bettilt-c2-tr.pu012ev.com Open in urlscan Pro
2606:4700:20::681a:d03  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bettilt-c2-tr.pu012ev.com/	17 KB 5 KB	377ms 228ms	Document text/html	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dba7a9107ef373dcbc7a436aa203c4101d908351404a855515b1dc8ba8bfffc0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-US,en;q=0.9 Response headers cf-cache-status DYNAMIC cf-ray 8379c31f18166a53-EWR content-encoding br content-type text/html date Mon, 18 Dec 2023 19:20:16 GMT last-modified Fri, 08 Dec 2023 16:23:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYslrXW9QQowh8%2BdhFKLEqW8964Id9XHU319K1rHl7eoAcfLrHeiHUUqfFHK%2FsT4kmbd8NPgG715PECH5RvIugYWNbF%2BB%2Fo691KJpnKtRsukCAOUCfVNNCQZASYRhSf0pcBK6n8FN2F2zXFyVWtRkp9%2BEovf60g%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	main.css bettilt-c2-tr.pu012ev.com/	24 KB 5 KB	217ms 216ms	Stylesheet text/css	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/main.css Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a900f9aae7258e1e182fec221a457e61ff6bcf8f33a536f54b50b0b96c278397 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:16 GMT content-encoding br cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65734318-5f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MWb8m629oE9cmQBJguVArbmgP692Ml5V2z4%2BeBwK6ailtV8ds1a9nhMdrj1t0w5gA6r8wnW1i8y27b0lQunY8%2FF9yCrx1CcHLhzfqfMHD1I3vZKK6AXXqafOERcRLEg%2Bvgo8lHJzfDr%2FCf4VUbND5VtAqfkqc6o%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8379c3208a846a53-EWR
GET H2	200	enterprise.js Show response www.google.com/recaptcha/	1 KB 1 KB	144ms 60ms	Script text/javascript	2607:f8b0:4006:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash ce3c7b9aa7606bd64b6dbf60299b7a21d8a87e69c98b45c05201c3f4faefd3d2 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:16 GMT content-encoding gzip x-content-type-options nosniff content-security-policy frame-ancestors 'self' server GSE x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control private, max-age=300 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 1; mode=block expires Mon, 18 Dec 2023 19:20:16 GMT
GET H2	200	bundle.js Show response bettilt-c2-tr.pu012ev.com/	71 KB 17 KB	318ms 317ms	Script application/javascript	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/bundle.js Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58199ce5148b652fd0cfd31397d80703cf7a13be480994e2f088778bf4a9e84c Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT content-encoding br cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6573430e-11c82" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IywpSHVKR2gK9TICsQOGmuqXTP7bjDuMSO2cV5xISPE0l4ZKls99ICVsBr3GHubS7puHeY9UNc3%2FEfp6lR02Lfp7SskYr8DHBBs2kwFIThPhDXuhI9fJ%2F%2FKpXC%2BLcjYbNnLtVfz1%2Fq%2F2Xq8EfKsRP7lP5CvP4%2Fs%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8379c3209a996a53-EWR
GET H2	200	fp.js Show response fs.pudaf.com/	377 KB 71 KB	512ms 200ms	Script application/javascript	3.74.181.159 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://fs.pudaf.com/fp.js Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.74.181.159 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-74-181-159.eu-central-1.compute.amazonaws.com Software / Resource Hash dea35e1e512b9c5e6b6c2c813e2590fe41f3af3d15a2a1c84cc46b2b9481d68b Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT content-encoding gzip last-modified Thu, 07 Dec 2023 14:38:20 GMT etag W/"6571d8dc-5e448" content-type application/javascript
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/	503 KB 202 KB	131ms 29ms	Script text/javascript	2607:f8b0:4006:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise.js?render=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bettilt-c2-tr.pu012ev.com/ Origin https://bettilt-c2-tr.pu012ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 08:51:41 GMT content-encoding gzip x-content-type-options nosniff age 37716 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 205927 x-xss-protection 0 last-modified Mon, 11 Dec 2023 05:01:12 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Dec 2024 08:51:41 GMT
