urlscan.io logo urlscan.io
SecurityTrails logo

paybyplatema.site Open in urlscan Pro
2606:4700:3030::ac43:b3fd  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://paybyplatema.site/
Effective URL: https://paybyplatema.site/
Submission: On August 18 via api from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 61 HTTP transactions. The main IP is 2606:4700:3030::ac43:b3fd, located in United States and belongs to CLOUDFLARENET, US. The main domain is paybyplatema.site.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 10th 2023. Valid for: a year.
This is the only time paybyplatema.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2606:4700:3037::6815:1fd7 (United States)

ASN13335 (CLOUDFLARENET, US)
paybyplatema.site
9    2606:4700:3030::ac43:b3fd (United States)

ASN13335 (CLOUDFLARENET, US)
paybyplatema.site
5    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
4    2606:4700:3033::6815:3d37 (United States)

ASN13335 (CLOUDFLARENET, US)
acacdn.com
11    139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)
yonhelioliskor.com
4    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
9    192.243.59.12 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
alterassumeaggravate.com
2    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
5    2606:4700:e6::ac40:c209 (United States)

ASN13335 (CLOUDFLARENET, US)
youradexchange.com
3    2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
11 yonhelioliskor.com
yonhelioliskor.com — Cisco Umbrella Rank: 680019
41 KB
10 paybyplatema.site
paybyplatema.site
153 KB
9 alterassumeaggravate.com
alterassumeaggravate.com — Cisco Umbrella Rank: 296229
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 125
tpc.googlesyndication.com — Cisco Umbrella Rank: 163
213 KB
5 youradexchange.com
youradexchange.com — Cisco Umbrella Rank: 25317
2 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 76
384 KB
4 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2102
380 B
4 acacdn.com
acacdn.com — Cisco Umbrella Rank: 67095
154 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 55
5 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 3
1 KB
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9422
545 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 1244
609 B
61 12
Domain Requested by
11 yonhelioliskor.com paybyplatema.site
yonhelioliskor.com
10 paybyplatema.site 1 redirects paybyplatema.site
9 alterassumeaggravate.com paybyplatema.site
6 pagead2.googlesyndication.com paybyplatema.site
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 youradexchange.com acacdn.com
5 www.googletagmanager.com paybyplatema.site
www.googletagmanager.com
4 region1.google-analytics.com www.googletagmanager.com
4 acacdn.com paybyplatema.site
acacdn.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 my.rtmark.net paybyplatema.site
1 partner.googleadservices.com pagead2.googlesyndication.com
61 13

This site contains links to these domains. Also see Links.

Domain
youradexchange.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-02-10 -
2024-02-10		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
acacdn.com
GTS CA 1P5		 2023-07-11 -
2023-10-09		 3 months crt.sh
yonhelioliskor.com
R3		 2023-06-15 -
2023-09-13		 3 months crt.sh
alterassumeaggravate.com
R3		 2023-07-18 -
2023-10-16		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
rtmark.net
R3		 2023-07-25 -
2023-10-23		 3 months crt.sh
youradexchange.com
GTS CA 1P5		 2023-06-21 -
2023-09-19		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-07-31 -
2023-10-23		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://paybyplatema.site/
Frame ID: 3E9FFA3D619E224A82F9D1C130A6C7EA
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/zrt_lookup.html
Frame ID: 198039F6642E5DE6D47E8C07D52D69D2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1692350427&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1692371943776&bpp=711&bdt=630&idt=892&shv=r20230816&mjsv=m202308100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366093801890&frm=20&pv=2&ga_vid=1627403970.1692371944&ga_sid=1692371945&ga_hid=670404005&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31077148%2C44795922&oid=2&pvsid=835413346290668&tmod=1434356357&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=911
Frame ID: 4985B75433E99783EAF2574E916EC2D8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E2B18302E233A7FE275418A0E3C7270C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C42E79111BCA87DAA58B7F5F6E790641
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

PayByPlateMa com Pay Online Toll Bills in Massachusetts

Page URL History Show full URLs

  1. http://paybyplatema.site/ HTTP 301
    https://paybyplatema.site/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

61
Requests

100 %
HTTPS

79 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

953 kB
Transfer

2599 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://paybyplatema.site/ HTTP 301
    https://paybyplatema.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
paybyplatema.site/
Redirect Chain
  • http://paybyplatema.site/
  • https://paybyplatema.site/
92 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b435a3f905db86c316dad7c9a24dc3441188a3f2c1b696768226665950ba88b5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
7f8b22020d7b927a-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 18 Aug 2023 15:19:03 GMT
expires
Fri, 18 Aug 2023 15:19:02 GMT
last-modified
Fri, 18 Aug 2023 11:20:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wHhlsHDHWXbt%2BTD%2Bd1l%2F0HrqhU6bcNyUp%2Bt3ymkk8MYdsXCRVx8UKjjzsl7F1IxaTSvbIp1McOba87FTlbZ4A6IPF942ePD%2F3JLbdreKeCa5vHyNdifVNNWjNjy4WgLpuJ20%2FkRk5b3lETSVO8nFLw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding,Accept-Encoding

Redirect headers

CF-RAY
7f8b22008e968fec-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Fri, 18 Aug 2023 15:19:02 GMT
Expires
Fri, 18 Aug 2023 16:19:02 GMT
Location
https://paybyplatema.site/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k64d8o3uc2FNVDVdyN%2BDm4o%2F2aoXKY7cl6qgdmUNFhIh%2FVfN9hUqCLOsYM26SWkyeBIzxzNdC5DuSPDCiApoyubHm4G59%2BBAHAfasIwHdzkavXhxugP5lOneMCzj4x7ay0ucDshdeH4p4uBmQjPVcg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
4fe25cb8403b8bf73d79996bf2ac7bb5.css
paybyplatema.site/wp-content/cache/min/1/ 		135 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/wp-content/cache/min/1/4fe25cb8403b8bf73d79996bf2ac7bb5.css
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a59dabada4fe980793de9c904fee9ed1cdcd5b489623273c4037a9a9df63c11c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Wed, 09 Aug 2023 07:52:29 GMT
server
cloudflare
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=138824
vary
Accept-Encoding,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEB%2FHuoj90fpN56s%2BbacQ4qzVJkYt7w1Jsn4F5Xz4g0SfOKh%2B%2BvJDFBAQqazqvICw52twqgjYEGTwkrFcubOLpaDnseRQrWbDQTD%2BFTRrazPr%2FBU80PclSJ4OG4D4h5BCWi3oXPCnWubzofsRHdqOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000,public
cf-ray
7f8b2204c92b927a-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 12 Aug 2024 14:20:35 GMT
js
www.googletagmanager.com/gtag/ 		193 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bba45a2a34dd66b659830b7ab68332bee034d5b19e01211d3894ed465d0b1b3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
72656
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 18 Aug 2023 15:19:03 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f4ff8c2f0224fbe57ab6a069d20da0df8e7c2238cc8268f9f0bb1be2ff98b03b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://paybyplatema.site/
Origin
https://paybyplatema.site
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50709
x-xss-protection
0
server
cafe
etag
9728283569788829995
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 18 Aug 2023 15:19:03 GMT
js
www.googletagmanager.com/gtag/ 		258 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
80884d9db1faf5b80b0c642b7990196ca45342aac604fd91dbbacc2da891ecd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88610
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 18 Aug 2023 15:19:03 GMT
js
www.googletagmanager.com/gtag/ 		178 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-256309008-1
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5c81e627add0808c5758a625598828b76b2ce2e6254dcef5dce9327eb9c6ac67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66229
x-xss-protection
0
last-modified
Fri, 18 Aug 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 18 Aug 2023 15:19:03 GMT
atg.js
acacdn.com/script/ 		105 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acacdn.com/script/atg.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:3d37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26e189f6fa1647e9905eb19cf008d8f4ddbcdfd6b152d800889814e0a6f1d669

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
832
x-guploader-uploadid
ADPycduxJd7C2nAq7_T_IINIo-9H69nsQOQT22JWWCdiQGik7IIvdzFQfFxFTTW1VmwIb93E504Po87GlVnVC6Mw5QGUjYIbtInn
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 04 Aug 2023 08:06:54 GMT
server
cloudflare
etag
W/"8ae014e4e660e04037c09e58737530fb"
vary
Accept-Encoding
x-goog-hash
crc32c=cg3w/w==, md5=iuAU5OZg4EA3wJ5Yc3Uw+w==
x-goog-generation
1691136414887084
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFsQftfpUdh0%2B1HsNpxnDFJNgIyvBRm7L%2FAvyxA8XzJoJXxzSAiYytLYX6PncZNHi9ZOphQwu53tWfXTXkU4Zdjx5KdNVfiiKLvB4kvVolxolIpkm9SRCrQ90gg3Lt0CEuryeiJL6Zvp"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
107312
cf-ray
7f8b22056f262bb6-FRA
expires
Fri, 18 Aug 2023 15:21:48 GMT
tag.min.js
yonhelioliskor.com/pfe/current/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
9248f5602f140185b4b11ffde8982a2a3886c2f40602c26a7aaeb8bba4806f38

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
gzip
last-modified
Fri, 18 Aug 2023 13:08:30 GMT
server
nginx
etag
W/"64df6d4e-338c"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
paybyplate-ma-768x489.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 		34 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://paybyplatema.site/wp-content/uploads/2022/10/paybyplate-ma-768x489.jpg
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d463d228d035d3ad8f2a03c125a95f741960bf46567a8aa6a43678dba5f7859

