40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com Open in urlscan Pro
129.211.179.197 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://williamdeluce6.systeme.io/f68221a4
Effective URL:
https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Submission: On August 14 via manual (August 14th 2023, 5:58:19 pm UTC) from PK — Scanned from DE

Summary HTTP 42 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 12 domains to perform 42 HTTP transactions. The main IP is 129.211.179.197, located in China and belongs to TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN. The main domain is 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com.
TLS certificate: Issued by GlobalSign Organization Validation CA... on March 13th 2023. Valid for: a year.

This is the only time 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BCE-Bell (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1	52.222.149.90 52.222.149.90	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::282	54113 (FASTLY) (FASTLY)
4	2600:9000:21f... 2600:9000:21f3:5000:1c:d937:ae40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:239... 2600:9000:2394:2e00:f:a462:c1c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:224... 2600:9000:2240:8200:13:b2ca:a980:93a1	16509 (AMAZON-02) (AMAZON-02)
8	129.211.179.197 129.211.179.197	45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
6	209.71.212.18 209.71.212.18	() ()
2	2a00:1450:400... 2a00:1450:4001:80e::2004	() ()
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2a	20446 (STACKPATH...) (STACKPATH-CDN)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200a	() ()
1	149.137.137.254 149.137.137.254	() ()
42	16

1 52.222.149.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-90.cdg52.r.cloudfront.net

williamdeluce6.systeme.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::282 (United States)

ASN54113 (FASTLY, US)

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:21f3:5000:1c:d937:ae40:93a1 (United States)

ASN16509 (AMAZON-02, US)

d3fit27i5nzkqh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2394:2e00:f:a462:c1c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

d1yei2z3i6k35z.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:8200:13:b2ca:a980:93a1 (United States)

ASN16509 (AMAZON-02, US)

editor.systeme.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 129.211.179.197 (China)

ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)

40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 209.71.212.18 (None, )

ASN- ()

webmail.bell.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (None, )

ASN- ()

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.137.137.254 (None, )

ASN- ()

bellsubscriber.s3.us-east-005.backblazeb2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	myqcloud.com 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com	132 KB
6	bell.net webmail.bell.net	2 MB
5	cloudfront.net d3fit27i5nzkqh.cloudfront.net d1yei2z3i6k35z.cloudfront.net	455 KB
3	gstatic.com www.gstatic.com	178 KB
2	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 392 fonts.googleapis.com	31 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 986 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2763	28 KB
2	google.com www.google.com	2 KB
2	systeme.io williamdeluce6.systeme.io editor.systeme.io — Cisco Umbrella Rank: 426700	17 KB
1	backblazeb2.com bellsubscriber.s3.us-east-005.backblazeb2.com	8 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 245	7 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 752	24 KB
1	polyfill.io cdn.polyfill.io — Cisco Umbrella Rank: 3026	683 B
42	12

	Domain	Requested by
8	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
6	webmail.bell.net	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com webmail.bell.net bellsubscriber.s3.us-east-005.backblazeb2.com
4	d3fit27i5nzkqh.cloudfront.net	williamdeluce6.systeme.io
3	www.gstatic.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com www.google.com
2	www.google.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	bellsubscriber.s3.us-east-005.backblazeb2.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	fonts.googleapis.com	webmail.bell.net
1	stackpath.bootstrapcdn.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	ajax.googleapis.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	maxcdn.bootstrapcdn.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	cdnjs.cloudflare.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	code.jquery.com	40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
1	editor.systeme.io	williamdeluce6.systeme.io
1	d1yei2z3i6k35z.cloudfront.net	williamdeluce6.systeme.io
1	cdn.polyfill.io	williamdeluce6.systeme.io
1	williamdeluce6.systeme.io
42	16

This site contains no links.