GET H2	200	custom_background.jpg bettilt-c2-tr.pu012ev.com/img/	40 KB 41 KB	332ms 332ms	Image image/jpeg	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu012ev.com/img/custom_background.jpg Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9541514dc8f846bd28be99741fb59fc9ff8a32b2030bc5cca36100f79d0733d1 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:47 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65734313-a0c5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZtUTPYV%2BLdZGO0e1T6gf3GOfbVD%2FtMBUW%2BwzU%2Fhg2adqL33v%2Bg9EyVndTMqYjvfPHfTf1DLaJj4HZV%2BPHfRXzI%2BaguncIy33LzX00FzjsCv6eshPjlKh1N0bMh%2Bpny1uQJLXvcrzXK9KqoxaLstcd%2B6OULMg8Iw%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 cf-ray 8379c321fc696a53-EWR
GET H2	200	down-arrow.svg bettilt-c2-tr.pu012ev.com/img/	199 B 517 B	3148ms 3148ms	Image image/svg+xml	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu012ev.com/img/down-arrow.svg Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9f8674e0a24bf5191b421e076335c32d14b288226ef6d9e8dbc803d1c19d4117 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:20 GMT content-encoding br cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65734312-c7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ik4JRGoIsmy3ASTJT9BYst%2Fu0yjYZRAvXFP61yoFZTHyMV8gbkU0flr4VE%2BxmsKSRvFxXsi2CYOXI820R6AZQsmiZ2okS%2FpVPLwh8qjSqeRiRhRk%2BeLFSbBHqpnbk7Y1p6hdyePnJuwJcGdFpYYGv88BNjnEkgI%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 8379c3220c816a53-EWR
GET H2	200	custom_checkbox.svg bettilt-c2-tr.pu012ev.com/img/	201 B 484 B	218ms 216ms	Image image/svg+xml	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu012ev.com/img/custom_checkbox.svg Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 74aeb26ca8e7d90b0ca08b08b9435f07f952f2f719c2f53340d8c5586aa0eadd Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT content-encoding br cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65734312-c9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AOl8DR8cReSzhr7gilGDKycRswfO9NU9EJEsTgv6omt%2BOMLxox29b0fAXmpbgJjyGIGHZxcWOjNoC6W3gBaifYZNqniMC0C%2FCZ3e79CfszthZplVr5fxwZ%2Fheuj5xNTl3MaCSQtwNA%2FXsxN55AqjQ8nSvblzXvQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 8379c3220c876a53-EWR
GET H2	200	OpenSans-SemiBold.woff bettilt-c2-tr.pu012ev.com/fonts/src/fonts/OpenSans-SemiBold/	78 KB 79 KB	351ms 349ms	Font font/woff	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/fonts/src/fonts/OpenSans-SemiBold/OpenSans-SemiBold.woff Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d069fc26e45fafd68327cb2252c6198d52ea6f5712d1956d91688e76a5df772b Request headers Referer https://bettilt-c2-tr.pu012ev.com/main.css Origin https://bettilt-c2-tr.pu012ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65734311-13904" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSfhJYlumu8ZT8ZB8f2jlL9dsmHmxmP48Us7Y6iJ6TvSsVHYPn1UF3RkUuziEUWnIxX94NFmAcMZinTWdOKDASGTxoIXoKvV5khIsEmlm8yCDvXfHdbUB3hOME%2BlTaQsQnC9TPBCx4iZs4SzsVeiFD1uwMlEqU8%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 8379c3220c846a53-EWR content-length 80132
GET H2	200	RussoOne-Regular.woff bettilt-c2-tr.pu012ev.com/fonts/src/fonts/RussoOne-Regular/	19 KB 19 KB	300ms 299ms	Font font/woff	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/fonts/src/fonts/RussoOne-Regular/RussoOne-Regular.woff Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c37a3910cd099482d8b0b3b335152e5da94916103735b7df73b3a0e385362b40 Request headers Referer https://bettilt-c2-tr.pu012ev.com/main.css Origin https://bettilt-c2-tr.pu012ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65734310-4bcc" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6eya0V2kcYQ5JXvvrKJgE1PKhsAxFwPjVCeJD6Vu4T56kRKEeidwsyQMcnE6o5DUSPoPUrtfCTwVuLpkk7QxihdbOxry9gGxVjSzZpaAgDLcJoruqBF2lKyTf%2BuAy4aAkhfu%2BVIndq%2F9xmlZYiD%2BNpsAasFl9r0%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 8379c3220c856a53-EWR content-length 19404