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
cf-cache-status
HIT
last-modified
Tue, 18 Oct 2022 14:43:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GYNomMQAH%2BEULLELW9fKZ2J5Ciatv9dEB8EZqdd%2FLR6zG5nUjfS9aLOmzFvmTuwWiiuX6EDVf8uTWwm7PT8op04Wsip3bl2l9QObKZaafhhQCCN%2BPY8YOP75efOxNqEZEJ83sPuc2dzUFbBZ1ADvIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=10368000,public
accept-ranges
bytes
cf-ray
7f8b2204c935927a-FRA
alt-svc
h3=":443"; ma=86400
content-length
35012
expires
Mon, 16 Oct 2023 12:48:30 GMT
PayByPlateMA-768x299.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://paybyplatema.site/wp-content/uploads/2022/10/PayByPlateMA-768x299.jpg
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14479a98ec305fbd5fb6681cc2e6a69c603249fa7039c1eb31658add354721c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
cf-cache-status
HIT
last-modified
Tue, 18 Oct 2022 14:26:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
115011
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ahiw%2F%2BlR6%2BKYe0%2BcdiCnvRMUsshhIwaC5glOt4vuiW6FdMIQsgd3AbQFxnbXp1ok%2Foz3hrm4YZX6ngHg0R%2BvAVPl1rGehNvWnTPLY9cbyeh%2BXcxsb5Vm798Mq4VdzDySdALo9sh9BzBF1XYsCOvtZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=10368000,public
accept-ranges
bytes
cf-ray
7f8b220aec2a1e6c-FRA
alt-svc
h3=":443"; ma=86400
content-length
34423
expires
Mon, 11 Dec 2023 16:18:59 GMT
PaybyPlateMa-password-reset-2-768x358.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://paybyplatema.site/wp-content/uploads/2022/10/PaybyPlateMa-password-reset-2-768x358.jpg
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5147a8231c22904e0b506be9ca95eeb3882f3e85a2c3c213ed28c720d0dd48f5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
cf-cache-status
HIT
last-modified
Tue, 18 Oct 2022 14:07:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
115011
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qy1kMtx7xmLnMjKTbW5M4UEd9ytxKhXQPUiZ8NjN%2BWV2YBoNY76aeeWzatb%2FFIdVXo%2Fq%2BoOhPR%2FefszKJfZSKl4DyNagKKVLHULq%2BliEmWChSnrzHE%2Bj3yZtjDR2lWuJDO4LLdLnkWmgG4d20nmhfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=10368000,public
accept-ranges
bytes
cf-ray
7f8b220b6cf81e6c-FRA
alt-svc
h3=":443"; ma=86400
content-length
31316
expires
Mon, 11 Dec 2023 16:18:59 GMT
email-decode.min.js
paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Aug 2023 10:58:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64ddfd41-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NNzavZ%2Bb0Jgy1pOaWs3%2BAPq9svNPK%2FrkuNMpHwcugs11QUZNOoHzDuI16n%2F1B10b603b0ABGpY0XK87fFM6Lu2UOHbxf6WhJ0W9FLHPhmF5%2FMTTaZtebEdzAkmmHrAPcMnR8219yjWG8Gmkl5hrorg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
7f8b22062cf91e6c-FRA
expires
Sun, 20 Aug 2023 15:19:03 GMT
menu.min.js
paybyplatema.site/wp-content/themes/generatepress/assets/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.3.0
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Mar 2023 16:14:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
227361
vary
Accept-Encoding,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oF8GB4byaKOrY7qZdr8Qv1F1fEA%2Fio9UU1BtM76MkURk9dWRk8tzFLknFhyppZcc3%2BIi5AjTXdGvy79KodYHpgg%2FA7mO2E1JWbnkJpQtedTky%2FLVZxAQb5UCGBjFZSkIxp%2Bzyno%2B1z2iND3%2BmJw30g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000,public
cf-ray
7f8b22066d721e6c-FRA
alt-svc
h3=":443"; ma=86400
expires
Mon, 12 Aug 2024 14:23:21 GMT
main.min.js
paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/main.min.js?ver=2.1.4
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 14 Oct 2022 08:55:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
227358
vary
Accept-Encoding,Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ypDVGaXY2of40%2Bmnwj5CU7Bs6376%2BJ8YVkH0QTFAs6OZrBWl7LZUzf0SO4xNduqvc7z1W4kU%2FxFasFL9rNsJ3NuMEfqjWb0XGswvMyKfRcRCAiPBVI6UTY5Kwc8ox5emVCDzwvTD1a4GK5a7orTj%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000,public
cf-ray
7f8b2206ce151e6c-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 13 Jun 2024 12:29:20 GMT
collect
region1.google-analytics.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-BR9S49MX8J&gtm=45je38g0&_p=670404005&cid=1627403970.1692371944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692371943&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:03 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://paybyplatema.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		258 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9d762bf9b75f0e18c8905832ad473b7f8284a452e8f6c0c9a54840d672e9e60d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88538
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 18 Aug 2023 15:19:04 GMT
103f872def2557028e4aca50c4daff0f.js
alterassumeaggravate.com/10/3f/87/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:04 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/ 		369 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
935fae1cffd56fa1fe6986ddd022bad37223439707a9cd90fef15bb0a1411b92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128221
x-xss-protection
0
server
cafe
etag
10764326203144564719
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 18 Aug 2023 15:19:04 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/ Frame 1980 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230816/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a56bbb4199232f466109c81aad2004410c5d35567ebb59c1a0aef0f9f79b91dd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://paybyplatema.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1594
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4542
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 18 Aug 2023 14:52:29 GMT
etag
13776922816869014096
expires
Fri, 01 Sep 2023 14:52:29 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je38g0&_p=670404005&cid=1627403970.1692371944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692371943&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:03 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://paybyplatema.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		207 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-256309008-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d669ad3635e3a429325bb14e5acde712f4d70386acd81653665c33a71008a62f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
76338
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 18 Aug 2023 15:19:04 GMT
invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:04 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
zone
yonhelioliskor.com/ 		884 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/zone?pub=0&zone_id=5907218&is_mobile=false&domain=paybyplatema.site&var=&ymid=&var_3=
Requested by
Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d399385eae1fd1f16b6bae8005a07e32810decc04b8e9aa3d360c5971c1c2ed2
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

