13\012- data
Size
493 B (493 bytes)
Hash
bb78fc14f637ca27ac6cb6d6671ea294
a6b72cd3feca0cefbde05f9161a1f533bad2895e
b42ec6173d78f4ed24a22cce44c8321afeebefec5fbe97e49deec25cce73bf98

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 493
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 30276
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sat, 04 Feb 2023 20:38:48 GMT
X-LLID: 68d95b062ce74f868fb69e066f89b270

pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_arrow.png?ver=201809300511

95.140.229.2

200 OK

176 B

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_arrow.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 5 x 10, 8-bit/color RGBA, non-interlaced\012- data
Size
176 B (176 bytes)
Hash
cc15ef5d02c6f5818e8544671942d1da
30a5cdb8c4ac8a01a36b321ece28e02da97f648a
b9c002fba5daa8fa82660a56a658702c6ee3df8ba1dfc4856f1fdb26c8c5e0f1

HTTP Headers

GET /resource/web/resources/images/bullet_arrow.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 176
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 9681
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 02:22:03 GMT
X-LLID: 9e4b63061e82800c74696796a5627fb4

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511

95.140.229.2

200 OK

3.1 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 36 x 36\012- data
Size
3.1 kB (3127 bytes)
Hash
87856f61120158cd9f8f251d6bb347ed
f22562f2e682f151b64f68296e70a51a35d96ced
976affddc600a9e675994bd34685729a01e62e5f7932cfd95c8ca9157c4327db

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 3127
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15335
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:49 GMT
X-LLID: 726061b68774a8baaadd3f106b22e44a

ww.w.conductability.org/custom/foresee/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/custom/foresee/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811

95.140.229.2

200 OK

6.3 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
GIF image data, version 89a, 40 x 1194\012- data
Size
6.3 kB (6305 bytes)
Hash
3fd243bb752881c9ad923e8042914f43
01d2829fe00f0a19726f10af157afa241bc86e4e
13996d903d43e98b6aae9e7c7d08bed43de57a665f3b7459b931f388e97e0b14

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:25 GMT
Content-Type: image/gif
Content-Length: 6305
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sat, 12 Nov 2022 08:11:52 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 8125596057c45c7cd8a79b7b12cb0390

pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511

95.140.229.2

200 OK

1.1 kB

URL HTTP/1.1
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511
IP
95.140.229.2:0
ASN
#22822 LLNW

File type
PNG image data, 935 x 61, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1145 bytes)
Hash
83eff1b71490abdcb036bf24645db9a6
f7a02ff680e94a0055ae67f8fde7e2a40d784a70
dc1ec805814d0ddb270d0f890843351f69c38088372b7e59af8044177f097082

HTTP Headers

GET /resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:25 GMT
Content-Type: image/png
Content-Length: 1145
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 00:47:49 GMT
X-LLID: 6bf22aaedb16f00ccb9933b3abe9cea0

ww.w.conductability.org/custom/foresee/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/custom/foresee/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:25 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

ww.w.conductability.org/custom/foresee/Login.php

68.66.226.93

302 Found

0 B

URL HTTP/1.1
ww.w.conductability.org/custom/foresee/Login.php
IP
68.66.226.93:0
ASN
#55293 A2HOSTING

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Bell Canada
fortinet	Phishing

NIDS	Severity	Alert
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)
suricata	medium	ETPRO HUNTING Observed Unusual Host (ww.)

HTTP Headers

GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D

HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:25 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (32)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL