r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14826
Expires: Sat, 04 Feb 2023 09:10:22 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2346
Expires: Sat, 04 Feb 2023 05:42:22 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16668
Expires: Sat, 04 Feb 2023 09:41:04 GMT
Date: Sat, 04 Feb 2023 05:03:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:43:35 GMT
content-type: application/json
age: 1181
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 34Vpso3GjIz2oAjRhk9RtbNS6KLcaVjrDcWZRBxy4VoPBEGYvYJQBlq0OPmSVY5odnaGNFcBCOI=
x-amz-request-id: KQ2PBT8G40Z8Z0EP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 04:52:42 GMT
age: 634
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:03:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ww.w.conductability.org/Login.php
68.66.226.93200 OK 17 kB URL HTTP/1.1 ww.w.conductability.org/Login.php
IP 68.66.226.93:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (362), with CRLF line terminators
Hash dc4fcac8f3d4b91ac70d11f4eccd4f0e
c7eeb8f0cf487cf5dab9729d63b5ee014e5c6b78
ad38f85c05eaa2412db6ea279248d5a907bd3267c7c062f9f68f008fd5f1a040
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
content-length: 17027
content-encoding: gzip
vary: Accept-Encoding
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/mtagconfig.js
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/mtagconfig.js
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/mtagconfig.js HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:16 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/OpinionLab.js
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/OpinionLab.js
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/OpinionLab.js HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:49:07 GMT
age: 850
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2606
Expires: Sat, 04 Feb 2023 05:46:43 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3578
Expires: Sat, 04 Feb 2023 06:02:55 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 22ae6993ffdafee6b6914039666b8e32
82c64ebd381f66ee52a225563cc17f8b54138b09
83490a5de07ef52a238daeca8ae1b9d6c4a974d1445130852b6705c4bec63800
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "83490A5DE07EF52A238DAECA8AE1B9D6C4A974D1445130852B6705C4BEC63800"
Last-Modified: Sat, 04 Feb 2023 04:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3575
Expires: Sat, 04 Feb 2023 06:02:52 GMT
Date: Sat, 04 Feb 2023 05:03:17 GMT
Connection: keep-alive
push.services.mozilla.com/
54.201.77.8101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.201.77.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +6meQPlk+naEtGVFDSSdqQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1qUyAeH4EJiamX17GP3uaPEqVFQ=
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/css/myBell/bell.myBell.core.css
184.150.212.207200 OK 9.0 kB URL HTTP/1.1 mybell.bell.ca/web/css/myBell/bell.myBell.core.css
IP 184.150.212.207:0
File type ASCII text, with very long lines (482)
Hash aefc63ea7f7cea1a31481746d36b52b4
98812d18c629d818cf5869f48393a9afc455ee89
30dff95600ececcd9862503578f3b370e0928e70a3cde5438e693a984c043a97
GET /web/css/myBell/bell.myBell.core.css HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 18 Oct 2020 05:30:39 GMT
Accept-Ranges: bytes
ETag: "1D6A50FD0316980"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 8960
Set-Cookie: dtCookie=v_4_srv_7_sn_811C7F371BCCF3601F68611A8D3FA34F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.bell.ca
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.luckymobile.ca
TLTSID=446EC6D98626A65C219C7BDB1BCDDE61; Path=/; Domain=.virginplus.ca
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.luckymobile.ca
TLTUID=4BDFE80DF631343BF3CE98A037048C2A; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc41df1889f79b0fc1d75ebf442ac0f0218d6988de5332988bd41172368aeeb6cb6d97d9254bb7f703fa498b576ef3ba590bdbda8455846ffde61cdd3eb4a184881519e1b3d4e75ce6394f6a1bb4f9f5e84acf665c332215f66c0741b4cc042d609f3051b6fc6aaa1feed3d3f2d85a9542da9ad0f7a38cf8e92db5feefd536a9be276401ebe0b2aaf6fe14e16305c601c7f537f03a5a0adb56613beea48801afb127a024061810cac4ec85d887a5ed3d5d2; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000fa512194732f93e8de445eaabde8ad4054db4261c111250f4af0cd5a72e389d708bfa57bbd113000a0d20073bf4896b55d0fef38902df55048f1c96a68be2483d5b278d69f5270a586d73185280877eab35534548c44aea4; Path=/
mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js
184.150.212.207200 OK 1.5 kB URL HTTP/1.1 mybell.bell.ca/framework/js/jquery.unobtrusive-ajax.min.js
IP 184.150.212.207:0
File type ASCII text, with very long lines (2631)
Hash fd05a4f786abc2bcb7adcc5546bf2032
6a2a4390224414a7fda4a281ca5ac2c3c1ca6bc6
b969186c5196a69c2bc27bb0b44c7b92032f53714e91b527dca0afb98a5bf031
GET /framework/js/jquery.unobtrusive-ajax.min.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:02 GMT
Accept-Ranges: bytes
ETag: "1D4587BFB3EB700"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1888739761"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_50F1615FBE4E45630AEC79126AC855CC_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.bell.ca
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.luckymobile.ca
TLTSID=EB46BD38196C4C4923B729964797751B; Path=/; Domain=.virginplus.ca
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.luckymobile.ca
TLTUID=B5AEC382B08A2D9DBD77D42BF5D7C4D3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4ae2de3d89f0329a125401d11c6b375c2b81ed20a43dd0398a6500422cb676d8fdecc000e660879e563a96ed6cc7a6f3ad11c36e49b1c6c8e41609233c95464e09f07d14787e769e6fe29279e508d64237941959919ed42c85809350347083a7dab8287bf494484816137a30966e7736137d10155352e501e917866f44d4d3a5d10d6079ed24e7159e02fa3f298dba4155ebab1a847248cae72636b220e05eb28117311577592cfcef0b61ead53e1cd48; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20001a9943554002a6125e4eb79a7d4848b6b95be69737983abd9bbe7b18706615f50850522b94113000b933608f70b1925d5d0fef38902df550adf1437761b5f4149b03a723cf68f60ca1d7e13f076789b43e0370faadb7e951; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1502
Connection: Keep-Alive
mybell.bell.ca/web/js/bell.utils.js
184.150.212.207200 OK 11 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.utils.js
IP 184.150.212.207:0
Hash f26fada802d76f4b2285a26eb12078ef
e50e636103248315a5e95057206fbd23def76b1b
543a9df5f5b99d63184e3b1de458d0341345dc711f2bfac7fd220db499f1f21c
GET /web/js/bell.utils.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1185881673"
Date: Sat, 04 Feb 2023 05:03:16 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_B01A59F2CC1D8EE5B1FAC2895D0FBC1E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.bell.ca
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.luckymobile.ca
TLTSID=B230961697348719EAB3BB7464B60200; Path=/; Domain=.virginplus.ca
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.luckymobile.ca
TLTUID=3A3681437F36460755526EC3D6758A7F; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4964e935bed8487bf5799e5e6a5934e26fa029f37a017e6ddc091e8b642611af0df33a0ddbfc95b0983d85ba16091d514af4986db71e36c337b487cc32e360a9aa56fcccc06a0bf55084cf4b726dd9ef7133362b5695db74ea81e1834425f65003eb80b2c29aea97b283718722e0d4be788cf3cd16f16daa65a9128fa2a862879a66e6772e2c921f3d4ef59b5f95be302d8d464f3f73430ceebb2c67b58b0ffd74fedc1d1ca62a618447e191977b7628d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20007d79736dd29e8d6ffa7efac42f36939b7a45839542d7e80fd38c38940c75a69308e0aeac34113000e1b2049e4bbaabf15d0fef38902df55047302ef331364bbfc7e84ae04134fdc85ec6d9f2b492c343f57a9105a5590934; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11172
Connection: Keep-Alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335379,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91fabb4ed-OSL
mybell.bell.ca/web/js/bell.resources.js
184.150.212.207200 OK 1.3 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.resources.js
IP 184.150.212.207:0
Hash a61f6111bdab7790cae119027424512b
323af826ac29e8291cd593832034055a152fe59a
b14b95a79f33dfaed74c11e7091cd4b9902094c6a8842acb5366e1a2a561d1c1
