urlscan.io logo urlscan.io
SecurityTrails logo

bonus-2-ca.pu220ev.com Open in urlscan Pro
2606:4700:20::681a:3d3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://recovery.express/
Effective URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%...
Submission: On November 28 via automatic, source certstream-suspicious — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 14 domains to perform 33 HTTP transactions. The main IP is 2606:4700:20::681a:3d3, located in United States and belongs to CLOUDFLARENET, US. The main domain is bonus-2-ca.pu220ev.com.
TLS certificate: Issued by WE1 on October 13th 2024. Valid for: 3 months.
This is the only time bonus-2-ca.pu220ev.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 72.52.179.174 32244 (LIQUIDWEB)
2 5 64.190.63.136 47846 (SEDO-AS S...)
1 205.234.175.175 30081 (CACHENETW...)
2 2 173.239.53.32 27257 (WEBAIR-IN...)
1 2 15.197.224.234 16509 (AMAZON-02)
1 130.211.29.114 396982 (GOOGLE-CL...)
2 35.241.15.240 396982 (GOOGLE-CL...)
1 1 185.159.247.96 209242 (CLOUDFLAR...)
14 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 18.196.197.52 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
3 13.225.63.90 ()
1 2607:f8b0:400... ()
33 13
1    72.52.179.174 (United States)

ASN32244 (LIQUIDWEB, US)
PTR: lb01.parklogic.com
recovery.express
5    64.190.63.136 (Germany)

ASN47846 (SEDO-AS SEDO GmbH, DE)
ww1.recovery.express
1    205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com
2    173.239.53.32 (New York, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.sedodna.com
xml-v4.ngcluster-a.online
2    15.197.224.234 (United States)

ASN16509 (AMAZON-02, US)
PTR: ab226b763647f1870.awsglobalaccelerator.com
wedlore-a.online
1    130.211.29.114 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 114.29.211.130.bc.googleusercontent.com
cdn.perfdrive.com
2    35.241.15.240 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.15.241.35.bc.googleusercontent.com
cas.avalon.perfdrive.com
1    185.159.247.96 (São Paulo, Brazil)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)
refpupp2020.com
14    2606:4700:20::681a:3d3 (United States)

ASN13335 (CLOUDFLARENET, US)
bonus-2-ca.pu220ev.com
2    2607:f8b0:4006:808::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4006:821::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    18.196.197.52 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-197-52.eu-central-1.compute.amazonaws.com
fs.pudaf.com
1    2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
3    13.225.63.90 (None, )

ASN- ()
f.pudaf.com
1    2607:f8b0:4006:822::2002 (None, )

ASN- ()
pagead2.googlesyndication.com
Apex Domain
Subdomains		 Transfer
14 pu220ev.com
bonus-2-ca.pu220ev.com
1000 KB
6 recovery.express
recovery.express
ww1.recovery.express
5 KB
4 pudaf.com
fs.pudaf.com — Cisco Umbrella Rank: 619949
f.pudaf.com
75 KB
3 perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 42639
cas.avalon.perfdrive.com — Cisco Umbrella Rank: 12953
90 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
184 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 3
1 KB
2 wedlore-a.online
wedlore-a.online
21 KB
1 googlesyndication.com
pagead2.googlesyndication.com
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
1 gstatic.com
www.gstatic.com
216 KB
1 refpupp2020.com
refpupp2020.com
663 B
1 ngcluster-a.online
xml-v4.ngcluster-a.online
224 B
1 sedodna.com
xml.sedodna.com — Cisco Umbrella Rank: 301377
234 B
1 sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 65939
15 KB
33 14
Domain Requested by
14 bonus-2-ca.pu220ev.com wedlore-a.online
bonus-2-ca.pu220ev.com
5 ww1.recovery.express 2 redirects ww1.recovery.express
3 f.pudaf.com fs.pudaf.com
2 www.googletagmanager.com bonus-2-ca.pu220ev.com
www.googletagmanager.com
2 www.google.com bonus-2-ca.pu220ev.com
www.gstatic.com
2 cas.avalon.perfdrive.com cdn.perfdrive.com
2 wedlore-a.online 1 redirects ww1.recovery.express
1 pagead2.googlesyndication.com fs.pudaf.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 fs.pudaf.com bonus-2-ca.pu220ev.com
1 refpupp2020.com 1 redirects
1 xml-v4.ngcluster-a.online 1 redirects
1 cdn.perfdrive.com wedlore-a.online
1 xml.sedodna.com 1 redirects
1 img.sedoparking.com
1 recovery.express 1 redirects
33 17

This site contains links to these domains. Also see Links.

Domain
tdsio.com
Subject Issuer Validity Valid
wedlore-a.online
Amazon RSA 2048 M03		 2024-11-18 -
2025-12-17		 a year crt.sh
*.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2024-09-20 -
2025-09-26		 a year crt.sh
cas.avalon.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2024-07-26 -
2025-08-05		 a year crt.sh
pu220ev.com
WE1		 2024-10-13 -
2025-01-11		 3 months crt.sh
www.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.pinup-antifraud.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
frogo-aft.com
Amazon RSA 2048 M02		 2024-10-07 -
2025-11-05		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Frame ID: 92BE9201F24B7230F9BEFC9F6C028120
Requests: 31 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9ib251cy0yLWNhLnB1MjIwZXYuY29tOjQ0Mw..&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=ep0bn9tih6mh
Frame ID: 099809A32B93FF3FA6643098095F35B5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

7 500$ + 250 FS on the first deposit

Page URL History Show full URLs

  1. https://recovery.express/ HTTP 302
    http://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
    https://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
    http://ww1.recovery.express/?usid=24&utid=9166990938 Page URL
  2. http://ww1.recovery.express/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E... HTTP 302
    http://ww1.recovery.express/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E... HTTP 302
    http://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 307
    https://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 302
    http://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q HTTP 307
    https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q Page URL
  3. https://wedlore-a.online/api/v1/pxcheck?impId=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q&minfo=eyJjb29r... HTTP 302
    http://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0 HTTP 307
    https://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0 HTTP 302
    https://refpupp2020.com/qHiaoI1C/?subId1=act-516ea383ced5f826c27915455 HTTP 302
    https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