Subject Issuer	Validity	Valid
systeme.io Amazon RSA 2048 M01	`2023-03-02` - `2024-01-24`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-10` - `2024-01-11`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
editor.systeme.io Amazon RSA 2048 M02	`2023-07-30` - `2024-08-27`	a year	crt.sh
*.cos.ap-nanjing.myqcloud.com GlobalSign Organization Validation CA - SHA256 - G3	`2023-03-13` - `2024-04-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
bell.net Entrust Certification Authority - L1K	`2023-06-26` - `2024-07-26`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
backblazeb2.com R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Frame ID: 79F984D3D6C1DFC3C27E3455E93A73B4
Requests: 35 HTTP requests in this frame

Frame: https://bellsubscriber.s3.us-east-005.backblazeb2.com/index.html
Frame ID: C4FE7DBB3D09B881B7FA0277D5A76F2A
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Frame ID: F77EE78F999E7ED1494754B8A25C1B13
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://williamdeluce6.systeme.io/f68221a4 Page URL
https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

42
Requests

81 %
HTTPS

73 %
IPv6

12
Domains

16
Subdomains

16
IPs

4
Countries

2965 kB
Transfer

4871 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://williamdeluce6.systeme.io/f68221a4 Page URL
https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 f68221a4 Show response
williamdeluce6.systeme.io/ 20 KB
7 KB 187ms
138ms Document
text/html 52.222.149.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://williamdeluce6.systeme.io/f68221a4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.90 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-90.cdg52.r.cloudfront.net

Software

nginx/1.24.0 /

Resource Hash

947d0f3f6bad3462da142c2be34b5a65638df4f8b7540ad39c1dd484660f5c5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, must-revalidate, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 14 Aug 2023 17:58:12 GMT
expires: Mon, 14 Aug 2023 17:58:12 GMT
server: nginx/1.24.0
vary: Accept-Encoding
via: 1.1 7d935e83126b0b85ded112b940f9c85c.cloudfront.net (CloudFront)
x-amz-cf-id: Xy9myBNBH9PU2t3hKHx3E1yxKbVVPJMzs4vLp-r5-feYwUIyKE_ROg==
x-amz-cf-pop: CDG52-P1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v2/ 100 B
683 B 55ms
9ms Script
text/javascript 2a04:4e42:200::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v2/polyfill.min.js?features=Intl.~locale.en%2CmatchMedia

Requested by

Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

34e4e4e998d1023cadeeda959be0f4fce5abe4eaf9d241782ae404e36446ecbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 14 Aug 2023 17:58:12 GMT
age: 408267
detected-user-agent: Chrome/115.0.0
useragent_normaliser: chrome/115.0.0
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=2
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 113
referrer-policy: origin-when-cross-origin
last-modified: Wed, 09 Aug 2023 15:35:19 GMT
fastly_service_version: 224
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/115.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 all.min.css
d3fit27i5nzkqh.cloudfront.net/assets/css/ 486 KB
81 KB 53ms
9ms Stylesheet
text/css 2600:9000:21f3:5000:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/assets/css/all.min.css
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5000:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 00:57:35 GMT
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Wed, 18 May 2022 12:25:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 1616438
etag: W/"325672b036bab9b57f6873aed5eccc43"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000,public
x-amz-cf-id: 2bIV4BjsIPHTwsKltyAH3HYN4JV7GZW3qs4FztGbmnR8QyEtTf8vTw==

GET
H2 200 runtimeSimplePage.6525755ed16e40f11e2f.js Show response
d3fit27i5nzkqh.cloudfront.net/js/ 2 KB
1 KB 62ms
19ms Script
application/javascript 2600:9000:21f3:5000:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/runtimeSimplePage.6525755ed16e40f11e2f.js
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5000:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e6e6bcec8cf0fab66c48aea5ba1e6cfa240580212d714019a81493caad1c2b99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 19 Jul 2023 14:47:54 GMT
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Tue, 18 Jul 2023 20:22:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 2257819
etag: W/"7e48280fb388cda9c9571931b0370d17"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: Ec1k6aYFguaYDYOSClIcjy-UCVQZiBSgkZeh84xKgcjJfL47J0vJKg==

GET
H2 200 simplePage.5ece97533cc3447342b3.js Show response
d3fit27i5nzkqh.cloudfront.net/js/ 489 KB
97 KB 66ms
23ms Script
application/javascript 2600:9000:21f3:5000:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/simplePage.5ece97533cc3447342b3.js
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5000:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9edba0ab6fefe642937d4a050c75575e8ce005b03c9166a820829ebecc87ce11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 08 Aug 2023 20:17:53 GMT
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Tue, 08 Aug 2023 20:17:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 510020
etag: W/"de3c4d099acf0d1de04c86c9a8ae0ac3"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: SzrC4I_gOZTwxm3cCH4E6Jz2bOjVg39lTNbWlAaEwbJL75EKQRcKrQ==