GET /web/js/bell.resources.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-2107561297"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_966042808C4113C516C6CE36A7CEA6B6_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.bell.ca
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.luckymobile.ca
TLTSID=2193173BDA583573675E5A989BFC3CF4; Path=/; Domain=.virginplus.ca
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.luckymobile.ca
TLTUID=4C57D1E667323A79197C8E1A2C7210BA; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4c835be4197fa334a4daf9f7d1ec7f3c327f07c99989d3dfa2ddb3e98aa79992ea0bc6069ceff8395f06d04778ad9e50d899d709adaba34d2be734de16c812cd326e2db4de422ab7417aeba7064d3ac8cc79d0a684b0ce40df4225a52996899d3a0c8232381deab60f02d86ec804971b920da1230615888f57051387defd3f74e6d23736bc95c2a3c48be798ef2f9571afc68a277ab572133ad6c6915d59ed2ab8307a17c4a29fc2991ceb88752a1efc2; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000cbfa6beb2b8931f382be6e9498dbf53e1afe4c7385b9a8e8c82e8251d816d37a082ddf573411300081ddc30956750ae35d0fef38902df550000f917087cf72c83bc069a917c7d22c63082d9721ba3c9d68b1dc4aeb368911; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1259
Connection: Keep-Alive
mybell.bell.ca/web/resources/css/bell.connector.css
184.150.212.207200 OK 39 kB URL HTTP/1.1 mybell.bell.ca/web/resources/css/bell.connector.css
IP 184.150.212.207:0
File type ASCII text, with very long lines (379), with CRLF line terminators
Hash 1f26fa3dda9516dc696542613c10c8b0
0184132d49cbb4d9cb7897a66ef4905caa7faff5
db0222b26252a84999df346ce1cd1ac1892ef2fe0c6c7b8aac46f2fe41b8f295
GET /web/resources/css/bell.connector.css HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Thu, 01 Dec 2022 00:54:37 GMT
Accept-Ranges: bytes
ETag: "1D9051F7C334480"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 39007
Set-Cookie: dtCookie=v_4_srv_11_sn_1958B310C1F1950A0596276E2CDCD62F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.bell.ca
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.luckymobile.ca
TLTSID=3887AFFF58EB3FFD724D22C626ECD6CA; Path=/; Domain=.virginplus.ca
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.luckymobile.ca
TLTUID=B63FE176D441A7B12F0AE6E6F87E722D; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4bc3953338658e952c7b7c351e571cd82440572337b73c00c267a420f8f82ceb86623ab2340ed10cee6d6b1eb21c4a9e932aac7741172f1b89311700759db5e813a8a4d0691826937000676498f68000a0cb8fa3c98177351cc286dad7b76b8aab5fea4dae41843d75ed4a9c11f198e7a13870341db013ccca7838176a2a19c42bc283b3208cd43bafbf54797c4fbc10fce4f900a8fb0b25581e8f847fb6c9596f673b47f1fef347650b758047d7ee917; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000793c6a2a2c69f21b8f9fe29a2ee03988fe0ecf30b374b5224e2837de2c62b8c80882758414113000fbc3784758a5d69c5d0fef38902df550c797c74a8c943665cc5019abdab1d88079d83c9ccbd8e1e572fa6cb061050a03; Path=/
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/js/bell_master.js
184.150.212.207200 OK 13 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell_master.js
IP 184.150.212.207:0
File type ASCII text, with CRLF, LF line terminators
Hash a23cde744b7e6bfe4b247697703bc1a4
97f4dc0d2e7aaf451d13228559fd667a6b93d15c
035b88c2c9088bf5809feeac1fdbfcb2465374bda5f603005ae3b650a985b22d
GET /web/js/bell_master.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1964492002"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_5CD3B8CC7DBD99F58BE9F5FBEA30E945_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.bell.ca
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.luckymobile.ca
TLTSID=E62879481E43758097ECCE04F813C253; Path=/; Domain=.virginplus.ca
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.luckymobile.ca
TLTUID=5BE281EDBEE44F12FE86A1481A75C9F3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4c11017fccee0cead66916d0c89d776b086da50d779ad138a7996cffe731636a4a19a19609705aa7bbd74f7c2ed3a51eee199adc45972446fc928d227a6e8b34f16ab833cd274c5aec20fbf36066e7bcba0fe55f569360b0c1018abe8af359e2c94a867804cd85f01abcaaf0f8a42af88c313705e94711114ae9f4cb5a8e98d3bbbfb7ff734266f337d5dca871b4a1307404058e401bdd9eeea662a65e6dff591f3d931c5a7c30b2819cbf58c189dd183; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005821572c2fe46db7e64f6a98b3858cc4e46cbca793152241ff0591dfd562ae8308f87df29b1130001905108714df84b25d0fef38902df550fac059417b670f14ef5f5ec9937defbf5154020a0a04f8a85cc40a039ffbec1b; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13360
Connection: Keep-Alive
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/js/jquery.js
184.150.212.207200 OK 43 kB URL HTTP/1.1 mybell.bell.ca/web/js/jquery.js
IP 184.150.212.207:0
File type ASCII text, with very long lines (65181), with CRLF, LF line terminators
Hash 9bef531dbbbe3a0741fa84e6aa49bf06
ccfa0834528e94c0253ce7450e7e0a763c2af220
456f056c3bf5b5b16e286bd472c1ba2335e6e2fb80e88c0ef930ae351de0dbb3
GET /web/js/jquery.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 22 Mar 2015 07:57:09 GMT
Accept-Ranges: bytes
ETag: "1D06475CBFC3880"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="525916092"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_7_sn_4184640CD66C6F7DE0BE3D3E8C4D44CF_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.bell.ca
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.luckymobile.ca
TLTSID=F81B2FC34D93C8BD153489A8843F6BBD; Path=/; Domain=.virginplus.ca
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.luckymobile.ca
TLTUID=386A6BAB86C2947E74EB0C0A6A0F7BB2; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4959c2402e3762d1c00e918e8511ea2fd70de20171d136371bb8bf87b7b34c6ec35796445f335f3a98bb742d61408ba7a5fb307d1cbabd0e34c494bbbfff1dada3234e1e9bb408882799e7366487c56bf37159ec9d53c7591441e67eb478d6883fb22a80258c190f146416571e6956eee182c41189894ffa14b3f71deab6bf886932f28072673aea004ae9410aa116a2ec11024b17fc673d39553767eff7c0d0ba20e8ebdc97b867f967d625305de044e; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200059846abd8a85de369cf4de4dad887b0859affa03d26cd9867bcf7de830b3732d086e1307f41130005283bb3b6b7d9ea25d0fef38902df5502ed0e3bb0ba2eba306b7f3b192d7e6661135ebfc1be07d230ea1c0fdc8fb838d; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:17 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/framework/js/MicrosoftMVCAjax.js
184.150.212.207200 OK 2.5 kB URL HTTP/1.1 mybell.bell.ca/framework/js/MicrosoftMVCAjax.js
IP 184.150.212.207:0
File type ASCII text, with very long lines (1215), with CRLF, LF line terminators
Hash 5831942b3558e03c8d3b1a392d2b9b55
1261127a755d36072e79ea5c1851b87a81bcea2a
9821fefc3852ec554ae89c573af199cc8aa9757e5f98012008e32d7a9fdd78da
GET /framework/js/MicrosoftMVCAjax.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Accept-Ranges: bytes
ETag: "1CF8DF32DAE4A00"
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="540605714"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_6_sn_673694816C0719A8677FD004D99B82B2_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.bell.ca
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.luckymobile.ca
TLTSID=751CDD72AD517D61B00DC6F4588F5534; Path=/; Domain=.virginplus.ca
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.luckymobile.ca
TLTUID=911BD00CCA10D83437D188727573FC05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4117c27134fc310e67c4ce8546e368f6224ee62538f6aca7013df93309176d65ff075a3b6d4ea85fcd019bf443afd9f4cfbd652f6d5242c662dbe43a58e04efb23a4eeb2754dff2324b27a773c2b76d6c49ffb4337913970c3a9e6189bdc4ac30999aa2eab3823c88b0ab8c1bed56aeac64b7891a8d0e778bb2d85dd5057d7035d513fb10857a2f4a12e7ed9ba33e780db448b4ecf2b6dee3d683f2ade571d299e147ac520ab8128531768227e163fb00; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200060ccd899ff78fa7a4b30958008d888865ddd1693fd58adc828a9c385983eb941086c7677c41130005b9b0530dc47a8f2d1b82227fa3af13597e71665cb84ca7511f7225e57fa52afe69a8f75d4e585ef0259bfb4f42f4e81; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2506
Connection: Keep-Alive
pfobellweb.hs.llnwd.net/resource/web/css/bell_master.css?ver=202302032225
95.140.229.2200 OK 38 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/css/bell_master.css?ver=202302032225
IP 95.140.229.2:0
File type ASCII text, with very long lines (525), with CRLF line terminators
Hash b28501772bce35187d1b3e8181ca0cd4
9b56bd5f817f39f0972edd76e900d69d1a484eea