33
Requests

88 %
HTTPS

38 %
IPv6

14
Domains

17
Subdomains

13
IPs

3
Countries

1606 kB
Transfer

2788 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://recovery.express/ HTTP 302
    http://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
    https://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
    http://ww1.recovery.express/?usid=24&utid=9166990938 Page URL
  2. http://ww1.recovery.express/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5MzMyLjg0MzMyMTc2CXd3MS5yZWNvdmVyeS5leHByZXNzNjc0N2MyZTI4Nzk4YzguODEyMzAwMzYJMTczMjc1NjE5NQlhZF82M18w&l=ogcrXwgYp63RJxLA2U8BqgQs4Fs11WaXnKLK2-O7QF99WOeVzbF6LMhICpQmdCYaZCyVcimdv74Sjj1EahAT2Jutl-dNbWzjGDP9YQedW8uxfwka4vJVR8NJ3R3T0ps1iksq33bGkuHdXSEE7dNNrHK3u_9rEVWZtXYhOo5KwD_GTIgkZWPOkQo8zl9JqGl2XOGvYJOiBSo3TyY8YUDh39EGQfA6cWLRIfNkzVtG3aRgLdCz9hMhheDhoNa_B1dPuCvxcHkMFDocx8oW5q3Q9i6IZUXVl3oD1s-3L5VpCUPkvAP-DtWMK1CCd0_KKrNewUv1QmxWaQdLdTl91pzmxx2rd-kEJGtenZj9dKQtBt0hZeyrjSSVJpPLoAPRhv0Tc94Iy4gG238Sz-qG_UPInuJm6taFYzrgxseKXxCLFilus5FMUJzv_TnMSOM_jsihaCv1JjTnGSh4dxTKCshPQexEJi410oqAwSQtbx7WcMrVY7_dvxY1Q4DQhsp94-y8LtZsLva3KxwIrGzJiEvCHos6gFA2Itl5-vGCyEy9LPgA01iIESRCAPBSlCUGUJZv8_yoxFSuI2fZQQ45CoXCv83X1qdnH5dl3xzN995Ya10zK8mbsWCv2LyFJWnBmA9hu_mU25DdsF9uRWRs45rQDMLazxzdH4ugZiAcOtJCmKSVkgEhMDXaQP8ewTMCGGgI27-6gyOY03zN74 HTTP 302
    http://ww1.recovery.express/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5MzMyLjg0MzMyMTc2CXd3MS5yZWNvdmVyeS5leHByZXNzNjc0N2MyZTI4Nzk4YzguODEyMzAwMzYJMTczMjc1NjE5NQlhZF82M18w&l=ogcrXwgYp63RJxLA2U8BqgQs4Fs11WaXnKLK2-O7QF99WOeVzbF6LMhICpQmdCYaZCyVcimdv74Sjj1EahAT2Jutl-dNbWzjGDP9YQedW8uxfwka4vJVR8NJ3R3T0ps1iksq33bGkuHdXSEE7dNNrHK3u_9rEVWZtXYhOo5KwD_GTIgkZWPOkQo8zl9JqGl2XOGvYJOiBSo3TyY8YUDh39EGQfA6cWLRIfNkzVtG3aRgLdCz9hMhheDhoNa_B1dPuCvxcHkMFDocx8oW5q3Q9i6IZUXVl3oD1s-3L5VpCUPkvAP-DtWMK1CCd0_KKrNewUv1QmxWaQdLdTl91pzmxx2rd-kEJGtenZj9dKQtBt0hZeyrjSSVJpPLoAPRhv0Tc94Iy4gG238Sz-qG_UPInuJm6taFYzrgxseKXxCLFilus5FMUJzv_TnMSOM_jsihaCv1JjTnGSh4dxTKCshPQexEJi410oqAwSQtbx7WcMrVY7_dvxY1Q4DQhsp94-y8LtZsLva3KxwIrGzJiEvCHos6gFA2Itl5-vGCyEy9LPgA01iIESRCAPBSlCUGUJZv8_yoxFSuI2fZQQ45CoXCv83X1qdnH5dl3xzN995Ya10zK8mbsWCv2LyFJWnBmA9hu_mU25DdsF9uRWRs45rQDMLazxzdH4ugZiAcOtJCmKSVkgEhMDXaQP8ewTMCGGgI27-6gyOY03zN74 HTTP 302
    http://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 307
    https://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 302
    http://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q HTTP 307
    https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q Page URL
  3. https://wedlore-a.online/api/v1/pxcheck?impId=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTMxLjAuMC4wIFNhZmFyaS81MzcuMzYiLCJpZnJhbWUiOmZhbHNlLCJkZXZpY2VQaXhlbFJhdGlvIjoxLCJ3bmRMb2NIcmVmIjoiaHR0cHM6Ly93ZWRsb3JlLWEub25saW5lL2FwaS92MS9weD94bWxpZD02ZmhhcXgzZUt6RzBCcmFrMkViRGYzb2VVSGV3UjJCcW9PS3pwRTlxIiwiZGV2aWNlU3JlZW5TaXplIjoiMTIwMHgxNjAwIiwiZGV2aWNlV2luZG93U2l6ZSI6IjEyMDB4MTYwMCIsInduZDJzcmNSYXRpb0x3cjA2IjpmYWxzZSwiZWZmZWN0aXZlVHlwZSI6IjRnIiwidHoiOjQ4MCwidHpJbnRsIjoiQW1lcmljYS9WYW5jb3V2ZXIiLCJpc0JvdCI6ZmFsc2UsImZCb3ROYW1lIjoiIiwiZlJlYXNvbnMiOiIifQ== HTTP 302
    http://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0 HTTP 307
    https://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0 HTTP 302
    https://refpupp2020.com/qHiaoI1C/?subId1=act-516ea383ced5f826c27915455 HTTP 302
    https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://recovery.express/ HTTP 302
  • http://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
  • https://ww1.recovery.express/?usid=24&utid=9166990938 HTTP 307
  • http://ww1.recovery.express/?usid=24&utid=9166990938
Request Chain 4
  • http://ww1.recovery.express/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5MzMyLjg0MzMyMTc2CXd3MS5yZWNvdmVyeS5leHByZXNzNjc0N2MyZTI4Nzk4YzguODEyMzAwMzYJMTczMjc1NjE5NQlhZF82M18w&l=ogcrXwgYp63RJxLA2U8BqgQs4Fs11WaXnKLK2-O7QF99WOeVzbF6LMhICpQmdCYaZCyVcimdv74Sjj1EahAT2Jutl-dNbWzjGDP9YQedW8uxfwka4vJVR8NJ3R3T0ps1iksq33bGkuHdXSEE7dNNrHK3u_9rEVWZtXYhOo5KwD_GTIgkZWPOkQo8zl9JqGl2XOGvYJOiBSo3TyY8YUDh39EGQfA6cWLRIfNkzVtG3aRgLdCz9hMhheDhoNa_B1dPuCvxcHkMFDocx8oW5q3Q9i6IZUXVl3oD1s-3L5VpCUPkvAP-DtWMK1CCd0_KKrNewUv1QmxWaQdLdTl91pzmxx2rd-kEJGtenZj9dKQtBt0hZeyrjSSVJpPLoAPRhv0Tc94Iy4gG238Sz-qG_UPInuJm6taFYzrgxseKXxCLFilus5FMUJzv_TnMSOM_jsihaCv1JjTnGSh4dxTKCshPQexEJi410oqAwSQtbx7WcMrVY7_dvxY1Q4DQhsp94-y8LtZsLva3KxwIrGzJiEvCHos6gFA2Itl5-vGCyEy9LPgA01iIESRCAPBSlCUGUJZv8_yoxFSuI2fZQQ45CoXCv83X1qdnH5dl3xzN995Ya10zK8mbsWCv2LyFJWnBmA9hu_mU25DdsF9uRWRs45rQDMLazxzdH4ugZiAcOtJCmKSVkgEhMDXaQP8ewTMCGGgI27-6gyOY03zN74 HTTP 302
  • http://ww1.recovery.express/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5MzMyLjg0MzMyMTc2CXd3MS5yZWNvdmVyeS5leHByZXNzNjc0N2MyZTI4Nzk4YzguODEyMzAwMzYJMTczMjc1NjE5NQlhZF82M18w&l=ogcrXwgYp63RJxLA2U8BqgQs4Fs11WaXnKLK2-O7QF99WOeVzbF6LMhICpQmdCYaZCyVcimdv74Sjj1EahAT2Jutl-dNbWzjGDP9YQedW8uxfwka4vJVR8NJ3R3T0ps1iksq33bGkuHdXSEE7dNNrHK3u_9rEVWZtXYhOo5KwD_GTIgkZWPOkQo8zl9JqGl2XOGvYJOiBSo3TyY8YUDh39EGQfA6cWLRIfNkzVtG3aRgLdCz9hMhheDhoNa_B1dPuCvxcHkMFDocx8oW5q3Q9i6IZUXVl3oD1s-3L5VpCUPkvAP-DtWMK1CCd0_KKrNewUv1QmxWaQdLdTl91pzmxx2rd-kEJGtenZj9dKQtBt0hZeyrjSSVJpPLoAPRhv0Tc94Iy4gG238Sz-qG_UPInuJm6taFYzrgxseKXxCLFilus5FMUJzv_TnMSOM_jsihaCv1JjTnGSh4dxTKCshPQexEJi410oqAwSQtbx7WcMrVY7_dvxY1Q4DQhsp94-y8LtZsLva3KxwIrGzJiEvCHos6gFA2Itl5-vGCyEy9LPgA01iIESRCAPBSlCUGUJZv8_yoxFSuI2fZQQ45CoXCv83X1qdnH5dl3xzN995Ya10zK8mbsWCv2LyFJWnBmA9hu_mU25DdsF9uRWRs45rQDMLazxzdH4ugZiAcOtJCmKSVkgEhMDXaQP8ewTMCGGgI27-6gyOY03zN74 HTTP 302
  • http://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 307
  • https://xml.sedodna.com/click?i=sIzbPSFS01E_0 HTTP 302
  • http://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q HTTP 307
  • https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ww1.recovery.express/
Redirect Chain
  • https://recovery.express/
  • http://ww1.recovery.express/?usid=24&utid=9166990938
  • https://ww1.recovery.express/?usid=24&utid=9166990938
  • http://ww1.recovery.express/?usid=24&utid=9166990938
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww1.recovery.express/?usid=24&utid=9166990938
Protocol
HTTP/1.1
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
91ff4be2ee7a9cfd77f658e7bb87b51c2ab878f54904955f07ee72e029c82258