x-trace-id
29910c9669e9718a70f2c524a115aa3e
date
Fri, 18 Aug 2023 15:19:03 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
884
universal.min.js
yonhelioliskor.com/pfe/current/ 		85 KB
33 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/pfe/current/universal.min.js?v=3.1.450
Requested by
Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ab43713e8d01640060652696ea16c0b7e6fa7ca0476413466a376ab82e58d254

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:03 GMT
content-encoding
gzip
last-modified
Fri, 18 Aug 2023 13:08:30 GMT
server
nginx
etag
W/"64df6d4e-155a7"
content-type
application/javascript
access-control-allow-origin
https://paybyplatema.site
cache-control
no-cache
access-control-allow-credentials
true
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-5M4EY5KCMW&gtm=45je38g0&_p=670404005&cid=1627403970.1692371944&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1692371944&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:04 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://paybyplatema.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:04 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
cookie.js
partner.googleadservices.com/gampad/ 		401 B
609 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=paybyplatema.site&callback=_gfp_s_&client=ca-pub-4969693136336878
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
344f35f8e4236a7af6a42514e45bc6312ad9dd9df6afab85c2bdc7f6c8af6522
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
257
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 4985 		603 B
218 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1692350427&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1692371943776&bpp=711&bdt=630&idt=892&shv=r20230816&mjsv=m202308100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366093801890&frm=20&pv=2&ga_vid=1627403970.1692371944&ga_sid=1692371945&ga_hid=670404005&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31077148%2C44795922&oid=2&pvsid=835413346290668&tmod=1434356357&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=911
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://paybyplatema.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 18 Aug 2023 15:19:04 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
custom
yonhelioliskor.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://paybyplatema.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://paybyplatema.site
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 18 Aug 2023 15:19:04 GMT
server
nginx
custom
yonhelioliskor.com/ 		39 B
327 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
b2ed5a787dbd73f9b7fa590924786f28
date
Fri, 18 Aug 2023 15:19:04 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
Code%20file
paybyplatema.site/ 		5 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://paybyplatema.site/Code%20file
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:05 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 28 Apr 2023 20:57:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4AIHzJj%2F1NAodEqeShlCNePLzIk2yQjACqf7iFxSSdnpuFENuAoGN2lTqxhvDRxIJ9fI6iBCNTfCqA2BkVrcwM35of6dPPa4wYqvSkVcvmQ5q2BjeEf%2FWo1rLTW5ufOaRMYpv1dI%2BZu1nN%2FCSAxLg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
7f8b220e89ba1e6c-FRA
alt-svc
h3=":443"; ma=86400
content-length
5242
expires
Sun, 17 Sep 2023 15:19:04 GMT
invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:04 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:05 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
custom
yonhelioliskor.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://paybyplatema.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://paybyplatema.site
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 18 Aug 2023 15:19:04 GMT
server
nginx
custom
yonhelioliskor.com/ 		39 B
326 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
59873c4a971b7016d21854d6ac2ea05d
date
Fri, 18 Aug 2023 15:19:04 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
gid.js
my.rtmark.net/ 		65 B
545 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=b57e787ac0094c2da0004a42bb38fc72&zoneId=5907218&checkDuplicate=true&ymid=&var=
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4d0030d908d7afcce1ba3d8bf9aef477620b6d5e5f5bcdde9005116078bcd29e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:05 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:05 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:05 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:05 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
event
yonhelioliskor.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/event
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://paybyplatema.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://paybyplatema.site
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 18 Aug 2023 15:19:05 GMT
server
nginx
event
yonhelioliskor.com/ 		94 B
381 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/event
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
abd0b0f160c09a47e0f8c1b7b21dd90f2be18939234840e561f5edd7e9d42223
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
1b09e3e8aaa9628cd838eb8d4d905671
date
Fri, 18 Aug 2023 15:19:05 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
94
invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.5 /
Resource Hash