ce428060dcf0843aefc4b2026cd270a40fe0130ef6e6b9203cfdc776c94b5d7e
GET /resource/web/css/bell_master.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 37824
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5819
Last-Modified: Sun, 17 Jul 2022 07:43:04 GMT
Expires: Sun, 05 Feb 2023 03:26:19 GMT
X-LLID: f88a9d6cda9006f80b1ef94911f8cd1d
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91fe2b4e8-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe91d80b50b-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash d51df7bd5eaf5480a36f1af8128fcfac
e5a58175b31a961faa8978b056a183386811a4d9
bdd01639ba777f47b44f7dee8791a996bc0667b523c095d1179f786c6f6255da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 02:22:58 GMT
Expires: Wed, 08 Feb 2023 02:22:57 GMT
Etag: "e5a58175b31a961faa8978b056a183386811a4d9"
Cache-Control: max-age=335378,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7940dbe919f4fac4-OSL
mybell.bell.ca/web/js/modernizr.js
184.150.212.207200 OK 7.7 kB URL HTTP/1.1 mybell.bell.ca/web/js/modernizr.js
IP 184.150.212.207:0
File type HTML document, ASCII text, with very long lines (14641)
Hash dd03a8a2a63fcefed68b0c1692e733c0
a23606c2ea2ecd58ef93d84cb631184c7d82641e
2590b1abd32d78525fec7f91eaaeeb564897589130cc0f115eda419588a733e2
GET /web/js/modernizr.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1371426710"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_3226A55B854C6E214F53A1CDB074271D_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.bell.ca
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.luckymobile.ca
TLTSID=CEF55B27C455D2C96BABE556E745A407; Path=/; Domain=.virginplus.ca
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.luckymobile.ca
TLTUID=4379037159D92D74B30511D4E3FD9F05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc42871a45ecf2364ec4aae8da3eba60af8463359f10b843dace2480f7eec4e81d5bb4700b37707a499042098ca51b5c545f3e6c1af4d8c12cf861c085168f9e224ac021412f59be7a45a7f7dccb8cf9d5f71bf64e6f8cfeec3022a97a464ddc8db82b89401a44e553f52cec475895b6e4847bcf6958117a6f8aebb0fe13c9818b0c62358985a17713ead3b9094afa131b082b07ff69422144952b9738f76e579ee17951949b8e365e1e7b3b6d8ecd87756; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000168fab779efd71e6ef7f4adefb8a3ae5a46701b6c08b09f1e5800e97f75ae07c08b327d78611300072728a6ecf46a542d1b82227fa3af135a5bdb5e9964123eaa096324a4ff85e2287d5a083fa9c4ee5979885dca6ca9414; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7722
Connection: Keep-Alive
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/js/bell.myBell.core.js
184.150.212.207200 OK 2.4 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.myBell.core.js
IP 184.150.212.207:0
Hash 36c94a43b3dba120461494199d36a9f2
116545b2334eb249a496531226ae28ee9e8f1a0d
ab3a4aa8f2b67870aa3fe9c8610982b9427f8e8b1f28f23c0055090a25ad8928
GET /web/js/bell.myBell.core.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Accept-Ranges: bytes
ETag: "1CF8DF33272FE00"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2071765912"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_1E9A3FE2E4C85A5EFC152F7C39C30876_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.bell.ca
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.luckymobile.ca
TLTSID=37C1BA4AC2D1EA912D1D55F1CB6E7E39; Path=/; Domain=.virginplus.ca
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.luckymobile.ca
TLTUID=89FBAF91D689AA68724B48E0BF14FA25; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4da43262bab62322f8ceb541f07514a65de8ecf366bc916a8b5f61cab06ba1ed3388d955d2f9450923d6adc43c3d25646fe292ae538685d5644aba108c2bf95ff3baf4904d657aab3fcec975ac1415f5ce6eeba56a4a2d46bf81e0e4d2664a624c00306b545adcd6671b203c4bd161c278636e8073130a0bdaa6ac8c390a0014d0e4aeb6d3b317ec7d02b70ddea259f51db8e4bc5270e5ab44b1e0c21e83469815ab88aa05d77c19e9d859aa99f1541c5; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005f9417c8ae16f4871b72b5f4ec32b7c4092bcf58a661865eadac59b4cf7a1e9808699d16d51130001a955a7f868a5a3fd1b82227fa3af135d7b88c32a9c274549c99a5dbb4e81f8eca3e326dc6b42f829f0b860918629ccc; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2384
Connection: Keep-Alive
mybell.bell.ca/framework/js/MicrosoftAjax.js
184.150.212.207200 OK 37 kB URL HTTP/1.1 mybell.bell.ca/framework/js/MicrosoftAjax.js
IP 184.150.212.207:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (65326), with CRLF line terminators
Hash 8b169be73ffe6320f005301b4b6834d2
3f7bc1539d1120ef739682bd6eb1fe25ee1b667c
8a8cb3375e08db8a08f0d8e272aec0e6144581662d32bea6279037d85e60292a
GET /framework/js/MicrosoftAjax.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Accept-Ranges: bytes
ETag: "1CF8DF32DAE4A00"
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="300768273"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_8_sn_9B9563253EE70ADFF489D45D94B66823_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=868293804.47873.0000; path=/; Httponly; Secure
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.bell.ca
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.luckymobile.ca
TLTSID=72A2830D74B5448FBFFACDB33FB65A9D; Path=/; Domain=.virginplus.ca
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.luckymobile.ca
TLTUID=97D98DD7A35C89DCCCF26B75452ADC90; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4d0e0d4b0874b8b7549afd65773d182dcecbf78cb6e8f02e2afac3bf2619b86c72bf08beb70e0c2cd96d062053f3b0d03ff65a7842db926c93535de9dd637e21d48cb29bff1228a4de81c9056c0e4e89ebe2b928f65914cb6011903cd1943a2b33ac80a7a574ba3a26e70038a849fb623fe9bd4d12bc5e3d3a5dabc9e75cbae3d75ec5066865ee58c894a4f012e9704668fecaa78ff75b36c94ce09f7911e4dd32c28a68087b75d3e4d56dcbe25f903ac; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200043ccff270f676b8dd3c70917a5da700314198a185e81140b5ccea6f2609db477083b38d9221130005f138be7a3a00a3ad1b82227fa3af135efc682a69e5fc4daf1a1a2ef94fba885994ca4c3e45398d6915edd98722331d2; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/js/bell.plugins.js
184.150.212.207200 OK 136 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.plugins.js
IP 184.150.212.207:0
File type Unicode text, UTF-8 (with BOM) text
Size 136 kB (135778 bytes)
Hash 56f516c3677a339de73424c8608ba79f
847d55d08ebf7a64abe40b6d2a77c1d057393f1e
99f64cee4ed2c8ad3d98ae33755e328060dcda435d9454163697aa5ae4d0543c
GET /web/js/bell.plugins.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="847318869"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_FC64BFD627340B9B041EDD7E0CACE608_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.bell.ca
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.luckymobile.ca
TLTSID=F6EF59EE5D98943B3E121A238FEA6612; Path=/; Domain=.virginplus.ca
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.luckymobile.ca
TLTUID=02CB7210CEDFCE99E0494C79F9FAAE05; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc48fda0dcfb2e66508b8a2fa60f22302efc230e8c870b9270ba67633641b40f6bcf8a771b2aa5855bcb4b57609044824d97da1d7ed01a0cd58dfea9545f777fcbeb834168e936b51b9b4232ad800176fabb5270df018ebe9865ad59a4f092c6b538f2dd35795c9c5d5865480ad463cf6d4e7f05285e9086b271d87117084acd41ebcaaab0b6515494310f4b69d723d7b5e80b8fb530d7b84aafa763f750d08bd63c1281a2394973ecea0fae39e61f11b32; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200017704c6d0b689e560b38da10185baadcbeee40bc1b7bbef8e0e174b98e26ebf60877062f691130006bbea8622154bef05d0fef38902df550f60a698a82e6bfd3abdc2603dd8110bd1c47f76eda50d66ba205cf04e1242f3b; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
mybell.bell.ca/web/js/bell.myBell.plugins.js
184.150.212.207200 OK 12 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.myBell.plugins.js
IP 184.150.212.207:0
File type ASCII text, with CRLF line terminators
Hash edce8faac7d76099adb400bb4bc9e38b
9ee1b6e6dc0fb02cb7d310040e567a86505f8bbc
8dd4d893cc00e7125e5a3284692baef893d922d4b1340d7390dffa3d5b0c04e9
GET /web/js/bell.myBell.plugins.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Mar 2015 07:57:09 GMT
Accept-Ranges: bytes
ETag: "1D06475CBFC3880"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-971825556"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_41F62A42DA9132CF31D67C9BF05BB90E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.bell.ca