GET
H2 200 vendors~simplePage.1fb37d24bdd9e96a0de1.js Show response
d3fit27i5nzkqh.cloudfront.net/js/ 845 KB
247 KB 73ms
30ms Script
application/javascript 2600:9000:21f3:5000:1c:d937:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3fit27i5nzkqh.cloudfront.net/js/vendors~simplePage.1fb37d24bdd9e96a0de1.js
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5000:1c:d937:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5c6aae10644f6795f7f6ce1d1fdca28f1b3ced34ac660b1ae53c2bab0b88462

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 15:15:44 GMT
content-encoding: gzip
via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
last-modified: Tue, 11 Jul 2023 10:42:52 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
age: 2774549
etag: W/"b2bc303c095b22a0cc7f837ed711d581"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000,public
x-amz-cf-id: o8E-BbOEoUqTiVp6Np-W8wwOr3YPWXf2Epu91O47otdqrY3CV1DfDw==

GET
H2 200 64d7d0c0d44b2_VAyR.gif
d1yei2z3i6k35z.cloudfront.net/4704354/ 28 KB
29 KB 83ms
31ms Image
image/gif 2600:9000:2394:2e00:f:a462:c1c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1yei2z3i6k35z.cloudfront.net/4704354/64d7d0c0d44b2_VAyR.gif
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2394:2e00:f:a462:c1c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a27b60353a6821eb9f729682a78c55af862724e57f81ecde65228c6d6353110d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:44:52 GMT
via: 1.1 2a46367687c8f1815bbea20c92c7d64c.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
age: 801
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 28904
last-modified: Sat, 12 Aug 2023 18:34:43 GMT
server: AmazonS3
etag: "984381ca77db27cd5428627fe933b508"
vary: Origin
content-type: image/gif
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
x-amz-cf-id: vDF7xnhkRUfrOULjT-fF2ZujqU7BTnArbQ1i6A7uZaQSACrOl8E8kg==

GET
H2 200 affiliate_badge_logo.png
editor.systeme.io/assets/images/ 10 KB
11 KB 73ms
10ms Image
image/png 2600:9000:2240:8200:13:b2ca:a980:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://editor.systeme.io/assets/images/affiliate_badge_logo.png
Requested by: Host: williamdeluce6.systeme.io
URL: https://williamdeluce6.systeme.io/f68221a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:8200:13:b2ca:a980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://williamdeluce6.systeme.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 14:02:22 GMT
via: 1.1 df3b3b9f4fa0f79195c56a91cf242364.cloudfront.net (CloudFront)
last-modified: Mon, 14 Aug 2023 14:01:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 14151
etag: "8ef4308d7726d4ff8621170e787130ed"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000,public
accept-ranges: bytes
content-length: 10472
x-amz-cf-id: uAb6OIaZYgxbnnRwlBiNmmOGvJyrE75n241wNnuovC6ypKz6CWbrew==

GET
H/1.1 200
OK Primary Request index.html Show response
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ 130 KB
131 KB 2133ms
304ms Document
text/html 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash: b481176efea56e19c4ba3877878d1ff78a6705be58a7057cf2b68d676023b5ab

Request headers

Referer: https://williamdeluce6.systeme.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 133451
Content-Type: text/html
Date: Mon, 14 Aug 2023 17:58:14 GMT
ETag: "49a7f40b2760470f857ce007449d1a53"
Last-Modified: Fri, 11 Aug 2023 18:21:16 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 12325041917384257771
x-cos-request-id: NjRkYTZiMzZfYWM3NmFhMDlfMWY2ZmFfNzI0Yjc2Mw==

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ 0
0 76ms
48ms Script
text/html 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:14 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1621
x-xss-protection: 0

GET
H/1.1 404
Not Found bell_common.js
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/static/ 0
0 288ms
288ms Script
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiMzZfNGE4Y2VlMDlfMTgxYzBfNmJkYzA3NQ==
Date: Mon, 14 Aug 2023 17:58:14 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 443
Content-Type: application/xml