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Fri, 18 Aug 2023 15:19:05 GMT
Server
nginx/1.19.5
Accept-CH
Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Content-Type
application/javascript
Connection
keep-alive
Content-Length
0
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230816&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3858813dd061ac7758f0a1bdd40b3cc5f1754a513d26e72ae9a890fd54124c9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11631
x-xss-protection
0
custom
yonhelioliskor.com/ 		39 B
326 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Requested by
Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
application/json

Response headers

x-trace-id
9af9a2956c3bb105c067be81e7177641
date
Fri, 18 Aug 2023 15:19:05 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://paybyplatema.site
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
39
custom
yonhelioliskor.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://yonhelioliskor.com/custom
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://paybyplatema.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://paybyplatema.site
access-control-max-age
86400
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 18 Aug 2023 15:19:05 GMT
server
nginx
ut.js
acacdn.com/script/ 		80 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acacdn.com/script/ut.js?cb=1692371944498
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:3d37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7e2195f37f21b45611d802096d8e882a44c55cd571f05bbf7dbeb31bf77378f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
251
x-guploader-uploadid
ADPycdvhpE5sFDsLmJ7vosXL-r1m7Qd4mgIdxFHuDT_tlA3SSKffvuzsZdyF-084VTKl-Lwd-vkVK0ZGxlMlipGndACj22UHqRS1
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 16 Aug 2023 08:24:25 GMT
server
cloudflare
etag
W/"7b345ac84f43dce247e4d14b7fc85dd1"
vary
Accept-Encoding
x-goog-hash
crc32c=O4hKMg==, md5=ezRayE9D3OJH5NFLf8hd0Q==
x-goog-generation
1692174265266008
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47S0ue9dun73K9j7cesGpX%2BDgqIr3MCWQ7U09g46%2BSIcRvkzsFTD25JBx1dIjPknoCM2RdEDHLyaFw8%2BfiMeZcRIdYW5eUo%2BLej%2BOuHsm2dbREw%2BqJgVzAicjIk8XMEqtxj2NeiRg3jN"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
82296
cf-ray
7f8b2218d9912bb6-FRA
expires
Fri, 18 Aug 2023 15:23:47 GMT
czcf.php
youradexchange.com/ad/ 		204 B
667 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://youradexchange.com/ad/czcf.php?cz=dddyue3gxn&chmob=%3F0
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
via
1.1 google
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gdu7n68xJdl2mYPc0SoVaeR5%2FD1zU0O8eN1x08E13amorjudMRNLATjMafzM82%2BOHUB%2BUWiFKgFzMpZdWLaNF5kpdgfu%2FD%2FTYtVmAEM8ttFstIXAXCBN5iBhVqJTA%2BooSZuLnE0OET5%2FfPOEGXLjAX0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-type
text/html; charset=utf-8
cf-ray
7f8b2217ffae9b8e-FRA
access-control-allow-headers
Content-Type
alt-svc
h3=":443"; ma=86400
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308100101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 18 Aug 2023 15:19:06 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E2B1 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://paybyplatema.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3747
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 18 Aug 2023 14:16:39 GMT
expires
Sat, 17 Aug 2024 14:16:39 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame C42E 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a5c546a255f5887ec76c3f3318a2cd4ed716ffd0f262d56ca025892f2568ba21
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wOw4j4yy_81z51WSLMB6Yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://paybyplatema.site/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
538
content-security-policy
script-src 'report-sample' 'nonce-wOw4j4yy_81z51WSLMB6Yw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 18 Aug 2023 15:19:06 GMT
expires
Fri, 18 Aug 2023 15:19:06 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js
pagead2.googlesyndication.com/bg/ Frame E2B1 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/VOYjWJ9SYKUWeq_SiXQPiq5A6-bg1q_inShFnttaRxg.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 13:42:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
5813
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14636
x-xss-protection
0
last-modified
Mon, 14 Aug 2023 12:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 17 Aug 2024 13:42:13 GMT
display.php
youradexchange.com/n/ 		0
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://youradexchange.com/n/display.php?r=6713762&atag=1&czid=dddyue3gxn&aggr=2&ppv=1&srs=eff6be4355fe2f47b9d96a3f2c349627
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:c209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET, POST, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dPIhHYQvVzNhukea%2FwRFtSpFWpVjyDCDibrCmKUgHorNRZzmPLX8vKifr5pCZNxNVn8ItQyQIA6x1c56MaauMuppVtgQZ39MIAHbj7wn2ep92OSY4J8TUTs6gjBQvr%2BJCTuqJpuV9aDcfgdF%2Blf6xOw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
7f8b22199c8b1daa-FRA
access-control-allow-headers
Content-Type
alt-svc
h3=":443"; ma=86400
ippg.js
acacdn.com/script/ 		121 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acacdn.com/script/ippg.js
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3d37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f1dd6ebbb5dec91e6869026ca44b38e644eb2970a524a86fea3ac40ea24436d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3595
x-guploader-uploadid
ADPycdtwoQWdVvtMxca8n97Ad5BXpIszsIM-YdoMmk2H_eIDO-Lok6CDjDgifZ40AYVn-1DO60spghLDx6W1u8TziSt5yw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 01 Aug 2023 10:42:02 GMT
server
cloudflare
etag
W/"65abb2cf1db985095d4657ee10b185c8"
vary
Accept-Encoding
x-goog-hash
crc32c=FDBm8g==, md5=Zauyzx25hQldRlfuELGFyA==
x-goog-generation
1690886522906376
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MF1yVIijmezMzho5WMHOl2Fwt0RUpZ0MncjL2%2FZm0Z55u2a8m0sj2C0FCLFByeSN8qjkMFwyarDDxJqnOPmTEZ8qLthwuATH8cStRopemPQpEqVgkkFrqSoEnPF0CQXLreH6eTOi36Wr"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
124255
cf-ray
7f8b22190d303665-FRA
expires
Fri, 18 Aug 2023 15:06:58 GMT
suv4.js
acacdn.com/script/ 		147 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acacdn.com/script/suv4.js
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:3d37 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
876efc8c367685d908423bb6b5315b59a3e3125fbc691b62eecf1bd09f1ff008