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.luckymobile.ca
TLTSID=916C49338B09CDA99D7E080AD5824318; Path=/; Domain=.virginplus.ca
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.luckymobile.ca
TLTUID=5F19306830D6D4029FCA55D599E6DDE3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc45919baf5a0215151b319c046c976c3c81606938c9599fd6742f11794c53eaf80dd9aad696961cfd93fc6e1ff8117f899d262c5f7272931e31bba627638e381ff2f58909404a8bb1fc8784845742be5e91dad45c2827ceaaf319e9bd66bd2b2ec9cf2d7203a9cda1e36b512de446bc60689c6d87355bc32cbc2b87a2423c937a761c66ce4de0e05a166b23d8c39931eed9e00082aa76f17186efd6a2ce279bf7fc894aabbb94f21eb66b522aa03a51f6d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20005871296e5052a4d3304e490d913b285b2a82898561e33883f2549a79da273d170842686d2211300086cf7accb2f4cb03d1b82227fa3af135a97c5acfaa5f4b640143cb2f37453af95fa71cdb6fc6ac43a1aaf603c77bdbbc; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11452
Connection: Keep-Alive
mybell.bell.ca/custom/js/customUtils.js
184.150.212.207200 OK 29 kB URL HTTP/1.1 mybell.bell.ca/custom/js/customUtils.js
IP 184.150.212.207:0
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e30430beeda9d135c90f4b83dd645d3f
1afad19cf2f83306d9b853de56e8f679ad1fcfa9
7800b367a026c540bb8379fb4925f9fe58ab451300bb2db459bfc1e70e52838d
GET /custom/js/customUtils.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 15 Jan 2023 07:34:55 GMT
Accept-Ranges: bytes
ETag: "1D928B3DCA1F980"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-224030462"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_1CDE5E7210F59C9FAA5B3C7A3F17E7C2_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.bell.ca
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.luckymobile.ca
TLTSID=4A156AE1F1CA58C03ABE0F55BE860D08; Path=/; Domain=.virginplus.ca
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.luckymobile.ca
TLTUID=AF5B571182CC0068396A41492C61A442; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc404c61ba7f21a9be258d5b5c208c1395aac7b35e70002c644cf3abc6b1a8e7ea9a81dbfc81a0c00f0e8340d583fd899dd9a6ca174634ac71ae8166b4359d677d368de934f447fddde04376bff29def2f0fbcb7f856973603ffd0f3cd5c3aa69d7ca0d65fc283a49d1e605f430f20bc58a39dc0c4f00dfa2a440c340b24bc18b3325b965a21fa2233284fd60182b5a130bf29d088700ad036c10c66b48e0513249a54c0544c6a72be3ffc5ca9eb43e6212; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200077b8780a748e696d02aee05bd89908719398657e94843a26206ea79f2f573a0608ee40682011300060abe68a90dad63ad1b82227fa3af1358b722dd662c3942444138b6fa6ce4db5f1783de882f0559dd01305bb9f38c847; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
mybell.bell.ca/web/js/bell.ui-kit.js
184.150.212.207200 OK 138 kB URL HTTP/1.1 mybell.bell.ca/web/js/bell.ui-kit.js
IP 184.150.212.207:0
File type ASCII text, with very long lines (18608)
Size 138 kB (138076 bytes)
Hash 645ae2c45e9214b96a09c7c31efded50
0a3949a82e378686523629c0b39aceec9161c230
29114303ab2fd00181d4df40e9a484245f991af3b6efbd417ad5d61f9c9776f5
GET /web/js/bell.ui-kit.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:17 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1647225404"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_6_sn_C5389DBF83599E0F32B98EA38F883F5E_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.bell.ca
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.luckymobile.ca
TLTSID=C526799207E58213F7E211B4BBF0EF2E; Path=/; Domain=.virginplus.ca
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:17 GMT
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.luckymobile.ca
TLTUID=979B4857D71BD87C00032B8477EB3369; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc460232c6e146197cafe4c4084fe860bf53a371b68f6981545bd41ca134a204eb83a6188157171f400de7535785c60dab85fc1f8a55d4df10ffc98fdf2de495ada386ab4e57bc071c9e63c4850c8db0c06c9a0f1f67b69216bfe019f717a402222fa61b337bc356e8153fbbf266f47dcedd3d67d99f75a9c25f793bc463044ab7200acf0c5b37b2734bb1552bbb8ea93ef65442cff71763effdb9b1ca33163be3aa3b3746d0d09612c8ab7ee44ee152bba; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000a48f6822a786ce39c9047d96131d8ae4e846ead5a1e46e91e1b66749112c68d90859926c41113000081791be651337235d0fef38902df550d4e637df6627d5dd2f94ed6e22e96555d09bf23842a15bb53a6db3a4a1dd7713; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/custom/foresee/foresee-trigger.js
184.150.212.207200 OK 59 kB URL HTTP/1.1 mybell.bell.ca/custom/foresee/foresee-trigger.js
IP 184.150.212.207:0
File type ASCII text, with very long lines (639), with CRLF, LF line terminators
Hash c180061039e8d80dc33c02f562452415
22c976d7bfab51486faa826581e1a03f9923163b
a34302fde082626e445c55df00d0ad349cf1d921d7608143890c854b869e2c69
GET /custom/foresee/foresee-trigger.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Tue, 23 Jan 2018 02:19:07 GMT
Accept-Ranges: bytes
ETag: "1D393F08BC11F80"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1272420543"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_9_sn_F18A51FF4C4E4B83BD653D4D72E7BAB5_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.bell.ca
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.luckymobile.ca
TLTSID=2A5C3DDF6FC9AF5D1AB6AC7F9BD86B8A; Path=/; Domain=.virginplus.ca
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.luckymobile.ca
TLTUID=104DE2590A182C0DA8F741A04DC4C4B7; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4a25866f8296869ecdf4436db3bf5b79bacceea520e821f61ee714ba3856c85a79f802d6dc8d927ba862d67f75b6e40dec6c28db0e025cbac27ac4fef9ae7e1455cf8487e6abdcf35958eed35c4c24489a553b9c65ab25ca6dbc6e2761a6d60e6182556489248d0ec519bf2145774fe68408be6835498fe1a83ef5e7741b482b38b14637175a99317272eb51e62cdc889d019784f41102940c387987c0fbd2636459d61af5aca77463dbe5adfdb399528; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000de05bcff4a22b762995d9ea903d6577f41986240a2124c447e8877bc13610d420882f5913f1130000998a2735e24bfced1b82227fa3af135f15946a6421901c1a57266c3dcfa8a2290413a764734e2a9a52365ea42117a3c; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
mybell.bell.ca/custom/js/GlobalConnector.js
184.150.212.207200 OK 5.9 kB URL HTTP/1.1 mybell.bell.ca/custom/js/GlobalConnector.js
IP 184.150.212.207:0
File type ASCII text, with CRLF line terminators
Hash dce0d28b95529eeb82759edae10a5800
a4916137ee56e7e2754099126641541d5a68eef3
a8433b0aa02055b1fdba54ad07222313f20a5a04cef67ac03f3d83bb11c1ee1f
GET /custom/js/GlobalConnector.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:01 GMT
Accept-Ranges: bytes
ETag: "1D4587BFAA62080"
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="137536645"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Set-Cookie: dtCookie=v_4_srv_11_sn_00FBFA65106712A0F2FDAF7C6B1840B7_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=935402668.47873.0000; path=/; Httponly; Secure
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.bell.ca
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.luckymobile.ca
TLTSID=F3CEB4DB808B050904495ADF61ECD3D2; Path=/; Domain=.virginplus.ca
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.luckymobile.ca
TLTUID=1328315080FAB5E046C77DF638D74DD3; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc494f7e77fc39f4c6a6c9e9401d88c5c919e8497b715d978abe9e9f02ea43ec0a07a9f371df34a846830c27b327291d881bda8a2750c434bf4e15f15a5935d501c12f6a28c5652de21a1444b028b663f3db117c1da2332fbb163ed12fd5e6d9f7d33434e104d06323f9e990ca8ba47c0de669eba3db1378f19c6d8965076f8f55fcfdc45c4a3d9e9254a843f3ff0a9b5b97c13fdbf9fc18f28d729c5cae77ea030d6d7e59a9590888375a7695d1ce07aac; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200058d3ec404f05bf3d2ed5fcc5cb36180e974bd54323598776e42115e2e12b437a08eeb5fccb1130000937edcb6e5060bfd1b82227fa3af1358312a5acf340b696c855b56faa4ab6560bd273a36581ea661c7763c7254d0e6c; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5872
Connection: Keep-Alive
mybell.bell.ca/custom/js/alerts.js
184.150.212.207200 OK 1.9 kB URL HTTP/1.1 mybell.bell.ca/custom/js/alerts.js
IP 184.150.212.207:0
File type ASCII text, with CRLF line terminators
Hash 5cef56c2c0a60b506d082de56e8d6566
c21a627753eb503007257d4ed04d4b837b3a97ef
d2b8e1bfcdd6369dfd89f9664858a400a89fd81d956ccfd09289e59bd2f2c604