GET H2	200	OpenSans-Bold.woff bettilt-c2-tr.pu012ev.com/fonts/src/fonts/OpenSans-Bold/	76 KB 77 KB	409ms 408ms	Font font/woff	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/fonts/src/fonts/OpenSans-Bold/OpenSans-Bold.woff Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b9252aa26e62d5af8476dde37ecb7dfb34b02a5a417c29109aea1d384e62be40 Request headers Referer https://bettilt-c2-tr.pu012ev.com/main.css Origin https://bettilt-c2-tr.pu012ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6573430f-13110" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2k2IDmbevSbekOcu8QDnGtmFhhBDcoyjWtuGyCsAuqgBZeEOE%2Bs7VZoQid7d9wYXOlJKfm5Wr%2FNh%2BFw0RM2azyOZIwFwYWiIbGBVJLJVVwxmsz7ZhaGJ4OJiTiCp99D4LkONif3s8FLO%2BeH6rthtJa0kl%2F25x0k%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 8379c3220c866a53-EWR content-length 78096
GET H2	200	turkey.png bettilt-c2-tr.pu012ev.com/img/country/	1 KB 1 KB	124ms 123ms	Image image/png	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://bettilt-c2-tr.pu012ev.com/img/country/turkey.png Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4572c20092423c491c830915d4eccaad9b43524a9e74eb39d1ca7db8d66f8370 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"65734316-4a9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hT%2FZq3fFjrw1cfL8cGUD4b%2FQnJnaQfxrjJ2daFVYXW4XO3X0pDcW9DsaIFDmilqiUBneYWEbbb%2BcKPk9tIuR4ooSCEhsj0j6Ru1fZFFauKiY0Z9rfaxvj7uPOqjtDeHyN27m0ids6pJM3B9sEPgyPUNoz1YkHf4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 cf-ray 8379c3228d3b6a53-EWR
GET H2	200	icomoon.ttf bettilt-c2-tr.pu012ev.com/fonts/src/icon-fonts/	7 KB 7 KB	252ms 251ms	Font application/octet-stream	2606:4700:20::681a:d03 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bettilt-c2-tr.pu012ev.com/fonts/src/icon-fonts/icomoon.ttf Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:d03 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9a9e23e2620acc7e7679de55c389add58698ada404ae426fdf3ef286950b292f Request headers Referer https://bettilt-c2-tr.pu012ev.com/main.css Origin https://bettilt-c2-tr.pu012ev.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT cf-cache-status MISS last-modified Fri, 08 Dec 2023 16:23:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "65734312-1a54" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rflY%2B0a%2FYWyTAGgSoG8KVx7HtvZKm56p5AuaEY5VCPM3F3N%2BrwzQB2w6PLjYVWgYSa8yDIMd1kH%2B4xs7LikL1uAJfIJy3PFjPBVIqXsRtnqn6RGH%2FwTY8ymPMSPZzvkvjhoikdBUWtKmHyEZDxM8fxCn4mh1D1A%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 8379c3229d486a53-EWR content-length 6740
GET H2	200	anchor Show response www.google.com/recaptcha/enterprise/ Frame 876F	7 KB 1 KB	45ms 44ms	Document text/html	2607:f8b0:4006:80f::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1MDEyZXYuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&cb=287jei5acwz2 Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 97728987c963641768ebf98cef5cefbcbc2c2abf29c7d7b73c0eb2f5ca90dc76 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-QLmLPOR4Kc4miHpS6iKqZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://bettilt-c2-tr.pu012ev.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=0 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-QLmLPOR4Kc4miHpS6iKqZA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Mon, 18 Dec 2023 19:20:17 GMT expires Mon, 18 Dec 2023 19:20:17 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H2	200	styles__ltr.css www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 876F	55 KB 25 KB	105ms 29ms	Stylesheet text/css	2607:f8b0:4006:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1MDEyZXYuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&cb=287jei5acwz2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 08:53:02 GMT content-encoding gzip x-content-type-options nosniff age 37635 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 24606 x-xss-protection 0 last-modified Mon, 11 Dec 2023 05:01:12 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Dec 2024 08:53:02 GMT