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 28 Nov 2024 01:09:55 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Thu, 28 Nov 2024 01:09:54 GMT
pragma
no-cache
server
Parking/1.0
transfer-encoding
chunked
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_SR2AVqrwQrcAl+G25ygZDfMjW3xLT9m3jn9XGVgVQmqopdCGfq1BXXpSFSSlZUpWFrzLcf2owrw6bpXYJcueLw==
x-cache-miss-from
parking-7ffff5845f-cjvf9

Redirect headers

Location
http://ww1.recovery.express/?usid=24&utid=9166990938
Non-Authoritative-Reason
HttpsUpgrades
js_preloader.gif
ww1.recovery.express/img.sedoparking.com/images/ 		0
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ww1.recovery.express/img.sedoparking.com/images/js_preloader.gif
Requested by
Host: ww1.recovery.express
URL: http://ww1.recovery.express/?usid=24&utid=9166990938
Protocol
HTTP/1.1
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://ww1.recovery.express/?usid=24&utid=9166990938

Response headers

date
Thu, 28 Nov 2024 01:09:55 GMT
server
Parking/1.0
content-length
0
tsc.php
ww1.recovery.express/search/ 		0
181 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://ww1.recovery.express/search/tsc.php?ses=ogch-RZM4AYns4Wnr5LTfGzVmf-d7p_Kk8kABVfB9Gmr24ZMXqAqBIB_UsZ-EPU6fkzXucKlVEBuUEBQI6RC5rZ_ZHzFEUBBmcvikXj0cHytHJ7vRXp4p3KDhwTR6xjn3p3b8wgQiPQWffmpUWWs5WCZKJqX1L4zM1g08SpQJUX80s5yWp5RKExOxev0pnkWhKekH3xJUJUcs6P3_mNZ_CstLgly1Rr-Ky_RGUtMHSQzoF7Cq0E4ElSLKNYmaSlzelTJs7zmxNMf08T429qxFOyaFGajCc9ZDC-Gng0ims5jIKiv3NyHIzRAClh0cX434rowjhswmTeYloNCPreTN1c668RzT6qQmJfzJpw2bJVGKyxw4oV5lx5c9T9uuqt&cv=2
Requested by
Host: ww1.recovery.express
URL: http://ww1.recovery.express/?usid=24&utid=9166990938
Protocol
HTTP/1.1
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://ww1.recovery.express/?usid=24&utid=9166990938

Response headers

x-cache-miss-from
parking-7ffff5845f-cjvf9
content-length
0
date
Thu, 28 Nov 2024 01:09:55 GMT
content-type
text/html; charset=UTF-8
server
Parking/1.0
sedo_logo.png
img.sedoparking.com/templates/logos/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://img.sedoparking.com/templates/logos/sedo_logo.png
Protocol
HTTP/1.1
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
http://ww1.recovery.express/