GET /custom/js/alerts.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 24 Apr 2022 07:59:54 GMT
Accept-Ranges: bytes
ETag: "1D857B14839B900"
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-262923238"
Date: Sat, 04 Feb 2023 05:03:17 GMT
Set-Cookie: dtCookie=v_4_srv_7_sn_157C20186DB10BBC62CD76E39A841DDE_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=952179884.47873.0000; path=/; Httponly; Secure
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.bell.ca
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.luckymobile.ca
TLTSID=60DFC05DFA933D57CDBCE5B9B1E60A1E; Path=/; Domain=.virginplus.ca
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.luckymobile.ca
TLTUID=F23E3E5ADB194DFC110962039A2BD96A; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4ace742527dca5f1b8223fba89cc647bf66f01fe3b1a95b80b443d6519e0ac65f29ee9d5b3c49b1b905128781f2aeb12111a72e6ffd4836ea0d4a3a239221fefad82fbc9476aeacabf61776e6bd03a5bd2dd9aa23daca2395e01228d9ce8e9834a1a5e87174da39f8fc1c87d7ac336fd1e0d76e173456a3faa077a408a1cc52622330df8b354f70d130569d3ae5b527a7e2913288e18cfcc7d0b35aad5b3088c6d302bb6472f86a14d77412d50fce5184; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000fcaad8b9844eea411724e53a3bcd67cb11f416c03401ac90b16ee3029eb6fb3c08282be29c1130003e4b3900da0b2e2ed1b82227fa3af135cdcaf4b39b6ec5b3f9d5e85d852f80ce5fbe8088c7e2a0e25b6fa71f933861d6; Path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1909
Connection: Keep-Alive
mybell.bell.ca/web/js/bell.init.js
184.150.212.207200 OK 677 B URL HTTP/1.1 mybell.bell.ca/web/js/bell.init.js
IP 184.150.212.207:0
Hash 9326e81ba6fd972ab497bedc066fe6c2
c76838d07c5baf93144adfd741afe4dd7d34d11c
4d58ece359070708236f0c4e0a6a1025d0d05995db66c04f6ae3e38a200750cc
GET /web/js/bell.init.js HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: application/x-javascript
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 30 Sep 2018 05:11:10 GMT
Accept-Ranges: bytes
ETag: "1D4587C00036B00"
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-497812773"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 677
Set-Cookie: dtCookie=v_4_srv_8_sn_0F494E070369A669AEB1260B04D1D965_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=381754540.47873.0000; path=/; Httponly; Secure
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.bell.ca
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.luckymobile.ca
TLTSID=6E7D6DD3B9A5217F0D9E68846971FFEC; Path=/; Domain=.virginplus.ca
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.luckymobile.ca
TLTUID=E5F33C52B7145BF98D3FC766CDD77497; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4bda2146b0db05b675eeec5c2b40fbb9a1b78218b3767fc6701f76bb5eb5b59da257de9852d67b70db6231b35e920fa98d717231de2323526b52498ee07ad7ee9fa5d5d81ba44cdd30d6feed2f6b45204ffac734155d74085bde39a495fdaa79a141f0bd949376b6965b2e3ec35fa4b44ba64edaedda8772fa4a2d75ef2aa7fc27aecc77cf2d843e29093026df737603b3629db4c3f9bee70c80c20c782575964c3e6a337273d984916eb7d343e55aa7a; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab20009502f5d059c81ff02b4cbff218ee33ec690e46d0501383f5e53f4a738d155d53086d93c4aa113000f291626cfb97bb99d1b82227fa3af135999789e7153dd29bee0afab2e438f92d09150d9674e857ed4a37187a31417526; Path=/
Vary: Accept-Encoding
pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
95.140.229.2200 OK 21 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
IP 95.140.229.2:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (485), with CRLF line terminators
Hash ad5da7368d46dd57640211011a44ac0b
29db31ffbe9529099cf4e2d55b862cee209b84bd
2c850e28ab20d888a23f1ad5fba93fd21522089d7d543eec01c03c58e3f4805a
GET /resource/web/css/bell_prime.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 20834
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5803
Last-Modified: Thu, 01 Dec 2022 00:54:37 GMT
Expires: Sun, 05 Feb 2023 03:26:35 GMT
X-LLID: b3fe933518c1edf36cf8a20db24dca41
pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
95.140.229.2200 OK 28 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
IP 95.140.229.2:0
File type ASCII text, with very long lines (397), with CRLF line terminators
Hash da726b37bd21849e8da698efccc14333
e59e1e40aebeb523601ef354dfa66c033351ec03
11b9b3660116bf0c405f5617cfe4f3d9e954000a06b33614cdf617618c4c182a
GET /resource/web/css/bell_master_a.css?ver=202302032225 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Type: text/css
Content-Length: 28162
Connection: keep-alive
Cache-Control: public, max-age=86400
Content-Encoding: gzip
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 5877
Last-Modified: Sat, 14 Nov 2020 11:31:57 GMT
Expires: Sun, 05 Feb 2023 03:25:21 GMT
X-LLID: a7a13c8f9ff3880325176ee9f45b2ba1
mybell.bell.ca/web/resources/images/logo-bell-blue-47x28.png
184.150.212.207200 OK 2.3 kB URL HTTP/1.1 mybell.bell.ca/web/resources/images/logo-bell-blue-47x28.png
IP 184.150.212.207:0
File type PNG image data, 47 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 40a5354259fa7c6eafb901f28b9fa068
d9b4d2c00bca1398b07d60624d5886693d9034c8
d0eb56a3b02a0632526e3b2bd062bdd0c3b1803948b881dea9ac25ab345c408e
GET /web/resources/images/logo-bell-blue-47x28.png HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/png
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Accept-Ranges: bytes
ETag: "1CF8DF3330B9480"
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 2281
Set-Cookie: dtCookie=v_4_srv_8_sn_C11795DB0F10D6DC44087EA36E747066_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=482417836.47873.0000; path=/; Httponly; Secure
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.bell.ca
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.luckymobile.ca
TLTSID=027B7D7ACF91869188568D323184EF8F; Path=/; Domain=.virginplus.ca
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.luckymobile.ca
TLTUID=94F1CFDC158EBF8C6D215A4F1EB96159; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc477296dcf121c8c83d8b02bed583e1c74d3e6ac88b098bd18c460604eb866a5533c270d8163242f7e5914944d1db3107795e69a33a0fa08ad34867268ae3d3141d157d9edb3bf665121393a90ab84feaca8393b976b4d4ba75024e2daec7f82a37eb1e93889dca4ddc2c246d43732021c03e1cb6df4ff3ec170fa0e9d6138cb2645bee766725d9d147d7e35aef31d92e9c5f19a00b5fbd4e85c8dd564fa65cb3083adf6d86654ff17e7aaa926a4edb04d; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200045dc08c03300657acb2d41df827404b60ecda827b8bc6a6d035b120b328a060608f5e44a571130005dba19d18acac3a5d1b82227fa3af1357efa6c607accb6077b7394bc6688f0a54b389ce96d5339d09fac4fb960cbad95; Path=/
mybell.bell.ca/web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg
184.150.212.207200 OK 5.8 kB URL HTTP/1.1 mybell.bell.ca/web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg
IP 184.150.212.207:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 170x155, components 3\012- data
Hash 6ff8b5688ec3a0c1c5820dc7ebc7877b
aa26095b27d04311d9fdde14c204891592862a3c
2369f95bbeced1c99b833aa9a0cb4b3286c7a675cd3cd561cc9e4a4d4fc17743
GET /web/common/all_languages/all_regions/images/login/log_in_to_mybell.jpg HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/jpeg
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 07 Dec 2014 07:21:29 GMT
Accept-Ranges: bytes
ETag: "1D011EE6B126280"
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:17 GMT
Content-Length: 5762
Set-Cookie: dtCookie=v_4_srv_8_sn_3ADF7A398F54EA9F723763FD11C9C90A_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.bell.ca
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.luckymobile.ca
TLTSID=B4D369FCCF94474472D290EC71609848; Path=/; Domain=.virginplus.ca
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.luckymobile.ca
TLTUID=5D5A1A7157D10F2BF5DCE87832ABBC7B; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4de44ffb080beb3f2bf28efd9b1ed56a194fdf18a636b78aa25ecdbd79a08c6f3e3acd0e2406ca4512ce73bd0a342b84fbb14d05c221e4dd08a346a3b67a2a10522bfefa2af9e29b759bbcf85ac0fc99dc0dad2626824b85b177c35b7fe62009ba4ebf15a90e70a74428606e85d929cfa0e2248ef37551fc89f3e921a2619d8b10f340c76ff648d3e02db43240f71c75a9fb7bdef44d7e6d7e587973500c4982afa5703f8ae9b27390d554d7fc43196c5; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000272d0f07212cceda5a7b6edc95f9c628cba3e7a1341ff0ac759221ff4a2a77cf08dba60fd71130004d0ec28a8899877cd1b82227fa3af135e1e371d3c8ef803000d28d1001a1c21299e117041c3656ad5bb656a4fc061e97; Path=/