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3216
x-guploader-uploadid
ADPycdvU4oBMuQOoL17xcKNHkNlRBsz1mPYPM88WAArpn-7iMjP9-dGeBpmZfX5225xMOcMfA-c04FdXhHYAfwjvCFw2rawXY-56
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 18 Aug 2023 07:17:40 GMT
server
cloudflare
etag
W/"1f202c52af9cd8821bf95d7725a843b9"
vary
Accept-Encoding
x-goog-hash
crc32c=SszNCw==, md5=HyAsUq+c2IIb+V13JahDuQ==
x-goog-generation
1692343060153123
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yecVENqzT74%2Bn9adZIjDDBg8ZNBdI4oB%2B65ojxNCm147KwYDl0c9B9Mh52kjJNAe0xbgRTshyCODCHwIz7kZCFQiP5Yv%2FSxBOTf5xvGc%2F%2FMfywJXxjKGLxa7ZfJyILmfGfOYkjLOcczK"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
150722
cf-ray
7f8b22190d313665-FRA
expires
Fri, 18 Aug 2023 15:23:40 GMT
hb.php
youradexchange.com/ut/ 		0
403 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://youradexchange.com/ut/hb.php?cb=0.8871040961568903
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/ut.js?cb=1692371944498
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e6::ac40:c209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://paybyplatema.site/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
Content-Type
text/plain; charset=utf-8