Response headers

X-CF2
H
Expires
Thu, 05 Dec 2024 01:09:55 GMT
X-CF1
11696:fF.yyz1:cf:nom:cacheN.yyz1-01:H
Date
Thu, 28 Nov 2024 01:09:55 GMT
CF4ttl
31536000.000
Content-Type
image/png
X-CFF
B
Last-Modified
Mon, 11 Jan 2021 07:44:34 GMT
X-CF-ReqID
e64583e47aad216889429e18d8bce601
CF4Age
0
Cache-Control
max-age=604800
X-CF3
H
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
15086
X-CFHash
"def00c11b1596db4efee6a9fbe64fc27"
x-cf-tsc
1721143080
Server
CFS 0215
px
wedlore-a.online/api/v1/
Redirect Chain
  • http://ww1.recovery.express/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5...
  • http://ww1.recovery.express/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DsIzbPSFS01E_0&v=NDE3ZmQwOWRjNTAxNTY4ZmFhM2E5YzI0NGRiM2ViOWQJMQl3dzEucmVjb3ZlcnkuZXhwcmVzczY3NDdjMmUyODc5...
  • http://xml.sedodna.com/click?i=sIzbPSFS01E_0
  • https://xml.sedodna.com/click?i=sIzbPSFS01E_0
  • http://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
  • https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
114 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
Requested by
Host: ww1.recovery.express
URL: http://ww1.recovery.express/?usid=24&utid=9166990938
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.224.234 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ab226b763647f1870.awsglobalaccelerator.com
Software
/
Resource Hash
ca1fc477693507a29e9f0221dfa50e535205e1fb1069d3b32843dd5097b3b2e5

Request headers

Referer
http://ww1.recovery.express/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 28 Nov 2024 01:09:57 GMT
etag
W/"1c9d1-1m4tvL73NeBBnWUIr6wHLCKl6Oc"
vary
Accept-Encoding

Redirect headers

Location
https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
Non-Authoritative-Reason
HttpsUpgrades
stormcaster.js
cdn.perfdrive.com/advanced/ 		240 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/advanced/stormcaster.js
Requested by
Host: wedlore-a.online
URL: https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.10.1 /
Resource Hash
06355098292635455e261866d3ae12f98ce81e3dac79295425ed5863e823e79f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://wedlore-a.online/

Response headers

cache-control
max-age=3600,public
content-encoding
gzip
etag
W/"6718b9f0-3bf3a"
age
2849
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
91395
date
Thu, 28 Nov 2024 00:22:28 GMT
last-modified
Wed, 23 Oct 2024 08:55:12 GMT
content-type
application/javascript
server
nginx/1.10.1
vary
Accept-Encoding
jsdata
cas.avalon.perfdrive.com/ 		360 B
505 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://wedlore-a.online/

Response headers

via
1.1 google
x-response-time
0ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
360
date
Thu, 28 Nov 2024 01:09:57 GMT
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		255 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/advanced/stormcaster.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://wedlore-a.online/

Response headers

via
1.1 google
x-response-time
0ms
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
255
date
Thu, 28 Nov 2024 01:09:57 GMT
content-type
text/plain; charset=UTF-8
Primary Request /
bonus-2-ca.pu220ev.com/
Redirect Chain
  • https://wedlore-a.online/api/v1/pxcheck?impId=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q&minfo=eyJjb29raWVEaXNhYmxlZCI6ZmFsc2UsInVhIjoiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81Mzcu...
  • http://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0
  • https://xml-v4.ngcluster-a.online/click?i=kMb*Y0yJfbw_0
  • https://refpupp2020.com/qHiaoI1C/?subId1=act-516ea383ced5f826c27915455
  • https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=q...
15 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Requested by
Host: wedlore-a.online
URL: https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
257d9751e0900479ad6d273534aa91e4d228ef801015812ae2ec437a1010b366

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8e9679c2cbdb41af-EWR
content-encoding
br
content-type
text/html
date
Thu, 28 Nov 2024 01:09:59 GMT
last-modified
Wed, 02 Oct 2024 10:41:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IqTllHUuFNbCRoqXeISoIva5ttSz3D0LL%2By2%2FsJc3Gz7S0JJkcTxo7d6rEn2i90Y9DlIwkNTCrSmMpMr7SxIcVLUGi7bDIHNkCrFGPfgaQX1rRbEqHBnVaEUCF7uqaop0o3byTOIla83ggkqmwARye%2FDMyQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=18429&min_rtt=17769&rtt_var=5037&sent=7&recv=8&lost=0&retrans=0&sent_bytes=4022&recv_bytes=2553&delivery_rate=225938&cwnd=254&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=268&x=0"
vary
Accept-Encoding

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
8e9679c0991136cd-YYZ
content-length
0
date
Thu, 28 Nov 2024 01:09:58 GMT
location
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
main.css
bonus-2-ca.pu220ev.com/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/main.css
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6033ab8cc4c0b2669e0f019402db4d9f2dc2097a7f5e61428b2f0f1d57d926a8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66fd2349-6fb8"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADsoCsRaKQFWlyfW9LBxkYgOTqoy4K9FPkLKkSIK%2B0JUDXCk5hMCUBom1w%2Bg%2BIESReEVAo01NWUHqzBQgpcCx4oLnhwAmaNHkkPt8bgF9gCwHUcw%2FQU7omdCVeEV%2FiuRrHtNT9vsk6yLuGUZBzhPcAF5wt4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c48e1b41af-EWR
server-timing
cfL4;desc="?proto=TCP&rtt=18412&min_rtt=17769&rtt_var=3812&sent=21&recv=10&lost=0&retrans=0&sent_bytes=12792&recv_bytes=3101&delivery_rate=520417&cwnd=254&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=378&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
text/css
last-modified
Wed, 02 Oct 2024 10:41:13 GMT
vary
Accept-Encoding
server
cloudflare
logo-casino.svg
bonus-2-ca.pu220ev.com/img/logo/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/logo/logo-casino.svg
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b9290068ee0d05b349b38dfeb32c6b1b85c1bf8df933436caeb9aa1b66da52c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"66fd2342-1c41"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BPpYiBKsqZpDMv8CLUU1Pyr81KPiLGZbO%2FQhT7ou5G%2BzjlVheyJumpWVjQsz5tyYrxMffYhwRkGUb1wyncQH3%2F7RZaLEbHzZIQ%2FvfxCqHtuXKUTf2BCBPVPQ4ZOLBG%2BHL%2F3mxhIS1I3QlakDPHQEd4Zq44%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c48e1c41af-EWR
server-timing
cfL4;desc="?proto=TCP&rtt=18412&min_rtt=17769&rtt_var=3812&sent=15&recv=10&lost=0&retrans=0&sent_bytes=9385&recv_bytes=3101&delivery_rate=520417&cwnd=254&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=367&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/svg+xml
last-modified
Wed, 02 Oct 2024 10:41:06 GMT
vary
Accept-Encoding
server
cloudflare
enterprise.js
www.google.com/recaptcha/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a96509dc9cf8196b5b096061e07ecefaf590fa78833554979275dfab3f5735e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

