bettilt-c2-tr.pu872ev.com Open in urlscan Pro
2606:4700:20::ac43:47e5  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bettilt-c2-tr.pu872ev.com/	17 KB 5 KB	673ms 322ms	Document text/html	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d775b4e97deda10f9f3063f950a80c01c0b5675f33444c12c663a95d478bafe Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cf-cache-status DYNAMIC cf-ray 85564f05afa7da0f-MIA content-encoding br content-type text/html date Wed, 14 Feb 2024 15:22:48 GMT last-modified Thu, 01 Feb 2024 10:32:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0cM0geQFcK8SilkxYCEGZPlwvERGjUUtdUtPWbiKzpQ3ww5SiQG4ppVDHgxLx9ZHFvqUPyeu1hyQGAMhj7zhgelofDLoYaTRxTgy7w37%2BQP59RGhyR6GNN7P3YcZa0T2mH4By%2BnWedXSD911xW2Oyrm%2F%2BE902E%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	main.css bettilt-c2-tr.pu872ev.com/	24 KB 5 KB	308ms 307ms	Stylesheet text/css	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/main.css Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a900f9aae7258e1e182fec221a457e61ff6bcf8f33a536f54b50b0b96c278397 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding br cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:39 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb7347-5f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yz9FyIkrSa9IlGQP8zIva6rVqOVTdGmW339sVPHubfpDwvL9lp36AIYMLFE%2BIgXKhHb56qamQr%2FsM5fwpuzLnHDsBZHSRjCaUiseyMQ3gYihFYvMbI9zpoBxPo2YO1w4s4uf0wocw115Ov4bl%2FeaClvQX3ZOnas%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 85564f07a9a5da0f-MIA
GET H2	200	enterprise.js Show response www.google.com/recaptcha/	1 KB 1 KB	180ms 68ms	Script text/javascript	2607:f8b0:4004:c09::67 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50 Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::67 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 3608b56b7433742ddbeec62e52deda291b8bab0619d6f392b2b62041e5ee68a8 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Wed, 14 Feb 2024 15:22:49 GMT
GET H2	200	bundle.js Show response bettilt-c2-tr.pu872ev.com/	71 KB 17 KB	427ms 426ms	Script application/javascript	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/bundle.js Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 40c9f946277f95523ddfaeb0bf23f6a2e2acabc9ce0f645fc586cf0f60735772 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding br cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb733c-11de3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUzuEL4JwNmXCgyxrcjESjKwrQZJNdSKblhr%2BWwwRa%2BVKa%2Bk4UEOqG8B0H0QmJlVjup9Yh0w%2FR7BTSS7yvKWQofBND4Ig7xqZbw%2FN5SkQjTYYn2YL1lf0zuyoPVsdBot7e%2BSlslW9hdwRYtWpCqNbGxY4roj8lM%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 85564f07a9a8da0f-MIA
GET H2	200	fp.js Show response fs.pudaf.com/	396 KB 73 KB	460ms 148ms	Script application/javascript	52.28.222.254
General Check archive.org Show headers Download Go to Full URL https://fs.pudaf.com/fp.js Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 52.28.222.254 Frankfurt am Main, Germany, ASN (), Reverse DNS ec2-52-28-222-254.eu-central-1.compute.amazonaws.com Software / Resource Hash 91790b93c53f7047d05e7f2c0fe9075bad574c5c144afd12c9dfda678c0f9771 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding gzip last-modified Mon, 12 Feb 2024 11:29:26 GMT etag W/"65ca0116-62e4b" content-type application/javascript
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/	490 KB 195 KB	159ms 52ms	Script text/javascript	2607:f8b0:4004:c08::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bettilt-c2-tr.pu872ev.com/ Origin https://bettilt-c2-tr.pu872ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 12:17:45 GMT content-encoding gzip x-content-type-options nosniff age 11104 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 199529 x-xss-protection 0 last-modified Mon, 05 Feb 2024 05:00:25 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 13 Feb 2025 12:17:45 GMT
GET H2	200	custom_background.jpg bettilt-c2-tr.pu872ev.com/img/	40 KB 41 KB	425ms 424ms	Image image/jpeg	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu872ev.com/img/custom_background.jpg Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9541514dc8f846bd28be99741fb59fc9ff8a32b2030bc5cca36100f79d0733d1 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb7341-a0c5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZLbiFsEUA35DavacYQPMiVCOL5lWAiYVTaoICDJ%2FFqJlAJuDX28W1pn%2Ft%2FK6yxkCBQy3bZPna1mgxat1YvYsx%2FhjaOdBLqzdyAum9oZCinh7S2l%2B42WjKLe31WvLJVigk7YNeJsc6cTo%2BJ5d9fVAJtXxHtsZBY%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 cf-ray 85564f099b85da0f-MIA