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwtgO6RJPN78MB9o9VZ1zsa3pMF4vABOWg9mJcAPg43ukJKfSLg96cuGqbc%2BSA%2BdE5r2DQH8Qv1eFF4k9uIzwROmP%2FE5MxfxEAJd50JLk1mok9SCc9fmObN1YY87KtSxli0B1icTSZbZV%2By7bWGC1xE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
7f8b2219ac911daa-FRA
alt-svc
h3=":443"; ma=86400
sodar
pagead2.googlesyndication.com/pagead/ Frame C42E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230816&jk=835413346290668&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers
push.php
youradexchange.com/script/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://youradexchange.com/script/push.php?r=6713766&ipp=1&mads=1&position=top&czid=dddyue3gxn&aggr=2&atag=1&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&srs=eff6be4355fe2f47b9d96a3f2c349627&chmob=%3F0
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/ippg.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET, POST, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ejjncv9AjDJ9PQ8M%2BX8xwcE7%2F%2FjNJ1%2FdjuQqSfKL96SFkQi37Z7vpAEtRoUpoY08twHjKKuQbCVUBR9CBlcsZX%2B2uKfmQOoKLuSr%2FVEIFRe82CzKHItMcTaasjGReX6VduR7HD%2F0fUQKnU2tzT8yTZE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
7f8b221a2b5b9b8e-FRA
access-control-allow-headers
Content-Type
alt-svc
h3=":443"; ma=86400
suurl4.php
youradexchange.com/script/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://youradexchange.com/script/suurl4.php?r=6713770&chmob=%3F0&atag=1&czid=dddyue3gxn&cbur=0.46432738951989094&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&cbdescription=PaybyPlateMa%20com%20and%20E-ZPass%20is%20smooth%20%26%20easy%20ways%20to%20pay%20tolls%20online%20and%20with%20the%20introduction%20of%20app%20it%20has%20become%20even%20more%20easier.&cbkeywords=&cbcdn=acacdn.com&aggr=2&ts=1692371946623&srs=eff6be4355fe2f47b9d96a3f2c349627
Requested by
Host: acacdn.com
URL: https://acacdn.com/script/suv4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c209 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
via
1.1 google
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
access-control-allow-methods
GET, POST, OPTIONS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WZ6tq6kqMupu45pMeZmMHZawor%2BLSffSvke5bCRlXYhdfSdVVevqEX3XXUBf0ywJsqyo8OPCVIp2QaHgg%2FbEmIpBGGkY6fS9AeVnSKtZLvTbfnwJN99DSfogtWPCTWoZUO5PQqhezrnRv7s5RAHoJ9Y%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
7f8b221a8be89b8e-FRA
access-control-allow-headers
Content-Type
alt-svc
h3=":443"; ma=86400
generate_204
tpc.googlesyndication.com/ Frame E2B1 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?8V030A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Fri, 18 Aug 2023 15:19:06 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230816&jk=835413346290668&bg=!Li2lLXnNAAZGPLJIZjw7ADkAdvg8WrVor70FCaX2ZsgXpfPcOKVZFR_tUhaqgJjqYNpBreJ0N-ph_e82XJsasckAaWmTk3cnJNgCAAAA6FIAAAAIaAEHmQK_ksorN33n1k5u1IKOSa_OZm52RbBy1GTKXekZ9NbEF3xqAHzhDQxXlaslcZ2BrEpDfhC328uQNISCaBMjj5mNBQEKXdMvSWsZBYV8oB8L8UMQPVX4cq6CkYVsqhZuwnMIRNRQJO9iCWTRaLwEyq2QwytZP9Ua0m_fuD5GNeai7-PJjYVxMeOGVSnxPT810EPm9FhrbGpT4aYdUVt0Gd2Pwr6Ay8SNcZQOzjlCXWaeCmaFwEAC6R1l3XVakJ56EW2rHfpBRFqDHAsDECluR6A0H8mU8ooCBPYgGZwPuE_WIZK7W0vNCr_W0I5tK-OTApwjqRv55d2a8_znjH6syuY--Hu4Nn1nxk_AyvL38--C0Mp8wUsai4Uhi0DA5tORj8dFgPCfrNBlXOkX2OcvAmLM0bOZdiNGU-kiFS31v1u-N2-U7PSGbaUxTJnGl1Kv0p_JyscCi_2RU9v-9oWZQFJlZ9ShO5u350cFOUUHuvWUbb80OT1xjbqvO3WIAcIM_Xk2NYdF3VDYwTXtPAHhc6tumJdwtZJBr8hhOKDp2ptqdQ_dGXzLnSGcg-WbvJ-XTD9_-a06KOlG-ICYi5KziKAYvvCKaRcooZrlxgN2xZGEBwVcWGjR3Lq-OkwJTLhF6nLrRYOoDTfqb8B74TAejrhfOgKZNJMseLRe8vm-Ucl4lqViPeR3JvDWBVgEEOcdQlpfuf9gue1iFG36xkZf_qnumfEzcF7FZX7fV3ZYiP1H1k18FgDmBpWYKs5S9UAtJM5Sugtxl4sqWT1HsF-f8NPDNbYQXte2LnY4nRQFgLo5S6b5FsAF2nSxvICdLAy1fan6Sjv5hu6_7oAUs8Y43RNKAVflqF_owIbbH0JguciyBQR1YB7LN-hsGkeXPqZ2_AB82bQ9_Aab2R_5bb8tgDsd8FQbhzS5zFt7cdHEsV9ghg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers
collect
region1.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je38g0&_p=670404005&cid=1627403970.1692371944&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1692371943&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=scroll&epn.percent_scrolled=90&_et=5
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paybyplatema.site/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Aug 2023 15:19:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://paybyplatema.site
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| documentPictureInPicture object| google_tag_manager object| google_tag_data object| dataLayer function| gtag object| gaGlobal object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots number| google_rum_task_id_counter string| google_user_agent_client_hint function| onYouTubeIframeAPIReady function| google_spfd number| google_unique_id object| google_sv_map object| regeneratorRuntime boolean| s2sa818 object| atOptions object| zfgformats function| google_sa_impl boolean| _gfp_p_ number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| sdk boolean| installOnFly boolean| zfgloadedpush boolean| zfgloadedpushopt boolean| zfgloadedpushcode function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| generatepressMenu object| lwptoc object| GoogleGcLKhOms string| rgxngibqxq boolean| user_engagement818 string| utsid-send boolean| s2sg818 boolean| s2ss818 function| s2ss818ff object| google_image_requests