cache-control
private, max-age=300
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options
nosniff
expires
Thu, 28 Nov 2024 01:09:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date
Thu, 28 Nov 2024 01:09:59 GMT
x-xss-protection
0
content-type
text/javascript; charset=utf-8
server
ESF
x-frame-options
SAMEORIGIN
bundle.js
bonus-2-ca.pu220ev.com/ 		85 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/bundle.js
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f686a91fb1e299e757f84c1391adfbf89d515d6334c931026601128101883a0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66fd233f-15533"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G8nO7jiTN1pzHc1KwIgfac4Q4m0MLGNLFNwzW8BeQjaThuYDpO8QweQdNfrygVOX%2BaJKwBBwOhA9RXb%2BNVorFIncVEEsLuXJmk%2F1a1G%2FpCxREcGzQneWkjtZnzXX187JDdj0JN4%2Bo6h4rvj0rV93%2BXGIbFY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c4de7a41af-EWR
server-timing
cfL4;desc="?proto=TCP&rtt=18585&min_rtt=17769&rtt_var=1624&sent=29&recv=17&lost=0&retrans=0&sent_bytes=19111&recv_bytes=3175&delivery_rate=664016&cwnd=254&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=412&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
application/javascript
last-modified
Wed, 02 Oct 2024 10:41:03 GMT
vary
Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/ 		229 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TZJH477
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5189c05de05a36b631d2f3736b09890432a8c02ec011c44c4c5f76a7fa03b7ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Thu, 28 Nov 2024 01:09:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 28 Nov 2024 00:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81693
x-xss-protection
0
server
Google Tag Manager
fp.js
fs.pudaf.com/ 		242 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fs.pudaf.com/fp.js
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.196.197.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-197-52.eu-central-1.compute.amazonaws.com
Software
nginx/1.27.2 /
Resource Hash
2605c063257beca9b2bfba501c645a3b32eb15e364859ad01b935cc286aea016

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

content-encoding
gzip
date
Thu, 28 Nov 2024 01:09:59 GMT
etag
W/"671b9df7-3c6b8"
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 13:32:39 GMT
server
nginx/1.27.2
bg.jpg
bonus-2-ca.pu220ev.com/img/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/bg.jpg
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
404a9c751e536131070b43ce6f32252735149dc98ca827c68ffa7fa80e5432bc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cf-bgj
h2pri
etag
"66fd2343-1363b"
age
4528
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sTzPmsLaabb9w5DUNzEh%2BUm5KC6tkn2plADrC%2BuOza6CqSNoqN7pNtnH0D22LlGAgJ5ifXkoitPfOa%2FfUA7VJz4UwLV8WbLIESd6wHDUFjwc9WGXSD%2FcG%2Fs9cN2649Zipz9XIHMfBr1HWgZOL%2FGzDec8Tk%3D"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=18233&min_rtt=17749&rtt_var=759&sent=248&recv=23&lost=0&retrans=0&sent_bytes=303253&recv_bytes=3402&delivery_rate=1562363&cwnd=254&unsent_bytes=56047&cid=cf1d5395e07f6e93&ts=456&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/jpeg
last-modified
Wed, 02 Oct 2024 10:41:07 GMT
vary
Accept-Encoding
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e9679c51ecb41af-EWR
accept-ranges
bytes
content-length
79419
server
cloudflare
body-bottom-mask.png
bonus-2-ca.pu220ev.com/img/ 		153 KB
153 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/body-bottom-mask.png
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc5e0b7f4ef4a7476fe76dc84bbfb9e4bcd40311848ef885a906e5f05bfde858

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2342-262a5"
age
4528
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i7HeH2ziVU3IjJkNw99SZZMAmoLeKAXqkLv2TyX4ygiVEBBRXqXyFbuNUOUUqz19oXGOUVa8C7cCHQssu%2BdLvoLBzirM6TI25Q6P0IS9fkf9l8GWE%2FKA%2Bjl770nJa4NmYGXwUwYhNzXTjhVJv%2BpEBeWS%2BY8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c51ecf41af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18233&min_rtt=17749&rtt_var=759&sent=50&recv=23&lost=0&retrans=0&sent_bytes=40853&recv_bytes=3402&delivery_rate=1562363&cwnd=254&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=449&x=0"
content-length
156325
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/png
last-modified
Wed, 02 Oct 2024 10:41:06 GMT
vary
Accept-Encoding
server
cloudflare
title-second.png
bonus-2-ca.pu220ev.com/img/ 		234 KB
235 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/title-second.png
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fe773267ce0a192460ff6d5b4c9f7a1e95ac5110f5a7735df6e40b2f6abb3e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2343-3a815"
age
4528
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CUCuVVJHYWfukYIvkbsOTE6YTqk1QzgGC4ewq484mHic1Ew%2F%2FsgXvXcd2T3owgty7ZsESkeKGhnf0tH3TUZwFBqGQxDlcPv0aSu0bTJlv9FLt%2BIYnouf2y2%2BkbAquqApl1LDy3GyRlwQhPMm7Rv2lLtwD38%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c51ed041af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18233&min_rtt=17749&rtt_var=759&sent=164&recv=23&lost=0&retrans=0&sent_bytes=189300&recv_bytes=3402&delivery_rate=1562363&cwnd=254&unsent_bytes=9470&cid=cf1d5395e07f6e93&ts=450&x=0"
content-length
239637
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/png
last-modified
Wed, 02 Oct 2024 10:41:07 GMT
vary
Accept-Encoding
server
cloudflare
down-arrow.svg
bonus-2-ca.pu220ev.com/img/ 		198 B
662 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/down-arrow.svg
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aae43b57499395dbc0ab1d25b2bffb2c58cacfd7bfc316b1c8bc270e77b88ad3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"66fd2341-c6"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CN03fLZOVaezYtirae0o%2BT1KwRD75K%2FSolTbI1CeSOg%2B2NWVGd9NjKfFBxzNFFXQFZJ6GkpcDYm%2Fc%2FXRLsdoA4wtHEieH1RENsS%2Fclnf1crS6Uf%2Bnb48MdYU2MlLDY9BIiHzDdwKRnvNX2XdhFQ0T6r%2FaGw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c54f0a41af-EWR
server-timing
cfL4;desc="?proto=TCP&rtt=18102&min_rtt=17749&rtt_var=162&sent=409&recv=40&lost=0&retrans=0&sent_bytes=519969&recv_bytes=4128&delivery_rate=11935641&cwnd=408&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=480&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/svg+xml
last-modified
Wed, 02 Oct 2024 10:41:05 GMT
vary
Accept-Encoding
server
cloudflare
checkbox.svg
bonus-2-ca.pu220ev.com/img/ 		436 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/checkbox.svg
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2808d52d7b3b234994a277cf161714260d7b3f86cdc1b02ac74f0749434b8cb8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"66fd2341-1b4"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oxJCgHitTRQmZFycqjpqC5OSXKqUtEx6RnnBSxFDu1JlnAKuiwboxV1tdIlGHSc9dTgR%2BIXPa7TJV5BABs%2FQn6NvyjyPK3l6R3ZjPHIYg3kgfWVGXAmIFTtUNKm11Nex6T%2B4tI9DtnWMCGkH8vefI5SYhW8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c54f0b41af-EWR
server-timing
cfL4;desc="?proto=TCP&rtt=18102&min_rtt=17749&rtt_var=162&sent=446&recv=40&lost=0&retrans=0&sent_bytes=565653&recv_bytes=4128&delivery_rate=11935641&cwnd=408&unsent_bytes=63920&cid=cf1d5395e07f6e93&ts=483&x=0"
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/svg+xml
last-modified
Wed, 02 Oct 2024 10:41:05 GMT
vary
Accept-Encoding
server
cloudflare
person.png
bonus-2-ca.pu220ev.com/img/ 		287 KB
288 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/person.png
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c66b7a40f17c5c03ca53de19f09a371561f16e3e2bef6fda6b29e9ec673502cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2341-47d29"
age
4528
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PfmE26GBXz%2B%2B0DTSunC8UzuaqlwFZcFRvhJH7wVxAK2ZjjoCsWwCmg3vmVTNO9rrEBUFiUwt1bcr42Tw0xdv2RVqEbwr2svrrBxY5ND3Bja97cEbuRoH2Jv9oFT2ydubQH%2BUZAkDwP8PdLsTDwGCEzEqoAw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c54f0d41af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18102&min_rtt=17749&rtt_var=162&sent=446&recv=40&lost=0&retrans=0&sent_bytes=565653&recv_bytes=4128&delivery_rate=11935641&cwnd=408&unsent_bytes=63920&cid=cf1d5395e07f6e93&ts=482&x=0"
content-length
294185
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/png
last-modified
Wed, 02 Oct 2024 10:41:05 GMT
vary
Accept-Encoding
server
cloudflare
Pinup-Black.woff
bonus-2-ca.pu220ev.com/fonts/src/fonts/Pinup-Black/ 		100 KB
100 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/fonts/src/fonts/Pinup-Black/Pinup-Black.woff
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24b3dfeb12de920eb1bf00a64722af89806fba095587a2db3f526974ffb8ae00