mybell.bell.ca/web/common/all_languages/all_regions/images/login/not_register_yet.jpg
184.150.212.207200 OK 8.1 kB URL HTTP/1.1 mybell.bell.ca/web/common/all_languages/all_regions/images/login/not_register_yet.jpg
IP 184.150.212.207:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 170x155, components 3\012- data
Hash cc1eeaae90343c9a7d0d74012baff655
ebbb2c93453b78301a55dccf1d704356431fb558
517dc416497e529b17399864d06116294060f0b858d63fe933abb90dd4ef998d
GET /web/common/all_languages/all_regions/images/login/not_register_yet.jpg HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: image/jpeg
Expires: Sun, 05 Feb 2023 05:03:18 GMT
Last-Modified: Sun, 07 Dec 2014 07:21:29 GMT
Accept-Ranges: bytes
ETag: "1D011EE6B126280"
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:18 GMT
Content-Length: 8142
Set-Cookie: dtCookie=v_4_srv_10_sn_4DDD7E0152B065DB9E5388971080B8DA_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=868293804.47873.0000; path=/; Httponly; Secure
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.bell.ca
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.luckymobile.ca
TLTSID=28429EACF132DAADA7094D74CAAE9748; Path=/; Domain=.virginplus.ca
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.luckymobile.ca
TLTUID=663D916790587D3DE451EBCF8843B954; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc4fda363db2b0b9db8a7a0a42480cca1392584b9404805167445f52430c7b9a054a05f124410199a22df7e07a4aff0bd3c1122f501ff42697f71ce9b4da065576dfc626bc262c134db1e8f93ecccc7c03c78d477a18e0052e2be846acdf91feffc62d811b14467971b4d542feb123be0434c2a9148515be2ae2f845f9b61ef08d7a25f5d8fcda89275d4c284fc07eec335ac762ad54648b546020247f52d5d0e0b3521578a5ce45e221123703c4bdbc0e0; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000499f63863d3f2b9868e72c423f5cac0cbca5671feaf394d8b5761ed17523b69c0806c212fa1130000b3f9289dbff37d9d1b82227fa3af1359aabaff4fb95f27af9b36ffd4384c03b613dbf13c5f7f663779041b7b1d6437b; Path=/
ww.w.conductability.org/web/common/en/all_regions/images/logos/entrust_seal.gif
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/entrust_seal.gif
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/entrust_seal.gif HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4449
Expires: Sat, 04 Feb 2023 06:17:27 GMT
Date: Sat, 04 Feb 2023 05:03:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 26181
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 24777
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 24745
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 23562
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 24777
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 24777
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:18 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/js/actualXFTag.js?ver=94.0
184.150.212.207404 Not Found 34 kB URL HTTP/1.1 mybell.bell.ca/web/js/actualXFTag.js?ver=94.0
IP 184.150.212.207:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7448), with CRLF, LF line terminators
Hash 2361d2eaa2dccaf59bfa851488c9bf4e
ac6c957cf13fcc9bf889f580d8ed3aafc0038f80
0d1c1cbeadcc65e8c2aad00dd08e89d7d7fc3eb26c607bb90259dafb05e6204f
GET /web/js/actualXFTag.js?ver=94.0 HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 404 Not Found
Cache-Control: no-cache, no-store, no-store
Pragma: no-cache,no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Set-Cookie: ASP.NET_SessionId=3hwoewc3ejof0fvu4nctfszy; path=/;SameSite=Lax; secure; HttpOnly; SameSite=Lax
gemini=region=|language=en|province=ON; domain=.bell.ca; expires=Fri, 05-May-2023 04:03:18 GMT; path=/;SameSite=Lax;SameSite=Lax; secure
gemini=region=|language=en|province=ON; domain=.bell.ca; expires=Fri, 05-May-2023 04:03:18 GMT; path=/;SameSite=Lax;SameSite=Lax; secure
SessionCk=c6ef0bab-1651-471b-9539-5216394d17a1; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:18:18 GMT; path=/; secure; HttpOnly
SessionCk=c6ef0bab-1651-471b-9539-5216394d17a1; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:18:18 GMT; path=/; secure; HttpOnly
InActivityCK=a2ee2eec-af65-4424-877e-177ccf3589dd; domain=.bell.ca; expires=Sat, 04-Feb-2023 05:33:18 GMT; path=/; secure; HttpOnly
ConsistentActivityCK=a2ee2eec-af65-4424-877e-177ccf3589dd; domain=.bell.ca; expires=Sat, 04-Feb-2023 17:03:18 GMT; path=/; secure; HttpOnly
OmniturePageName=Mybell:Error; domain=.bell.ca; path=/; secure; HttpOnly
dtCookie=v_4_srv_5_sn_D4DC1FB76D56A8E89D54D58D1294C4E0_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_1; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=885071020.47873.0000; path=/; Httponly; Secure
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.bell.ca
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.luckymobile.ca
TLTSID=C2C033A828901F17768A94500CF13E45; Path=/; Domain=.virginplus.ca
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:18 GMT
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.luckymobile.ca
TLTUID=0DF05C03B129707A4F11BABD2003E032; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc44380d594a02e82eb9af79a39079d4cb5748184996f7fb8a5352405072715e19dd3117d0db0b6bd456c0eba4edf3027a39f55053bb0a1e44562f078bf7869a7beb4dd8096937ab1c579da05315c31e9f93232d33e426db898eeb48f09766789026e73c7996554bf01982181538736d4c5be19ddb9ad86bd3e948013c641cbdfc7b17388794df5cb2966e73e17db8f269b3d7b0a6ccbeff8bb2e1406368f96927d31750649bc8b8babe84318f98050b9dd2e3c1adb80b458365a59fc73bb1a523dd4a8ca6bb545bba0608d25e00478f10092fd4603143b688c4b74f3a26c371a67551ad54a83ef2b68eff4bb103612b3e97dc7a8136198f2037a5b8a0bf58c2b829875c1f13235879dfe9d30eded010f1f13a9251dfd13f2efab80b1c831b2a2a1bd25d7fd54940fd00fd794e47ef60f4a; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab200088b6b83046e3614b89a57d1decc5f7321f0fec74701d5ba5755a495f1ec6890708d5b67ed1113000dc80b6eef78cb24fd1b82227fa3af13501efc8acb59386540ffe88cd0f825abaad8550815afd3799bc7928a2e3bfb206; Path=/
X-Generated-By: O-BC010
Access-Control-Allow-Origin: https://mybell.bell.ca
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1443258655"
Date: Sat, 04 Feb 2023 05:03:18 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487032866
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:19 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487033617
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/custom/js/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/custom/js/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/custom/js/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/js/opinion_lab/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/js/opinion_lab/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/js/opinion_lab/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/s_code_bell.js?v=11062013EH01 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:20 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pfobellweb.hs.llnwd.net/resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511
95.140.229.2200 OK 27 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511
IP 95.140.229.2:0
File type Web Open Font Format, TrueType, length 26676, version 1.0\012- data
Hash d390666bb096d61b31bbf0a7db646a15
0f496d2ec716aec051e43ee64fc1e4de19d6bee6
bb953410afd56c025f342f51c0f872e998085a81e56bdf336f94d5eb6685f829
GET /resource/web/resources/css/font/bellslim_semibold-webfont.woff?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://ww.w.conductability.org
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:21 GMT
Content-Type: application/octet-stream
Content-Length: 26676
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 30273
Last-Modified: Sun, 22 Jun 2014 08:23:08 GMT
Expires: Sat, 04 Feb 2023 20:38:48 GMT
X-LLID: bbed85dea59f9b4903bca42b5f450091
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487034368
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035118
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:21 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/web/common/en/all_regions/images/logos/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /web/common/en/all_regions/images/logos/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487035869