GET H2	200	down-arrow.svg bettilt-c2-tr.pu872ev.com/img/	199 B 465 B	303ms 303ms	Image image/svg+xml	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu872ev.com/img/down-arrow.svg Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f8674e0a24bf5191b421e076335c32d14b288226ef6d9e8dbc803d1c19d4117 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding br cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb7341-c7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ETQ%2BhbIHnRXeU4GUPlL%2Bj%2F3gaRITN%2FdZlXxV8N54%2BYZJ341AlUqTI%2FEVp6skAxvMf80K0wlz%2BdLu0y3RshrFmjt4BTPWUZi8kU1fLJVHPO2NSvxlXaP0OMyOGaOLfI6kXOQva4yxc8zhDRfEnxIeapNa5%2F%2Bjo8%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 85564f099b87da0f-MIA
GET H2	200	custom_checkbox.svg bettilt-c2-tr.pu872ev.com/img/	201 B 484 B	171ms 170ms	Image image/svg+xml	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu872ev.com/img/custom_checkbox.svg Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 74aeb26ca8e7d90b0ca08b08b9435f07f952f2f719c2f53340d8c5586aa0eadd Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT content-encoding br cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb7341-c9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SZ9%2FA%2FeeSyGPOIKuoMQpmnc5Q%2BL5SikKJEdnnyRzlvMp0PuynXApfAbJXY8EIeAiythxt40yKMYWOZoqY1awS1V7tZwzXHG1BuFX3ZQBLbc89rohiB2rF4k6cxl38y60G%2FQg0BXHMf518iQECjrnCWV4DYa7DM%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 85564f09ab90da0f-MIA
GET H2	200	OpenSans-SemiBold.woff bettilt-c2-tr.pu872ev.com/fonts/src/fonts/OpenSans-SemiBold/	78 KB 79 KB	451ms 450ms	Font font/woff	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/fonts/src/fonts/OpenSans-SemiBold/OpenSans-SemiBold.woff Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d069fc26e45fafd68327cb2252c6198d52ea6f5712d1956d91688e76a5df772b Request headers Referer https://bettilt-c2-tr.pu872ev.com/main.css Origin https://bettilt-c2-tr.pu872ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65bb733f-13904" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1KIE8UG7vJ%2BiQtEZnmMRXVKdpf9WgImLmJI%2FibOBdgGKb%2F5eZai4Ce4N3d0aNads5KfyAWLiLXYBddfCAQugt1ZsNX8Bb4UFX8H2BaVi1U2roguFp0pKp2Q080k8EHGcbw9Tk%2BslHA2%2B8lgOnM5teyM0h49ehM%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 85564f09ab8ada0f-MIA content-length 80132
GET H2	200	RussoOne-Regular.woff bettilt-c2-tr.pu872ev.com/fonts/src/fonts/RussoOne-Regular/	19 KB 19 KB	431ms 430ms	Font font/woff	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/fonts/src/fonts/RussoOne-Regular/RussoOne-Regular.woff Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c37a3910cd099482d8b0b3b335152e5da94916103735b7df73b3a0e385362b40 Request headers Referer https://bettilt-c2-tr.pu872ev.com/main.css Origin https://bettilt-c2-tr.pu872ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65bb733e-4bcc" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2pWTHk47EWULwj8K2vg0Y3fKyqkBZoEJCShi9ARsFMlsfTEVeN%2FGfj8KroLGgTv9g%2FYUgPA2uxy%2F8EqWGCp4v71nLviYkI1zB3GGff4oDtu4qQwaYWpU6%2FEXQ4jpxfC%2FwLhQNKD%2BPIDaNlIVEX4cPEt%2F99A8Es%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 85564f09ab8bda0f-MIA content-length 19404
GET H2	200	OpenSans-Bold.woff bettilt-c2-tr.pu872ev.com/fonts/src/fonts/OpenSans-Bold/	76 KB 77 KB	566ms 565ms	Font font/woff	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/fonts/src/fonts/OpenSans-Bold/OpenSans-Bold.woff Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9252aa26e62d5af8476dde37ecb7dfb34b02a5a417c29109aea1d384e62be40 Request headers Referer https://bettilt-c2-tr.pu872ev.com/main.css Origin https://bettilt-c2-tr.pu872ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65bb733e-13110" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rvTDNfL0RgWJDV%2B3jPghIT4FNJ5hoifDQPSGQgmk1nNIjVBJV55XtGU3O6gKujMU%2B3Asd7S9psmqM2%2B04B2G5VU4DlnG%2FWtOK2nEyJFuxmEcJ8q01h4cq1wiIBV4QHHRnlhzkXXkIBFezaC%2BglyoUs86L4BD%2FOA%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 85564f09ab8dda0f-MIA content-length 78096
GET H2	200	turkey.png bettilt-c2-tr.pu872ev.com/img/country/	1 KB 1 KB	298ms 297ms	Image image/png	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu872ev.com/img/country/turkey.png Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4572c20092423c491c830915d4eccaad9b43524a9e74eb39d1ca7db8d66f8370 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65bb7344-4a9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BXCj0zv1khu61RhkSG4yPsW5GRKnlBipgEjTWyg%2Bh1DPlrXwxlHb%2FwUqCKeRol9fQ9%2FiBQy4bk5XRJv1UiiobXPWsuqxrI1KszDkDkZqungBIrqn%2Fo7zTdgTKggVygsb8RLVRPi22iJcGAl4bJ%2FOmcdmfrXD0PU%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 85564f0a6c64da0f-MIA