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bonus-2-ca.pu220ev.com
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2340-18f14"
age
4336
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9emBlXCUSNg7l8%2Ba7deIYIHcAcDddFyFMq%2BtSp%2FR1JA4WllHk4b5aoVBavzHtY0SP%2B%2F7qISWpn1s3Gtd7ezEOsRxOMBL8jdzZCI4Q6e07UdQEksmhhbNiJKtjB%2F7ryZe7UFPySgO6q9syxHhHZLMS6ZL74U%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c54f0f41af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18102&min_rtt=17749&rtt_var=162&sent=446&recv=40&lost=0&retrans=0&sent_bytes=565653&recv_bytes=4128&delivery_rate=11935641&cwnd=408&unsent_bytes=53480&cid=cf1d5395e07f6e93&ts=481&x=0"
content-length
102164
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
font/woff
last-modified
Wed, 02 Oct 2024 10:41:04 GMT
vary
Accept-Encoding
server
cloudflare
Pinup-Regular.woff
bonus-2-ca.pu220ev.com/fonts/src/fonts/Pinup-Regular/ 		95 KB
96 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/fonts/src/fonts/Pinup-Regular/Pinup-Regular.woff
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcaee6621eeef1beed0cefc75fddf538a4c7dd951f42f83c0ce24e6020df428c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bonus-2-ca.pu220ev.com
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2340-17d34"
age
4336
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qhaFqfnx6lOIAV8q2rTbhK5Zeqnz%2FYFFqaxk9wEFkZEQMOETgbKoKXkfGIv7H48v6dwjXoSGuQ2gjUMy2vEWuitJByHXTwJ05JQs9GbToHxWiH6NXYY2CPYSTBxvnbRNSmluk2mqc3%2BVV1vB26UtoNvwGc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c54f1041af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18102&min_rtt=17749&rtt_var=162&sent=412&recv=40&lost=0&retrans=0&sent_bytes=520697&recv_bytes=4128&delivery_rate=11935641&cwnd=408&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=481&x=0"
content-length
97588
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
font/woff
last-modified
Wed, 02 Oct 2024 10:41:04 GMT
vary
Accept-Encoding
server
cloudflare
recaptcha__en.js
www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/ 		547 KB
216 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bonus-2-ca.pu220ev.com
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

content-encoding
gzip
age
32422
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options
nosniff
expires
Thu, 27 Nov 2025 16:09:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 27 Nov 2024 16:09:37 GMT
last-modified
Mon, 11 Nov 2024 05:00:22 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges
bytes
access-control-allow-origin
*
content-length
220753
x-xss-protection
0
server
sffe
canada.png
bonus-2-ca.pu220ev.com/img/country/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bonus-2-ca.pu220ev.com/img/country/canada.png
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7cbef648352dd4fdf2687cb3285bb1abe164a45e2eb258fb883e81b58514c8ef

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2345-435"
age
2849
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BUG7SWP5kT%2BlqSkqJ2RV4PELA7hwqtyXpNHbIzcm1SSToqX7E%2BsSotzRwJjp%2FmoqA4NXvmGnu5EzNsR116r%2F0zfgm9C%2FD9dMDdVvV3es%2FMn6QIJ8LSRmfKnEVS97hCNje2zTu1%2Fzt0SYIb138nE8MmsA%2B6U%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c7ea4841af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18399&min_rtt=17691&rtt_var=235&sent=793&recv=96&lost=0&retrans=0&sent_bytes=1029944&recv_bytes=4271&delivery_rate=12244150&cwnd=691&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=903&x=0"
content-length
1077
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
image/png
last-modified
Wed, 02 Oct 2024 10:41:09 GMT
vary
Accept-Encoding
server
cloudflare
icomoon.ttf
bonus-2-ca.pu220ev.com/fonts/src/icon-fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bonus-2-ca.pu220ev.com/fonts/src/icon-fonts/icomoon.ttf
Requested by
Host: bonus-2-ca.pu220ev.com
URL: https://bonus-2-ca.pu220ev.com/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:3d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
380df99cc614fd546b3d6a879abaca59ab21f1a96c33fdebda416f08a8e1f533

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://bonus-2-ca.pu220ev.com
Referer
https://bonus-2-ca.pu220ev.com/main.css