GET
H/1.1 200 ux.css
webmail.bell.net/bell/ux/ 2 MB
2 MB 1052ms
104ms Stylesheet
text/css 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

2c7e81fc045dc1f57aa937e78561df432578ce10dff9b245cb9ca6ee668468b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:36 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"1941731-1688155776000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: text/css
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 1941731
X-Xss-Protection: 1; mode=block

GET
H/1.1 404
Not Found UXConfig.js
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/ 0
0 258ms
257ms Script
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/UXConfig.js?v=3.1.3.28.1-8
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiMzdfYWM3NmFhMDlfMWY2ZThfNzI1YzBmNg==
Date: Mon, 14 Aug 2023 17:58:15 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 436
Content-Type: application/xml

GET
H/1.1 404
Not Found localization.js
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/ 0
0 260ms
260ms Script
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/localization.js?v=3.1.3.28.1-8
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiMzdfNGE4Y2VlMDlfMTgxOGZfNmMzZDI2NQ==
Date: Mon, 14 Aug 2023 17:58:15 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 440
Content-Type: application/xml

GET
H/1.1 200 jquery-3.5.1.min.js Show response
webmail.bell.net/bell/login/js/ 87 KB
88 KB 1058ms
106ms Script
application/javascript 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/login/js/jquery-3.5.1.min.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:16 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:32 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"89478-1688155772000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: application/javascript;charset=UTF-8
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 89478
X-Xss-Protection: 1; mode=block

GET
H/1.1 200 flush.css
webmail.bell.net/bell/login/css/ 82 KB
82 KB 1049ms
103ms Stylesheet
text/css 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/login/css/flush.css

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

752a2fd980c99dcabae0aa552cd99fe9794cdf49febea1ee1c90319990b6566c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:32 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"83485-1688155772000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: text/css
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 83485
X-Xss-Protection: 1; mode=block

GET
H/1.1 404
Not Found ux.js
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/ 0
0 523ms
266ms Script
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/ux.js?v=3.1.3.28.1-8
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiMzdfYWM3NmFhMDlfMWY3MzlfNzE5ZmVmMg==
Date: Mon, 14 Aug 2023 17:58:15 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 430
Content-Type: application/xml

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 909 B
899 B 38ms
17ms Script
text/javascript 2a00:1450:4001:80e::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

a30a685a0527dbcb17faa6363b4598fc35a33371869ddb9020fa95a865c26269

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 579
x-xss-protection: 1; mode=block
expires: Mon, 14 Aug 2023 17:58:16 GMT

GET
H2 200 jquery-3.2.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 33ms
12ms Script
application/javascript 2001:4de0:ac18::1:a:2a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:15 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-10fdd"
vary: Accept-Encoding
x-hw: 1692035895.dop264.fr8.t,1692035895.cds221.fr8.hn,1692035895.cds257.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 23856

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
7 KB 31ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 406183
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6157
last-modified: Thu, 22 Jun 2023 11:16:21 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942d85-180d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjmeA5IXk7H6JUzRgDLEj3DAOm1cBASkTJ%2BI3NJbVxwRSeaC65HyBzJLGFo0SsMA%2BGWUPu9e37M8YECsr%2Bc5vkGKor9FqbYQPIrTv2tPJfggMbP2BiBG04tlNm6ILpiXkDnKoVpIGLoW%2Br7BHWQHWUvl"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7f6b15ba6bb51c22-FRA
expires: Sat, 03 Aug 2024 17:58:15 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 48 KB
14 KB 41ms
20ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 865
cdn-cachedat: 11/25/2022 23:23:38
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: fd743e1bab085807d5d35f6aaebc3e11
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7f6b15ba79223671-FRA
cdn-requestpullsuccess: True

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 04:16:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 11 Aug 2024 04:16:29 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 50ms
24ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 17:58:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 723
age: 3076928
cdn-cachedat: 11/15/2021 23:30:00
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.0
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 7f6b15ba79584d6e-FRA
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 688 B
773 B 44ms
18ms Stylesheet
text/css 2a00:1450:4001:829::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=NTR&display=swap

Requested by

Host: webmail.bell.net
URL: https://webmail.bell.net/bell/ux/ux.css?v=3.1.3.28.1-8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