GET H2	200	icomoon.ttf bettilt-c2-tr.pu872ev.com/fonts/src/icon-fonts/	7 KB 7 KB	297ms 296ms	Font application/octet-stream	2606:4700:20::ac43:47e5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu872ev.com/fonts/src/icon-fonts/icomoon.ttf Requested by Host: bettilt-c2-tr.pu872ev.com URL: https://bettilt-c2-tr.pu872ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:47e5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9a9e23e2620acc7e7679de55c389add58698ada404ae426fdf3ef286950b292f Request headers Referer https://bettilt-c2-tr.pu872ev.com/main.css Origin https://bettilt-c2-tr.pu872ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:49 GMT cf-cache-status MISS last-modified Thu, 01 Feb 2024 10:32:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65bb7341-1a54" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24Y1BY9kO0jPfiJVA2SjPv8r%2FlJpbxxz%2Bxq8JUsG%2BlOf1EsP08MGRBPoudUSoXoh8onA9NzImrIpKaKvixtsa3xh3v7NgCkV6r3W8jQ%2BMYWLQ9dw0YdzfUZC27EP%2Fxoa6OLrYC85zhDcZrioqJmjOdbWVdl6Zlk%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 85564f0a6c65da0f-MIA content-length 6740
GET H2	200	anchor Show response www.google.com/recaptcha/enterprise/ Frame 7C35	7 KB 1 KB	81ms 77ms	Document text/html	2607:f8b0:4004:c09::67 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1ODcyZXYuY29tOjQ0Mw..&hl=en&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=tvcyavped9s7 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::67 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash edab655b03b09c75555e53aab0969bf3c2132fc25de7ace5c13b86f584db8308 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-NuBuSvR5nuUHGd1mh7Q8sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://bettilt-c2-tr.pu872ev.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-NuBuSvR5nuUHGd1mh7Q8sg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Wed, 14 Feb 2024 15:22:49 GMT expires Wed, 14 Feb 2024 15:22:49 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	200	styles__ltr.css www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame 7C35	55 KB 24 KB	160ms 54ms	Stylesheet text/css	2607:f8b0:4004:c08::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1ODcyZXYuY29tOjQ0Mw..&hl=en&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=tvcyavped9s7 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 13:12:02 GMT content-encoding gzip x-content-type-options nosniff age 7848 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24606 x-xss-protection 0 last-modified Mon, 05 Feb 2024 05:00:25 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 13 Feb 2025 13:12:02 GMT
GET H3	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame 7C35	490 KB 195 KB	157ms 53ms	Script text/javascript	2607:f8b0:4004:c08::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1ODcyZXYuY29tOjQ0Mw..&hl=en&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=tvcyavped9s7 Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 12:17:45 GMT content-encoding gzip x-content-type-options nosniff age 11105 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 199529 x-xss-protection 0 last-modified Mon, 05 Feb 2024 05:00:25 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 13 Feb 2025 12:17:45 GMT
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 7C35	2 KB 2 KB	53ms 52ms	Image image/png	2607:f8b0:4004:c08::5e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Tue, 13 Feb 2024 12:42:01 GMT x-content-type-options nosniff age 96049 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes expires Tue, 20 Feb 2024 12:42:01 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 7C35	15 KB 16 KB	160ms 53ms	Font font/woff2	2607:f8b0:4004:c06::5e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1ODcyZXYuY29tOjQ0Mw..&hl=en&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=tvcyavped9s7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Tue, 13 Feb 2024 18:42:47 GMT x-content-type-options nosniff age 74403 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 12 Feb 2025 18:42:47 GMT