GET H2	200	recaptcha__en.js Show response www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 876F	503 KB 201 KB	117ms 42ms	Script text/javascript	2607:f8b0:4006:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1MDEyZXYuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&cb=287jei5acwz2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 08:51:41 GMT content-encoding gzip x-content-type-options nosniff age 37716 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 205927 x-xss-protection 0 last-modified Mon, 11 Dec 2023 05:01:12 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" vary Accept-Encoding report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type text/javascript access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes expires Tue, 17 Dec 2024 08:51:41 GMT
GET H3	200	logo_48.png www.gstatic.com/recaptcha/api2/ Frame 876F	2 KB 2 KB	22ms 22ms	Image image/png	2607:f8b0:4006:80d::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/recaptcha/api2/logo_48.png Requested by Host: www.gstatic.com URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2607:f8b0:4006:80d::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Fri, 15 Dec 2023 02:35:02 GMT x-content-type-options nosniff age 319515 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2228 x-xss-protection 0 last-modified Tue, 03 Mar 2020 20:15:00 GMT server sffe cross-origin-opener-policy same-origin-allow-popups; report-to="recaptcha" report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} content-type image/png cache-control public, max-age=604800 accept-ranges bytes expires Fri, 22 Dec 2023 02:35:02 GMT
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v18/ Frame 876F	15 KB 16 KB	117ms 30ms	Font font/woff2	2607:f8b0:4006:81c::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: www.google.com URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lfxs6UUAAAAAE3kzerSlj_d5OF7IeWoXvzOE_50&co=aHR0cHM6Ly9iZXR0aWx0LWMyLXRyLnB1MDEyZXYuY29tOjQ0Mw..&hl=en&v=u-xcq3POCWFlCr3x8_IPxgPu&size=invisible&cb=287jei5acwz2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81c::2003 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.google.com/ Origin https://www.google.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Fri, 15 Dec 2023 22:43:41 GMT x-content-type-options nosniff age 246996 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15344 x-xss-protection 0 last-modified Mon, 16 Oct 2017 17:32:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 14 Dec 2024 22:43:41 GMT
OPTIONS H2	204	a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a f.pudaf.com/p/ Frame	0 0	534ms 240ms	Preflight	35.156.16.207 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.156.16.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-156-16-207.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type,if-none-match Access-Control-Request-Method POST Origin https://bettilt-c2-tr.pu012ev.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers access-control-allow-headers Origin,Content-Length,Content-Type,if-none-match access-control-allow-methods GET,POST,HEAD,PUT,DELETE,PATCH access-control-allow-origin * access-control-max-age 43200 date Mon, 18 Dec 2023 19:20:18 GMT vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers