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:22 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487036620
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:23 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487037371
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/resource/web/common/all_languages/all_regions/js/metrics/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /resource/web/common/all_languages/all_regions/js/metrics/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038121
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
mybell.bell.ca/web/common/all_languages/all_regions/skin/favicon.ico
184.150.212.207200 OK 74 kB URL HTTP/1.1 mybell.bell.ca/web/common/all_languages/all_regions/skin/favicon.ico
IP 184.150.212.207:0
File type MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel\012- data
Hash bcdba058bf6b99e78e7e8ba712f3d3af
3c08ea5cf75ea3fba13f8d8d453aa38970b7ba81
aa8e33f2d864cc8e3825f164c0524fb26ebee04a36bfe81d66a570b2088f4c99
GET /web/common/all_languages/all_regions/skin/favicon.ico HTTP/1.1
Host: mybell.bell.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ww.w.conductability.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache,no-cache
Content-Type: image/x-icon
Expires: -1
Accept-Ranges: bytes
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Date: Sat, 04 Feb 2023 05:03:23 GMT
Content-Length: 73758
Set-Cookie: dtCookie=v_4_srv_10_sn_4871704836A918BEDB39927DB3F2A90F_perc_100000_ol_0_mul_1_app-3A429b1eac4514c5ce_1_rcs-3Acss_0; Path=/; Domain=.bell.ca; secure
CAD_Bell_ca_SS=1119952044.47873.0000; path=/; Httponly; Secure
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.bell.ca
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.luckymobile.ca
TLTSID=EB3B060CD9A221B91B1331156372C676; Path=/; Domain=.virginplus.ca
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.bell.ca; Expires=Thu, 26-Sep-2024 05:03:24 GMT
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.luckymobile.ca
TLTUID=66E842610EF2012C6E59D9CD1E5272A7; Path=/; Domain=.virginplus.ca
TLP025e8c23=02f979bbc42b767371cc7e3e5f28e942ed6048a70b3d250ab6f255e0857841eea89f76987657f673d20a1af654ae4591eed4ba72c9adde1d44e6d028b5fa11b1fa1113a703d673e78326f326bc60ba1386b3f265195320486786d3ac988a90505ff0d7a5e89c7832ef8e01a379ccade486321d10c2a9388e0a6b57fa37ad958475edf9cb7aa615e838324a6b9caeb47f4ef2d58bbd86e8c80a9ddcf66b5903806069258a76a847024424b96017aeff026b1fc86439; Path=/; Domain=.bell.ca; Secure; HTTPOnly
TLPdcc7cfa1028=08639def5eab2000937fef2ea45c8bfa6ee92235adcd7e5e42fad2eb4deab2d36c37f82a7ec2c8d2088c6eb30a113000592ec3362178d7e5b0c8defd3d29999b8655947c18284243cd1c507a728061a6154c9d09b0c0017bf74e34473ff729f9; Path=/
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823
95.140.229.2200 OK 108 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823
IP 95.140.229.2:0
File type GIF image data, version 89a, 1 x 44\012- data
Hash 959bdca997efaea10551f9fa9c7b4f44
5de8b879d0cc11f8a2536e681ed46ecdee16c488
3683c037c1d1fc8118772798825d3c5ba19e10ab668cb3208b99b29963a72390
GET /resource/web/common/all_languages/all_regions/skin/bg_secNav.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 108
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 11559
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 01:50:45 GMT
X-LLID: b056c189461e783d79a33f7a856c9b94
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511
95.140.229.2200 OK 43 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511
IP 95.140.229.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /resource/web/common/all_languages/all_regions/skin/bg_transparent.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 936578f72e8b8eef79b6ca4bf6e68926
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_gradient_p.png?ver=201809300511
95.140.229.2200 OK 179 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_gradient_p.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 20 x 52, 8-bit/color RGB, non-interlaced\012- data
Hash 334a20c75253578c10d316b684f0eda2
b2bea245dee6c3b9bbdb30487e98fbfb6e8b341a
f13da5db0700750e0463d7622ce45ace827223ad78bd981563b346f834c7eca6
GET /resource/web/resources/images/bg_gradient_p.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 179
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 1801
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 04:33:23 GMT
X-LLID: 8cb83a54accc8cf7b73d674eb43f92cd
pfobellweb.hs.llnwd.net/resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511
95.140.229.2200 OK 1.5 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 47 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 1121cc9cd550ffa93d1c8e66f8c22c1a
34aa6f48ee0f6944f1069379ba38ff71763aedfb
d7b4775e7024e0b85aa37326a0602167088077f0377a1e08b9fde22e8ab78cbe
GET /resource/web/resources/images/logo-bell-white-47x28.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 1472
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: c6ae0e0fae9fc505fdbff3d0184a6645
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823
95.140.229.2200 OK 43 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823
IP 95.140.229.2:0
File type GIF image data, version 89a, 1 x 2\012- data
Hash 2bd4449d026922ec48008e2e8413c604
17c867174391326c083e338609dfdd41b61da225
7c32a3d1ded45902e167d47d0fdbfc895bfaa97a16a3c44bdf49468227ffc032
GET /resource/web/common/all_languages/all_regions/skin/bg_formTextInput.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 13349
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 01:20:55 GMT
X-LLID: f020a6b6e0dc66f5ed594ca399001ea3
ww.w.conductability.org/custom/foresee/foresee-surveydef.js?build=24
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/custom/foresee/foresee-surveydef.js?build=24
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /custom/foresee/foresee-surveydef.js?build=24 HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww.w.conductability.org/Login.php
Cookie: fsr.a=1675487038121; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511
95.140.229.2200 OK 227 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511
IP 95.140.229.2:0
File type GIF image data, version 89a, 1 x 800\012- data
Hash c8caa40d55e69e4109c79e2110ee7fe0
9333a2d29161f6ac95a0dea68bbbd9adcdd968cb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592
GET /resource/web/common/all_languages/all_regions/skin/bg_gradRibbon.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 227
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 71b690eb3308d58c0f010e8f7df0a684
pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_dot.png?ver=201809300511
95.140.229.2200 OK 158 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_dot.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 5 x 10, 8-bit/color RGBA, non-interlaced\012- data
Hash 138ab723cf3b0f450f90087950bf5816
a1529837c28628844cf441fa95bb09f950cfa103
d98bd5697470b321bba10d47df58b8667887b41bd09e380f86387d9f5b1aa9e8
GET /resource/web/resources/images/bullet_dot.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 158
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 13131
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 01:24:33 GMT
X-LLID: 06b73139b6963e9570fa890cd0f0c45d
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511
95.140.229.2200 OK 3.3 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 1024 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash 58e7357250cacd7cf7d0c1f0b4afd1e4
45c106329d0da885e70064f9d07bce9b7e2e0c18
929906e7a1eadc89feea37117f760c7e08debedfb4f2bc6b335ca81846d2fe52
GET /resource/web/resources/images/bg_flyOutSprite_a.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 3303
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC013
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 11556
Last-Modified: Sun, 22 Jun 2014 08:23:09 GMT
Expires: Sun, 05 Feb 2023 01:50:48 GMT
X-LLID: 17888953f6ac1260b86aeca2c411ab0e
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823
95.140.229.2200 OK 14 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823
IP 95.140.229.2:0