OPTIONS H2	204	ebfe4a53-837d-4756-81c2-61673ee46fd8 f.pudaf.com/p/ Frame	0 0	440ms 143ms	Preflight	3.77.191.61 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/ebfe4a53-837d-4756-81c2-61673ee46fd8?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=ebfe4a53-837d-4756-81c2-61673ee46fd8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.77.191.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-77-191-61.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type,if-none-match Access-Control-Request-Method POST Origin https://bettilt-c2-tr.pu872ev.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers access-control-allow-headers Origin,Content-Length,Content-Type,if-none-match access-control-allow-methods GET,POST,HEAD,PUT,DELETE,PATCH access-control-allow-origin * access-control-max-age 43200 date Wed, 14 Feb 2024 15:22:52 GMT vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers
POST H2	200	ebfe4a53-837d-4756-81c2-61673ee46fd8 Show response f.pudaf.com/p/	58 B 769 B	558ms 557ms	Fetch application/json	3.77.191.61 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/ebfe4a53-837d-4756-81c2-61673ee46fd8?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=ebfe4a53-837d-4756-81c2-61673ee46fd8 Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.77.191.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-77-191-61.eu-central-1.compute.amazonaws.com Software / Resource Hash d37fde2050df7090fa3110ace90a44e1a2b46318122d6a360fc00e241e08deb5 Request headers Accept application/json, text/html, text/plain Referer https://bettilt-c2-tr.pu872ev.com/ If-None-Match accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Content-Type application/octet-stream Response headers date Wed, 14 Feb 2024 15:22:53 GMT last-modified Wed, 14 Feb 2024 15:21:12 GMT accept-ch sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors etag 65ccdacc1f495439c3839bc1 vary Origin content-type application/json access-control-allow-origin * access-control-expose-headers If-Match,If-Modified-Since,If-None-Match,ETag,Last-Modified content-length 58
HEAD H2	200	adsbygoogle.js pagead2.googlesyndication.com/pagead/js/	0 0	224ms 117ms	Fetch text/javascript	2607:f8b0:4004:c1d::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu872ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers date Wed, 14 Feb 2024 15:22:52 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 51051 x-xss-protection 0 server cafe etag 6106082826915005767 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * link <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin expires Wed, 14 Feb 2024 15:22:52 GMT
GET BLOB	200 OK	2e284144-de31-4792-930e-ca235989988a https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/2e284144-de31-4792-930e-ca235989988a Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	7131599e-82ac-4906-b20e-9f257fa87126 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/7131599e-82ac-4906-b20e-9f257fa87126 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	5ea4ac2d-7286-48cb-9aa5-fb3351ea2fad https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/5ea4ac2d-7286-48cb-9aa5-fb3351ea2fad Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	fc9feda7-1cd8-4974-aa15-424063d43354 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/fc9feda7-1cd8-4974-aa15-424063d43354 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	f87f63ac-fce2-46b0-9e76-3e92888f0e7e https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/f87f63ac-fce2-46b0-9e76-3e92888f0e7e Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	8d30b2ff-5ab3-4e1f-ad19-8a2cdd6bf231 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/8d30b2ff-5ab3-4e1f-ad19-8a2cdd6bf231 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	003c1c3f-bed7-412c-b4b4-eeed19f7a6af https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/003c1c3f-bed7-412c-b4b4-eeed19f7a6af Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	eeca4ceb-9ebe-4d78-a912-895d818d0772 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/eeca4ceb-9ebe-4d78-a912-895d818d0772 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	05a20c4b-0061-4cae-b20e-5c1ef2e374e7 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/05a20c4b-0061-4cae-b20e-5c1ef2e374e7 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	1129357a-8d17-41b7-87ce-760cb98e0f12 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/1129357a-8d17-41b7-87ce-760cb98e0f12 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	74e30494-ee0c-4ee1-a6c3-147512b55110 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/74e30494-ee0c-4ee1-a6c3-147512b55110 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	908e0497-65c7-4e92-87f4-2bf8339dc863 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/908e0497-65c7-4e92-87f4-2bf8339dc863 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	0f8cce23-e356-4a0b-98f2-760cfbf14b08 https://bettilt-c2-tr.pu872ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu872ev.com/0f8cce23-e356-4a0b-98f2-760cfbf14b08 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