8 Cookies

Domain/Path Name / Value
.paybyplatema.site/ Name: _ga_BR9S49MX8J
Value: GS1.1.1692371943.1.0.1692371943.0.0.0
.paybyplatema.site/ Name: _ga
Value: GA1.1.1627403970.1692371944
.paybyplatema.site/ Name: _ga_PQVTRPL0ST
Value: GS1.1.1692371943.1.0.1692371943.0.0.0
.paybyplatema.site/ Name: _ga_5M4EY5KCMW
Value: GS1.1.1692371944.1.0.1692371944.0.0.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.paybyplatema.site/ Name: __gads
Value: ID=768c07e45e78c360-22c01cfa52de004b:T=1692371944:RT=1692371944:S=ALNI_Ma9y9ZBtiD2CkXCGV1U2_dOd_w63Q
.paybyplatema.site/ Name: __gpi
Value: UID=00000c623c95cb80:T=1692371944:RT=1692371944:S=ALNI_MZQM6gFkYgXWAz0zmv30_OK6AHzPQ
my.rtmark.net/ Name: ID
Value: b57e787ac0094c2da0004a42bb38fc72

29 Console Messages

Source Level URL
Text
javascript warning URL: https://paybyplatema.site/(Line 110)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://paybyplatema.site/(Line 110)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1692350427&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1692371943776&bpp=711&bdt=630&idt=892&shv=r20230816&mjsv=m202308100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=366093801890&frm=20&pv=2&ga_vid=1627403970.1692371944&ga_sid=1692371945&ga_hid=670404005&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31077148%2C44795922&oid=2&pvsid=835413346290668&tmod=1434356357&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=911
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error
Message:
The script does not have a MIME type.
network error URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 8)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acacdn.com
alterassumeaggravate.com
googleads.g.doubleclick.net
my.rtmark.net
pagead2.googlesyndication.com
partner.googleadservices.com
paybyplatema.site
region1.google-analytics.com
tpc.googlesyndication.com
www.google.com
www.googletagmanager.com
yonhelioliskor.com
youradexchange.com
139.45.195.8
139.45.197.251
192.243.59.12
2001:4860:4802:32::36
2606:4700:3030::ac43:b3fd
2606:4700:3033::6815:3d37
2606:4700:3037::6815:1fd7
2606:4700:e6::ac40:c209
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2008
2a00:1450:4001:81c::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2001
2a00:1450:4001:82f::2002
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
14479a98ec305fbd5fb6681cc2e6a69c603249fa7039c1eb31658add354721c0
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26e189f6fa1647e9905eb19cf008d8f4ddbcdfd6b152d800889814e0a6f1d669
344f35f8e4236a7af6a42514e45bc6312ad9dd9df6afab85c2bdc7f6c8af6522
3858813dd061ac7758f0a1bdd40b3cc5f1754a513d26e72ae9a890fd54124c9b
4d0030d908d7afcce1ba3d8bf9aef477620b6d5e5f5bcdde9005116078bcd29e
5147a8231c22904e0b506be9ca95eeb3882f3e85a2c3c213ed28c720d0dd48f5
54e623589f5260a5167aafd289740f8aae40ebe6e0d6afe29d28459edb5a4718
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c81e627add0808c5758a625598828b76b2ce2e6254dcef5dce9327eb9c6ac67
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6d463d228d035d3ad8f2a03c125a95f741960bf46567a8aa6a43678dba5f7859
80884d9db1faf5b80b0c642b7990196ca45342aac604fd91dbbacc2da891ecd2
876efc8c367685d908423bb6b5315b59a3e3125fbc691b62eecf1bd09f1ff008
8f1dd6ebbb5dec91e6869026ca44b38e644eb2970a524a86fea3ac40ea24436d
90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db
9248f5602f140185b4b11ffde8982a2a3886c2f40602c26a7aaeb8bba4806f38
935fae1cffd56fa1fe6986ddd022bad37223439707a9cd90fef15bb0a1411b92
995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac
9d762bf9b75f0e18c8905832ad473b7f8284a452e8f6c0c9a54840d672e9e60d
a56bbb4199232f466109c81aad2004410c5d35567ebb59c1a0aef0f9f79b91dd
a59dabada4fe980793de9c904fee9ed1cdcd5b489623273c4037a9a9df63c11c
a5c546a255f5887ec76c3f3318a2cd4ed716ffd0f262d56ca025892f2568ba21
a7e2195f37f21b45611d802096d8e882a44c55cd571f05bbf7dbeb31bf77378f
ab43713e8d01640060652696ea16c0b7e6fa7ca0476413466a376ab82e58d254
abd0b0f160c09a47e0f8c1b7b21dd90f2be18939234840e561f5edd7e9d42223
b435a3f905db86c316dad7c9a24dc3441188a3f2c1b696768226665950ba88b5
bba45a2a34dd66b659830b7ab68332bee034d5b19e01211d3894ed465d0b1b3e
d399385eae1fd1f16b6bae8005a07e32810decc04b8e9aa3d360c5971c1c2ed2
d669ad3635e3a429325bb14e5acde712f4d70386acd81653665c33a71008a62f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae
f4ff8c2f0224fbe57ab6a069d20da0df8e7c2238cc8268f9f0bb1be2ff98b03b
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881