POST H2	200	a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Show response f.pudaf.com/p/	21 B 733 B	107ms 106ms	Fetch application/json	35.156.16.207 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.156.16.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-156-16-207.eu-central-1.compute.amazonaws.com Software / Resource Hash 4abf9b7abadb46bb07b55d2551254999420515d76e9d5f6542407e892f731d60 Request headers Accept application/json, text/html, text/plain Referer https://bettilt-c2-tr.pu012ev.com/ If-None-Match accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/octet-stream Response headers date Mon, 18 Dec 2023 19:20:18 GMT last-modified Mon, 18 Dec 2023 19:18:38 GMT accept-ch sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors etag 65809b726b3664d1f664753f vary Origin content-type application/json access-control-allow-origin * access-control-expose-headers If-Match,If-Modified-Since,If-None-Match,ETag,Last-Modified content-length 21
HEAD H2	200	adsbygoogle.js pagead2.googlesyndication.com/pagead/js/	0 0	179ms 84ms	Fetch text/javascript	2607:f8b0:4006:816::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://bettilt-c2-tr.pu012ev.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Mon, 18 Dec 2023 19:20:17 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 51240 x-xss-protection 0 server cafe etag 16599801062164800862 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Mon, 18 Dec 2023 19:20:17 GMT
GET BLOB	200 OK	3d94be2a-2a3a-4474-8030-4f96eb22889b https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/3d94be2a-2a3a-4474-8030-4f96eb22889b Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	a4213d89-33bf-46b4-b2af-4f9ee2e49b9a https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/a4213d89-33bf-46b4-b2af-4f9ee2e49b9a Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	ad96bdd0-4de9-4bdc-8865-4f7cc18f76cd https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/ad96bdd0-4de9-4bdc-8865-4f7cc18f76cd Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	f5d35649-1b66-42b3-b286-b2960b10b94f https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/f5d35649-1b66-42b3-b286-b2960b10b94f Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	3ca1a34a-51cd-4dc1-89aa-0933c8bf019d https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/3ca1a34a-51cd-4dc1-89aa-0933c8bf019d Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	845ae301-025c-4f66-9b2a-3a292f8f0338 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/845ae301-025c-4f66-9b2a-3a292f8f0338 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	1c373b02-b0b4-4847-8aef-2e73a4b7a055 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/1c373b02-b0b4-4847-8aef-2e73a4b7a055 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	9522d596-2dec-43e2-96b2-59db31b2875e https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/9522d596-2dec-43e2-96b2-59db31b2875e Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	264c1ba9-b6d6-4b66-a94a-8d6527660fa6 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/264c1ba9-b6d6-4b66-a94a-8d6527660fa6 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	9e79c349-d8b6-403f-8afd-0bb5f12a82df https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/9e79c349-d8b6-403f-8afd-0bb5f12a82df Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	a52838c6-f223-4ab2-a2ab-18af01c30165 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/a52838c6-f223-4ab2-a2ab-18af01c30165 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	e9f24cf6-7b9a-451e-8acc-0f6bb01ec162 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/e9f24cf6-7b9a-451e-8acc-0f6bb01ec162 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
GET BLOB	200 OK	f192938b-42ee-4d99-a7cc-7a6d78e25946 https://bettilt-c2-tr.pu012ev.com/	419 B 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://bettilt-c2-tr.pu012ev.com/f192938b-42ee-4d99-a7cc-7a6d78e25946 Requested by Host: bettilt-c2-tr.pu012ev.com URL: https://bettilt-c2-tr.pu012ev.com/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Length 419 Content-Type application/javascript