4cc0e51431f59835990a95e931e3961e4a04fa98b59b0c5a8ffe165ee7e0b781

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://webmail.bell.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 14 Aug 2023 17:58:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 16:39:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Aug 2023 17:58:18 GMT

GET
H/1.1 200 index.html Show response
bellsubscriber.s3.us-east-005.backblazeb2.com/ Frame C4FE 7 KB
8 KB 322ms
122ms Document
text/html 149.137.137.254

General

Check archive.org

Show headers Download Go to

Full URL: https://bellsubscriber.s3.us-east-005.backblazeb2.com/index.html
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 149.137.137.254 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f20f1deea159d245f00bcc89df9ca7290a92465a044728c0f21f6ebf8e38cba6

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 7395
Content-Type: text/html
Date: Mon, 14 Aug 2023 17:58:18 GMT
ETag: "34af9e91706380f1ac3de96af17384b8"
Keep-Alive: timeout=5
Last-Modified: Thu, 13 Jul 2023 12:28:59 GMT
x-amz-id-2: aNQVh/jigMlAxeTGHOCY4tzLEYhs0ITRF
x-amz-meta-src_last_modified_millis: 1689250988000
x-amz-request-id: b573321b355b6b4c
x-amz-version-id: 4_z651af8c2a1d1e828828b0414_f1045e2c26632f0dd_d20230713_m122859_c005_v0501004_t0011_u01689251339817

GET
H/1.1 404
Not Found bg_transparent.gif
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/ 444 B
444 B 261ms
261ms Image
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_transparent.gif
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash: 13ea893a5beb77560b6b77d8b49f69b421e075de9ae3fd271f73d907bc383cc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiM2JfYWM3NmFhMDlfMWY2YzVfNzE3N2MwYQ==
Date: Mon, 14 Aug 2023 17:58:19 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 444
Content-Type: application/xml

GET
H/1.1 404
Not Found bg_gradRibbon.gif
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/ 443 B
443 B 280ms
280ms Image
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_gradRibbon.gif
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash: 9daaa0d3ce8942f3fe56cf80dd9d04e587ea557208382e08ec6192c02e4fd743

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiM2JfNGE4Y2VlMDlfMTgxYjhfNmJkZThhNQ==
Date: Mon, 14 Aug 2023 17:58:19 GMT
Server: tencent-cos
Connection: keep-alive
Content-Length: 443
Content-Type: application/xml

GET
H/1.1 404
Not Found bellslim_semibold-webfont.woff
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/font/ 0
0 277ms
277ms Font
application/xml 129.211.179.197
TENCENT-NET-AP Sh...

General

Check archive.org

Show headers Download Go to

Full URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/font/bellslim_semibold-webfont.woff
Requested by: Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 129.211.179.197 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software: tencent-cos /
Resource Hash

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-cos-request-id: NjRkYTZiM2JfZDA0ZWI3MDlfYzM3NV83MDljOGEz
Date: Mon, 14 Aug 2023 17:58:19 GMT
Server: tencent-cos
Connection: keep-alive
x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ=
Content-Length: 453
Content-Type: application/xml

GET
DATA 200
OK truncated
/ 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f5d0f81e36d70ea35e6d8340b1aac212e0b327d2e0445b6950e233195e08039

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bbecc21cca446c905902af0936c9c06c3db45801c625c57221a96eee6db36f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame F77E 7 KB
2 KB 32ms
32ms Document
text/html 2a00:1450:4001:80e::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY

Requested by

Host: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

de1bb7a671bf465da9602a3eeba535b83df224398d95384d579c984edf9416f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vLNs3Dj8qdH5akNEyF0lXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1157
content-security-policy: script-src 'report-sample' 'nonce-vLNs3Dj8qdH5akNEyF0lXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 14 Aug 2023 17:58:18 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/ 441 KB
178 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/
Origin: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 14 Aug 2023 14:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 181564
x-xss-protection: 0
last-modified: Sun, 06 Aug 2023 12:02:10 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 13 Aug 2024 14:08:37 GMT

GET bg_cBoxExtra.png
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/ 0
0

GET bg_mainExtra.gif
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/ 0
0

GET fontello.woff
webmail.bell.net/bell/ux/font/ 0
0

GET styles__ltr.css
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame F77E 0
0