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
HIT
etag
"66fd2341-2a48"
age
1874
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGNSaieETvmzbrxmbKWpVXmmuxdw8VKgyNO7c9M0SFhylgxVKVQU89tF48Z5IZetTRo3%2B6op67Cr%2F9oBgMIUhCj65WajM7mC5mT%2FnexAX5puydETijxpX29eCU2892GFjqaQOpbTgoYv8kTS%2Fux4ppQ30Oo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e9679c7ea4941af-EWR
accept-ranges
bytes
server-timing
cfL4;desc="?proto=TCP&rtt=18399&min_rtt=17691&rtt_var=235&sent=783&recv=96&lost=0&retrans=0&sent_bytes=1018538&recv_bytes=4271&delivery_rate=12244150&cwnd=691&unsent_bytes=0&cid=cf1d5395e07f6e93&ts=903&x=0"
content-length
10824
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
application/octet-stream
last-modified
Wed, 02 Oct 2024 10:41:05 GMT
vary
Accept-Encoding
server
cloudflare
js
www.googletagmanager.com/gtag/ 		303 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FSDW78HQ4L&l=dataLayer&cx=c&gtm=45He4bk0v893121458za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TZJH477
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fde8f17e5e4931185d416955d3726fa57b63dbe11d34a228643516eff10ae2a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Thu, 28 Nov 2024 01:09:59 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 28 Nov 2024 01:09:59 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
105627
x-xss-protection
0
server
Google Tag Manager
collect
region1.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FSDW78HQ4L&gtm=45je4bk0v893553001z8893121458za200zb893121458&_p=1732756199150&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102077855~102081485&cid=47344491.1732756200&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1732756199&sct=1&seg=0&dl=https%3A%2F%2Fbonus-2-ca.pu220ev.com%2F%3Fform_email%3D%257Bform_email%257D%26form_phone%3D%257Bform_phone%257D%26lang%3Den-ca%26lrrPath%3Dcasino%26p_id%3D%257Bp_id%257D%26pc%3D30%26s1%3Dact-516ea383ced5f826c27915455%26s2%3D%26s3%3D%26s4%3D%26s5%3D%26source%3D%26st%3DqHiaoI1C%26startTime%3D1732756198566936846%26trId%3Dct3s5pj3gtht4fm405i0&dt=7%20500%24%20%2B%20250%20FS%20on%20the%20first%20deposit&en=page_view&_fv=1&_nsi=1&_ss=1&ep.timestamp=2024-11-27T17%3A09%3A59.712-08%3A00&ep.gtm_version=GTM-TZJH477%20%7C%20v.%204&up.clientId=&tfd=2109
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FSDW78HQ4L&l=dataLayer&cx=c&gtm=45He4bk0v893121458za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://bonus-2-ca.pu220ev.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 28 Nov 2024 01:10:00 GMT
content-type
text/plain
server
Golfe2
anchor
www.google.com/recaptcha/enterprise/ Frame 0998 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9ib251cy0yLWNhLnB1MjIwZXYuY29tOjQ0Mw..&hl=en&v=pPK749sccDmVW_9DSeTMVvh2&size=invisible&cb=ep0bn9tih6mh
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/pPK749sccDmVW_9DSeTMVvh2/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:808::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-5rJiC0vDlpiy4Az_hYjyOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bonus-2-ca.pu220ev.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-5rJiC0vDlpiy4Az_hYjyOg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Thu, 28 Nov 2024 01:10:00 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
p
f.pudaf.com/ 		137 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://f.pudaf.com/p
Requested by
Host: fs.pudaf.com
URL: https://fs.pudaf.com/fp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.90 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
738c51e65bb1ea3cb424c4b609405465b282ac3b191d4abfed910065b7b71c6d

Request headers

ak
vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
Referer
https://bonus-2-ca.pu220ev.com/
x-ctr
9lLLt-qDKUbiKts29mxfjw
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/html, text/plain
ri
a1d8f623f95a40258876d7b14aad75bf
Content-Type
application/octet-stream
si
6089947889ca4d059a7ae94068bfce1d

Response headers

access-control-max-age
43200
access-control-expose-headers
If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
etag
6747c2ea7d721f3e98bb5a40
accept-ch
sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
x-trace-id
c92aa950634cc77de10bdb0b7cb943b2
via
1.1 c9bef6d423a5d23e0ca5e2af8503331c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
137
x-amz-cf-id
TOsrHB07UmKyNcdVdEXfWVBT0N_9j9xXGxUtO8p5zA-QuWTD0AjOpw==
date
Thu, 28 Nov 2024 01:10:02 GMT
content-type
application/json
last-modified
Thu, 28 Nov 2024 01:08:22 GMT
x-amz-cf-pop
EWR53-C1
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: fs.pudaf.com
URL: https://fs.pudaf.com/fp.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://bonus-2-ca.pu220ev.com/

Response headers

content-encoding
br
etag
18195904499722301441
x-content-type-options
nosniff
expires
Thu, 28 Nov 2024 01:10:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Thu, 28 Nov 2024 01:10:01 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53325
x-xss-protection
0
server
cafe
p
f.pudaf.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://f.pudaf.com/p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.90 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ak,content-type,ri,si,x-ctr
Access-Control-Request-Method
POST
Origin
https://bonus-2-ca.pu220ev.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,Content-Length,Content-Type,if-none-match,x-ctr,ak,si,ui,ri
access-control-allow-methods
GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-origin
*
access-control-expose-headers
If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
access-control-max-age
43200
date
Thu, 28 Nov 2024 01:10:02 GMT
vary
Access-Control-Request-Method, Access-Control-Request-Headers, Origin
via
1.1 c9bef6d423a5d23e0ca5e2af8503331c.cloudfront.net (CloudFront)
x-amz-cf-id
g3d-_Pk4O6QO1yujAG0PQBW0XG6lmizisMUDhw5BPZBSubkDEsHiXg==
x-amz-cf-pop
EWR53-C1
x-cache
Miss from cloudfront
p
f.pudaf.com/ 		137 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://f.pudaf.com/p
Requested by
Host: fs.pudaf.com
URL: https://fs.pudaf.com/fp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.90 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
738c51e65bb1ea3cb424c4b609405465b282ac3b191d4abfed910065b7b71c6d

Request headers

ak
vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
Referer
https://bonus-2-ca.pu220ev.com/
x-ctr
hi3P1j0EO-psSWovHcoC4A
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/html, text/plain
ri
a1d8f623f95a40258876d7b14aad75bf
Content-Type
application/octet-stream
si
6089947889ca4d059a7ae94068bfce1d

Response headers

access-control-max-age
43200
access-control-expose-headers
If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
etag
6747c2ebc0013d003364c4a5
accept-ch
sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
x-trace-id
67af5ee7498fe37296c770169010f6e7
via
1.1 c9bef6d423a5d23e0ca5e2af8503331c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
137
x-amz-cf-id
X9JROJnjj5dYe17t8kFWK4n0Qmb7KWMQby2tUEiiMjlTDFZumqdf2Q==
date
Thu, 28 Nov 2024 01:10:03 GMT
content-type
application/json
last-modified
Thu, 28 Nov 2024 01:08:23 GMT
x-amz-cf-pop
EWR53-C1