POST H2	200	a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Show response f.pudaf.com/p/	21 B 733 B	206ms 203ms	Fetch application/json	35.156.16.207 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Requested by Host: fs.pudaf.com URL: https://fs.pudaf.com/fp.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.156.16.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-156-16-207.eu-central-1.compute.amazonaws.com Software / Resource Hash 4abf9b7abadb46bb07b55d2551254999420515d76e9d5f6542407e892f731d60 Request headers Accept application/json, text/html, text/plain Referer https://bettilt-c2-tr.pu012ev.com/ If-None-Match accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Content-Type application/octet-stream Response headers date Mon, 18 Dec 2023 19:20:20 GMT last-modified Mon, 18 Dec 2023 19:18:40 GMT accept-ch sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors etag 65809b748967a288392fa20f vary Origin content-type application/json access-control-allow-origin * access-control-expose-headers If-Match,If-Modified-Since,If-None-Match,ETag,Last-Modified content-length 21
OPTIONS H2	204	a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a f.pudaf.com/p/ Frame	0 0	110ms 110ms	Preflight	35.156.16.207 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://f.pudaf.com/p/a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a?api=vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE&si=a0dd087b-f253-43b1-a8e5-a2abf7ea4e3a Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.156.16.207 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-35-156-16-207.eu-central-1.compute.amazonaws.com Software / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type,if-none-match Access-Control-Request-Method POST Origin https://bettilt-c2-tr.pu012ev.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers access-control-allow-headers Origin,Content-Length,Content-Type,if-none-match access-control-allow-methods GET,POST,HEAD,PUT,DELETE,PATCH access-control-allow-origin * access-control-max-age 43200 date Mon, 18 Dec 2023 19:20:20 GMT vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture object| landingConfig string| afto function| aft object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| phonePattern object| links object| pageState object| formNotif object| recaptcha object| closure_lm_421136 string| afti function| aftUUID function| aftSID function| aftUID function| aftGenSID

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pu012ev.com/	1970-01-20 17:02:09	Name: __cf_bm Value: KFDKbmH0vKUICx4jwp8Vexg_qlrvYmUgn0Rs_LrE21A-1702927216-1-ARe6b/KAk4Y+VhdjJOuOQkwcU7qkTkkvGbMI6WZzWvfqGcgfVF0uqgmx/HQkfBbol51Rk3tW74zvAat8EaA6c08=

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://fs.pudaf.com/fp.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bettilt-c2-tr.pu012ev.com
f.pudaf.com
fonts.gstatic.com
fs.pudaf.com
pagead2.googlesyndication.com
www.google.com
www.gstatic.com
2606:4700:20::681a:d03
2607:f8b0:4006:80d::2003
2607:f8b0:4006:80f::2004
2607:f8b0:4006:816::2002
2607:f8b0:4006:81c::2003
3.74.181.159
35.156.16.207
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4572c20092423c491c830915d4eccaad9b43524a9e74eb39d1ca7db8d66f8370
4abf9b7abadb46bb07b55d2551254999420515d76e9d5f6542407e892f731d60
4fe976ce3e57febb0b359569ce54df245fe08132eda2d1362f9f6cb45b4ce4aa
58199ce5148b652fd0cfd31397d80703cf7a13be480994e2f088778bf4a9e84c
74aeb26ca8e7d90b0ca08b08b9435f07f952f2f719c2f53340d8c5586aa0eadd
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
9541514dc8f846bd28be99741fb59fc9ff8a32b2030bc5cca36100f79d0733d1
97728987c963641768ebf98cef5cefbcbc2c2abf29c7d7b73c0eb2f5ca90dc76
9a9e23e2620acc7e7679de55c389add58698ada404ae426fdf3ef286950b292f
9f8674e0a24bf5191b421e076335c32d14b288226ef6d9e8dbc803d1c19d4117
a900f9aae7258e1e182fec221a457e61ff6bcf8f33a536f54b50b0b96c278397
b9252aa26e62d5af8476dde37ecb7dfb34b02a5a417c29109aea1d384e62be40
c37a3910cd099482d8b0b3b335152e5da94916103735b7df73b3a0e385362b40
ce3c7b9aa7606bd64b6dbf60299b7a21d8a87e69c98b45c05201c3f4faefd3d2
d069fc26e45fafd68327cb2252c6198d52ea6f5712d1956d91688e76a5df772b
daf20b4dbc2ee9cc700e99c7be570105ecaf649d9c044adb62a2098cf4662d24
dba7a9107ef373dcbc7a436aa203c4101d908351404a855515b1dc8ba8bfffc0
dea35e1e512b9c5e6b6c2c813e2590fe41f3af3d15a2a1c84cc46b2b9481d68b