GET
H3 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame F77E 0
0 186ms
172ms Script
text/html 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&k=6LfI5NgaAAAAAJglwlQxU6kcHa7Bu6gNR38nhJDY
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

GET bellslim_semibold-webfont.ttf
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/font/ 0
0

GET
H/1.1 200 header.css
webmail.bell.net/bell/header/css/ Frame C4FE 6 KB
6 KB 104ms
104ms Stylesheet
text/css 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/header/css/header.css

Requested by

Host: bellsubscriber.s3.us-east-005.backblazeb2.com
URL: https://bellsubscriber.s3.us-east-005.backblazeb2.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

14e72a142eec1c65433ecb350e38c51798b6e01a37f237c023e5e5bff168f0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bellsubscriber.s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:30 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"5781-1688155770000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: text/css
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 5781
X-Xss-Protection: 1; mode=block

GET
H/1.1 200 header.js Show response
webmail.bell.net/bell/header/js/ Frame C4FE 8 KB
9 KB 106ms
105ms Script
application/javascript 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/header/js/header.js

Requested by

Host: bellsubscriber.s3.us-east-005.backblazeb2.com
URL: https://bellsubscriber.s3.us-east-005.backblazeb2.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bellsubscriber.s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:30 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"8489-1688155770000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: application/javascript;charset=UTF-8
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 8489
X-Xss-Protection: 1; mode=block

GET
H/1.1 200 flush.css
webmail.bell.net/bell/header/css/ Frame C4FE 51 KB
0 103ms
102ms Stylesheet
text/css 209.71.212.18

General

Check archive.org

Show headers Download Go to

Full URL

https://webmail.bell.net/bell/header/css/flush.css

Requested by

Host: bellsubscriber.s3.us-east-005.backblazeb2.com
URL: https://bellsubscriber.s3.us-east-005.backblazeb2.com/index.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.71.212.18 -, , ASN (),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bellsubscriber.s3.us-east-005.backblazeb2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Date: Mon, 14 Aug 2023 17:58:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Jun 2023 20:09:30 GMT
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA, UA-Model, UA-Platform, UA
ETag: W/"83220-1688155770000"
X-Frame-Options: SAMEORIGIN
X-Dns-Prefetch-Control: off
Content-Type: text/css
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 83220
X-Xss-Protection: 1; mode=block

GET bell.myBell.core.css
webmail.bell.net/bell/header/css/ Frame C4FE 0
0

GET bell.connector.css
webmail.bell.net/bell/header/css/ Frame C4FE 0
0

GET
DATA 200
OK truncated
/ Frame C4FE 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 416782e76f89fd063cc951f505075e2668b7c3652293031c10607defbf7c7fb4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

GET fontello.ttf
webmail.bell.net/bell/ux/font/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_cBoxExtra.png

Domain: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_mainExtra.gif

Domain: webmail.bell.net
URL: https://webmail.bell.net/bell/ux/font/fontello.woff?v=3.1.3.42.0-6

Domain: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css

Domain: 40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/font/bellslim_semibold-webfont.ttf

Domain: webmail.bell.net
URL: https://webmail.bell.net/bell/header/css/bell.myBell.core.css

Domain: webmail.bell.net
URL: https://webmail.bell.net/bell/header/css/bell.connector.css

Domain: webmail.bell.net
URL: https://webmail.bell.net/bell/ux/font/fontello.ttf?v=3.1.3.42.0-6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BCE-Bell (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			williamdeluce6.systeme.io/	1969-12-31 23:59:59	Name: sio_u Value: j96rts3lkabse4dpljvlu53vmf
			williamdeluce6.systeme.io/	1970-01-20 23:36:35	Name: v Value: 8598f74cd7eec09af8fe62e372c99d635befeeaad31af11c98f18dd3e827e2ed