OPTIONS H2	204	ebfe4a53-837d-4756-81c2-61673ee46fd8 f.pudaf.com/p/ Frame	0 0	146ms 146ms	Preflight	3.77.191.61 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/ebfe4a53-837d-4756-81c2-61673ee46fd8?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=ebfe4a53-837d-4756-81c2-61673ee46fd8 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.77.191.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-77-191-61.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type,if-none-match Access-Control-Request-Method POST Origin https://bettilt-c2-tr.pu872ev.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers access-control-allow-headers Origin,Content-Length,Content-Type,if-none-match access-control-allow-methods GET,POST,HEAD,PUT,DELETE,PATCH access-control-allow-origin * access-control-max-age 43200 date Wed, 14 Feb 2024 15:22:54 GMT vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers
POST H2	200	ebfe4a53-837d-4756-81c2-61673ee46fd8 Show response f.pudaf.com/p/	58 B 769 B	406ms 406ms	Fetch application/json	3.77.191.61 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/ebfe4a53-837d-4756-81c2-61673ee46fd8?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=ebfe4a53-837d-4756-81c2-61673ee46fd8 Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.77.191.61 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-77-191-61.eu-central-1.compute.amazonaws.com Software / Resource Hash d37fde2050df7090fa3110ace90a44e1a2b46318122d6a360fc00e241e08deb5 Request headers Accept application/json, text/html, text/plain Referer https://bettilt-c2-tr.pu872ev.com/ If-None-Match accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Content-Type application/octet-stream Response headers date Wed, 14 Feb 2024 15:22:54 GMT last-modified Wed, 14 Feb 2024 15:21:14 GMT accept-ch sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors etag 65ccdace1f495439c3839c22 vary Origin content-type application/json access-control-allow-origin * access-control-expose-headers If-Match,If-Modified-Since,If-None-Match,ETag,Last-Modified content-length 58

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| landingConfig string| afto function| aft object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| phonePattern object| links object| pageState object| formNotif object| recaptcha object| closure_lm_144287 string| afti function| aftUUID function| aftSID function| aftUID function| aftGenSID string| _D9tysGh2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pu872ev.com/	1970-01-20 18:25:25	Name: __cf_bm Value: SRdzg.yROAdfcLx.a4g1pUnOrQFw0QbQWriBhO.UY6A-1707924168-1.0-ARpnZOlbFoqI/GDrxCIGi3DE90mSytH2iuW4ggjSZfOxlYmSavKQRGtOAR6cwz2ebY83ipz25T/BCU++0oSLE9A=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://fs.pudaf.com/fp.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bettilt-c2-tr.pu872ev.com
f.pudaf.com
fonts.gstatic.com
fs.pudaf.com
pagead2.googlesyndication.com
www.google.com
www.gstatic.com
2606:4700:20::ac43:47e5
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c08::5e
2607:f8b0:4004:c09::67
2607:f8b0:4004:c1d::9a
3.77.191.61
52.28.222.254
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
2d775b4e97deda10f9f3063f950a80c01c0b5675f33444c12c663a95d478bafe
3608b56b7433742ddbeec62e52deda291b8bab0619d6f392b2b62041e5ee68a8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40c9f946277f95523ddfaeb0bf23f6a2e2acabc9ce0f645fc586cf0f60735772
4572c20092423c491c830915d4eccaad9b43524a9e74eb39d1ca7db8d66f8370
4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa
5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd
74aeb26ca8e7d90b0ca08b08b9435f07f952f2f719c2f53340d8c5586aa0eadd
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
91790b93c53f7047d05e7f2c0fe9075bad574c5c144afd12c9dfda678c0f9771
9541514dc8f846bd28be99741fb59fc9ff8a32b2030bc5cca36100f79d0733d1
9a9e23e2620acc7e7679de55c389add58698ada404ae426fdf3ef286950b292f
9f8674e0a24bf5191b421e076335c32d14b288226ef6d9e8dbc803d1c19d4117
a900f9aae7258e1e182fec221a457e61ff6bcf8f33a536f54b50b0b96c278397
b9252aa26e62d5af8476dde37ecb7dfb34b02a5a417c29109aea1d384e62be40
c37a3910cd099482d8b0b3b335152e5da94916103735b7df73b3a0e385362b40
d069fc26e45fafd68327cb2252c6198d52ea6f5712d1956d91688e76a5df772b
d37fde2050df7090fa3110ace90a44e1a2b46318122d6a360fc00e241e08deb5
edab655b03b09c75555e53aab0969bf3c2132fc25de7ace5c13b86f584db8308