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| landingConfig object| dataLayer string| afto function| aft object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| links object| pageState object| phonePattern object| formNotif string| formMode object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal object| recaptcha object| closure_lm_288085 object| aftStore function| aftUUID function| aftSID function| aftGenSID function| startBBClicker function| stopBBClicker string| afti

15 Cookies

Domain/Path Name / Value
.wedlore-a.online/ Name: __ssds
Value: 2
.wedlore-a.online/ Name: __ssuzjsr2
Value: a9be0cd8e
.wedlore-a.online/ Name: __uzmaj2
Value: 393fd778-ab84-4351-a154-671af64daf55
.wedlore-a.online/ Name: __uzmbj2
Value: 1732756197
.wedlore-a.online/ Name: __uzmcj2
Value: 762841035342
.wedlore-a.online/ Name: __uzmdj2
Value: 1732756197
.wedlore-a.online/ Name: __uzmlj2
Value: Ljxw4ASWcq+Tv1pbBV0FBsUkoKRT/pNNMa6zZzS3MlU=
.wedlore-a.online/ Name: __uzmfj2
Value: 7f600049e27bbf-bdc6-49bd-a433-4782633720eb17327561979280-fd3a0b66a7b412ee10
refpupp2020.com/ Name: click-2024-11-28
Value: ",qHiaoI1C"
.refpupp2020.com/ Name: __cf_bm
Value: LL_qnQYexZ5tGMdXEJYkyO0Rl0pBUkleY7gzMI_wyEg-1732756198-1.0.1.1-g.xu.lGkF4tqbPlDElntYybU5il05pvZutdvD0InyGFBay3QrbJf2NHvlCMQFf.gBxH3f_Fa4LZdNiWXpyX7Hw
refpupp2020.com/ Name: __cflb
Value: 02DiuD27RCKFLAvvEgqM7tSaGE3iYdMD9jeN412uXbGur
.pu220ev.com/ Name: __cf_bm
Value: en0vcEU0FeLmewmU1F7gGyg1hyfxaiTiXa77gOrcakE-1732756199-1.0.1.1-vEQWchMWPjCZdEdgaKyjwbyRc8lYa5YSrj33A.qJWmyUbLYbU26ZqqQVtE01Z2O9dCVqQd48m31AiPdhueAEhg
.pu220ev.com/ Name: _ga
Value: GA1.1.47344491.1732756200
.pu220ev.com/ Name: _ga_FSDW78HQ4L
Value: GS1.1.1732756199.1.0.1732756199.0.0.0
bonus-2-ca.pu220ev.com/ Name: ga-x3sdiid0
Value: QMWNlZmhiNjQwOTFlN2lhNTQwNGNhOWg4Nzk0OTA4Nj

7 Console Messages

Source Level URL
Text
network error URL: http://ww1.recovery.express/img.sedoparking.com/images/js_preloader.gif
Message:
Failed to load resource: the server responded with a status of 441 ()
rendering warning URL: https://wedlore-a.online/api/v1/px?xmlid=6fhaqx3eKzG0Brak2EbDf3oeUHewR2BqoOKzpE9q
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0403D0BC41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
recommendation verbose URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
rendering warning URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0C06300C41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0D03403C41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0406600C41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://bonus-2-ca.pu220ev.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=en-ca&lrrPath=casino&p_id=%7Bp_id%7D&pc=30&s1=act-516ea383ced5f826c27915455&s2=&s3=&s4=&s5=&source=&st=qHiaoI1C&startTime=1732756198566936846&trId=ct3s5pj3gtht4fm405i0
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0C0590BC41F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bonus-2-ca.pu220ev.com
cas.avalon.perfdrive.com
cdn.perfdrive.com
f.pudaf.com
fs.pudaf.com
img.sedoparking.com
pagead2.googlesyndication.com
recovery.express
refpupp2020.com
region1.google-analytics.com
wedlore-a.online
ww1.recovery.express
www.google.com
www.googletagmanager.com
www.gstatic.com
xml-v4.ngcluster-a.online
xml.sedodna.com
13.225.63.90
130.211.29.114
15.197.224.234
173.239.53.32
18.196.197.52
185.159.247.96
2001:4860:4802:34::36
205.234.175.175
2606:4700:20::681a:3d3
2607:f8b0:4006:808::2004
2607:f8b0:4006:809::2003
2607:f8b0:4006:821::2008
2607:f8b0:4006:822::2002
35.241.15.240
64.190.63.136
72.52.179.174
06355098292635455e261866d3ae12f98ce81e3dac79295425ed5863e823e79f
1b9290068ee0d05b349b38dfeb32c6b1b85c1bf8df933436caeb9aa1b66da52c
1f686a91fb1e299e757f84c1391adfbf89d515d6334c931026601128101883a0
24b3dfeb12de920eb1bf00a64722af89806fba095587a2db3f526974ffb8ae00
257d9751e0900479ad6d273534aa91e4d228ef801015812ae2ec437a1010b366
2605c063257beca9b2bfba501c645a3b32eb15e364859ad01b935cc286aea016
2808d52d7b3b234994a277cf161714260d7b3f86cdc1b02ac74f0749434b8cb8
380df99cc614fd546b3d6a879abaca59ab21f1a96c33fdebda416f08a8e1f533
3fe773267ce0a192460ff6d5b4c9f7a1e95ac5110f5a7735df6e40b2f6abb3e2
404a9c751e536131070b43ce6f32252735149dc98ca827c68ffa7fa80e5432bc
5189c05de05a36b631d2f3736b09890432a8c02ec011c44c4c5f76a7fa03b7ea
6033ab8cc4c0b2669e0f019402db4d9f2dc2097a7f5e61428b2f0f1d57d926a8
738c51e65bb1ea3cb424c4b609405465b282ac3b191d4abfed910065b7b71c6d
73dd640564004ec8730e7f3433b9dfaa6876ac3a27e6964a17834f07f6d56116
7cbef648352dd4fdf2687cb3285bb1abe164a45e2eb258fb883e81b58514c8ef
91ff4be2ee7a9cfd77f658e7bb87b51c2ab878f54904955f07ee72e029c82258
a96509dc9cf8196b5b096061e07ecefaf590fa78833554979275dfab3f5735e0
aae43b57499395dbc0ab1d25b2bffb2c58cacfd7bfc316b1c8bc270e77b88ad3
c66b7a40f17c5c03ca53de19f09a371561f16e3e2bef6fda6b29e9ec673502cb
ca1fc477693507a29e9f0221dfa50e535205e1fb1069d3b32843dd5097b3b2e5
dc5e0b7f4ef4a7476fe76dc84bbfb9e4bcd40311848ef885a906e5f05bfde858
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fcaee6621eeef1beed0cefc75fddf538a4c7dd951f42f83c0ce24e6020df428c
fde8f17e5e4931185d416955d3726fa57b63dbe11d34a228643516eff10ae2a4