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html Message: Refused to execute script from 'https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/static/bell_common.js?seed=AMDznOqGAQAACn9-0BiWwerLgcjacqW3CGvfkVAEWsPi7ZGi6nfS1KjIDt3P&lPVnX2sAmT--z=q Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/UXConfig.js?v=3.1.3.28.1-8 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/localization.js?v=3.1.3.28.1-8 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/ux/ux.js?v=3.1.3.28.1-8 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_transparent.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/font/bellslim_semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/img/bg_gradRibbon.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com/index.html Message: Access to font at 'https://webmail.bell.net/bell/ux/font/fontello.woff?v=3.1.3.42.0-6' from origin 'https://40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://webmail.bell.net/bell/ux/font/fontello.woff?v=3.1.3.42.0-6 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
ajax.googleapis.com
bellsubscriber.s3.us-east-005.backblazeb2.com
cdn.polyfill.io
cdnjs.cloudflare.com
code.jquery.com
d1yei2z3i6k35z.cloudfront.net
d3fit27i5nzkqh.cloudfront.net
editor.systeme.io
fonts.googleapis.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
webmail.bell.net
williamdeluce6.systeme.io
www.google.com
www.gstatic.com
40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com
webmail.bell.net
www.gstatic.com
129.211.179.197
149.137.137.254
2001:4de0:ac18::1:a:2a
209.71.212.18
2600:9000:21f3:5000:1c:d937:ae40:93a1
2600:9000:2240:8200:13:b2ca:a980:93a1
2600:9000:2394:2e00:f:a462:c1c0:93a1
2606:4700::6811:190e
2606:4700::6812:acf
2a00:1450:4001:80e::2004
2a00:1450:4001:811::200a
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a04:4e42:200::282
52.222.149.90
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0bbecc21cca446c905902af0936c9c06c3db45801c625c57221a96eee6db36f8
0f5d0f81e36d70ea35e6d8340b1aac212e0b327d2e0445b6950e233195e08039
13ea893a5beb77560b6b77d8b49f69b421e075de9ae3fd271f73d907bc383cc1
14e72a142eec1c65433ecb350e38c51798b6e01a37f237c023e5e5bff168f0c1
1d005e54c557c7b45e4dbbe2abb05bf33bb52631faed17189da60940b07c25ae
2c7e81fc045dc1f57aa937e78561df432578ce10dff9b245cb9ca6ee668468b5
34e4e4e998d1023cadeeda959be0f4fce5abe4eaf9d241782ae404e36446ecbf
416782e76f89fd063cc951f505075e2668b7c3652293031c10607defbf7c7fb4
4cc0e51431f59835990a95e931e3961e4a04fa98b59b0c5a8ffe165ee7e0b781
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
752a2fd980c99dcabae0aa552cd99fe9794cdf49febea1ee1c90319990b6566c
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
947d0f3f6bad3462da142c2be34b5a65638df4f8b7540ad39c1dd484660f5c5d
9a7b9f391ddbe87d136b1a154567eb12a23c801ec87899d9c48408104cbfb85b
9daaa0d3ce8942f3fe56cf80dd9d04e587ea557208382e08ec6192c02e4fd743
9edba0ab6fefe642937d4a050c75575e8ce005b03c9166a820829ebecc87ce11
a27b60353a6821eb9f729682a78c55af862724e57f81ecde65228c6d6353110d
a30a685a0527dbcb17faa6363b4598fc35a33371869ddb9020fa95a865c26269
a35f901d01118e5649091bd03ac5784a7db52e111fb3806524c412f3d1dcfc5d
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b481176efea56e19c4ba3877878d1ff78a6705be58a7057cf2b68d676023b5ab
de1bb7a671bf465da9602a3eeba535b83df224398d95384d579c984edf9416f8
e6e6bcec8cf0fab66c48aea5ba1e6cfa240580212d714019a81493caad1c2b99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f20f1deea159d245f00bcc89df9ca7290a92465a044728c0f21f6ebf8e38cba6
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
f5c6aae10644f6795f7f6ce1d1fdca28f1b3ced34ac660b1ae53c2bab0b88462

40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com Open in urlscan Pro 129.211.179.197 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

42 Requests

81 %HTTPS

73 %IPv6

12 Domains

16 Subdomains

16 IPs

4 Countries

2965 kBTransfer

4871 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

42 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

40secondsvoiceover-1320065178.cos.ap-nanjing.myqcloud.com Open in urlscan Pro
129.211.179.197 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

42
Requests

81 %
HTTPS

73 %
IPv6

12
Domains

16
Subdomains

16
IPs

4
Countries

2965 kB
Transfer

4871 kB
Size

2
Cookies

42 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!