File type PNG image data, 400 x 906, 8-bit/color RGBA, non-interlaced\012- data
Hash 8cdc9205bfb8337e915ff3a0f1f694c2
3756f1c84f09e856c3e389a4f0474d9820610e0c
dc97c9ceea06b8f7e47c01aae0564a3c4e1686c122cbee880a7011f1e2fa61bd
GET /resource/web/common/all_languages/all_regions/skin/bg_buttonSprite.png?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 14448
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 038ef61e635eb183ef61edee14d5ad51
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511
95.140.229.2200 OK 811 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 1050 x 29, 8-bit/color RGBA, non-interlaced\012- data
Hash 12ad0db519b84a4856fd00ecd76f8a21
3b5d2057841adcb928100f00843d5e2f163037a3
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00
GET /resource/web/common/all_languages/all_regions/skin/bg_cBoxExtra.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 811
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC009
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 15336
Last-Modified: Sun, 22 Jun 2014 08:23:00 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 9c58ae543f308b226bafcf579d3408b8
ww.w.conductability.org/custom/foresee/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/custom/foresee/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038121; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_iconSprite.png?ver=201809300511
95.140.229.2200 OK 103 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/bg_iconSprite.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 635 x 311, 8-bit/color RGBA, non-interlaced\012- data
Size 103 kB (102729 bytes)
Hash b57802d1e1438ee085728b93e8588d56
837684b7ff84da66972f2253564be2f9a9503c4c
21e39e30e42373a43a58733e1e5e589f042ab79c36fd48e890d00d2cb5979e84
GET /resource/web/resources/images/bg_iconSprite.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 102729
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 13116
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 01:24:48 GMT
X-LLID: 8e55918727fdcfc844505e3781bb4070
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823
95.140.229.2200 OK 493 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823
IP 95.140.229.2:0
File type GIF image data, version 89a, 975 x 13\012- data
Hash bb78fc14f637ca27ac6cb6d6671ea294
a6b72cd3feca0cefbde05f9161a1f533bad2895e
b42ec6173d78f4ed24a22cce44c8321afeebefec5fbe97e49deec25cce73bf98
GET /resource/web/common/all_languages/all_regions/skin/bg_mainExtra.gif?ver=201406220823 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_prime.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 493
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC010
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 30276
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sat, 04 Feb 2023 20:38:48 GMT
X-LLID: 68d95b062ce74f868fb69e066f89b270
pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_arrow.png?ver=201809300511
95.140.229.2200 OK 176 B URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/resources/images/bullet_arrow.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 5 x 10, 8-bit/color RGBA, non-interlaced\012- data
Hash cc15ef5d02c6f5818e8544671942d1da
30a5cdb8c4ac8a01a36b321ece28e02da97f648a
b9c002fba5daa8fa82660a56a658702c6ee3df8ba1dfc4856f1fdb26c8c5e0f1
GET /resource/web/resources/images/bullet_arrow.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mybell.bell.ca/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/png
Content-Length: 176
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC001
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Age: 9681
Last-Modified: Sun, 30 Sep 2018 05:11:11 GMT
Expires: Sun, 05 Feb 2023 02:22:03 GMT
X-LLID: 9e4b63061e82800c74696796a5627fb4
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511
95.140.229.2200 OK 3.1 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511
IP 95.140.229.2:0
File type GIF image data, version 89a, 36 x 36\012- data
Hash 87856f61120158cd9f8f251d6bb347ed
f22562f2e682f151b64f68296e70a51a35d96ced
976affddc600a9e675994bd34685729a01e62e5f7932cfd95c8ca9157c4327db
GET /resource/web/common/all_languages/all_regions/skin/loader_pgLoader.gif?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:24 GMT
Content-Type: image/gif
Content-Length: 3127
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15335
Last-Modified: Sun, 22 Jun 2014 08:23:01 GMT
Expires: Sun, 05 Feb 2023 00:47:49 GMT
X-LLID: 726061b68774a8baaadd3f106b22e44a
ww.w.conductability.org/custom/foresee/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/custom/foresee/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:24 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811
95.140.229.2200 OK 6.3 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811
IP 95.140.229.2:0
File type GIF image data, version 89a, 40 x 1194\012- data
Hash 3fd243bb752881c9ad923e8042914f43
01d2829fe00f0a19726f10af157afa241bc86e4e
13996d903d43e98b6aae9e7c7d08bed43de57a665f3b7459b931f388e97e0b14
GET /resource/web/common/all_languages/all_regions/skin/bg_iconSprite.gif?ver=202211120811 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:25 GMT
Content-Type: image/gif
Content-Length: 6305
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC012
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sat, 12 Nov 2022 08:11:52 GMT
Expires: Sun, 05 Feb 2023 00:47:48 GMT
X-LLID: 8125596057c45c7cd8a79b7b12cb0390
pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511
95.140.229.2200 OK 1.1 kB URL HTTP/1.1 pfobellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511
IP 95.140.229.2:0
File type PNG image data, 935 x 61, 8-bit/color RGBA, non-interlaced\012- data
Hash 83eff1b71490abdcb036bf24645db9a6
f7a02ff680e94a0055ae67f8fde7e2a40d784a70
dc1ec805814d0ddb270d0f890843351f69c38088372b7e59af8044177f097082
GET /resource/web/common/all_languages/all_regions/skin/bg_pageLoader.png?ver=201809300511 HTTP/1.1
Host: pfobellweb.hs.llnwd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pfobellweb.hs.llnwd.net/resource/web/css/bell_master_a.css?ver=202302032225
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:03:25 GMT
Content-Type: image/png
Content-Length: 1145
Connection: keep-alive
Cache-Control: public, max-age=86400
Accept-Ranges: bytes
X-Generated-By: O-BC011
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-XSS-Protection: 1
Content-Security-Policy: frame-ancestors oneview.bell.ca bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.decibelinsight.net *.decibel.com *.luckymobile.ca *.virginplus.ca; script-src https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.digital.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.virginplus.ca https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.bazaarvoice.com https://*.bing.com https://*.clarity.ms 'unsafe-inline' 'unsafe-eval'; object-src 'none'
X-Content-Type-Options: nosniff
Age: 15336
Last-Modified: Sun, 30 Sep 2018 05:11:03 GMT
Expires: Sun, 05 Feb 2023 00:47:49 GMT
X-LLID: 6bf22aaedb16f00ccb9933b3abe9cea0
ww.w.conductability.org/custom/foresee/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/custom/foresee/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:25 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
ww.w.conductability.org/custom/foresee/Login.php
68.66.226.93302 Found 0 B URL HTTP/1.1 ww.w.conductability.org/custom/foresee/Login.php
IP 68.66.226.93:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert openphish Bell Canada
fortinet Phishing
NIDS Severity Alert suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
suricata medium ETPRO HUNTING Observed Unusual Host (ww.)
GET /custom/foresee/Login.php HTTP/1.1
Host: ww.w.conductability.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww.w.conductability.org/Login.php
Connection: keep-alive
Cookie: fsr.a=1675487038873; fsr.s=%7B%22v2%22%3A-2%2C%22v1%22%3A1%7D
HTTP/1.1 302 Found
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
location: Login.php
content-type: text/html; charset=UTF-8
content-length: 0
date: Sat, 04 Feb 2023 05:03:25 GMT
server: LiteSpeed
cache-control: no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff