www.payplus.norahinitiative.com Open in urlscan Pro
23.94.150.194 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.payplus.norahinitiative.com/
Submission: On January 25 via automatic, source certstream-suspicious (January 25th 2021, 10:44:44 pm UTC)

Summary HTTP 47 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 13 IPs in 5 countries across 11 domains to perform 47 HTTP transactions. The main IP is 23.94.150.194, located in United Kingdom and belongs to AS-COLOCROSSING, US. The main domain is www.payplus.norahinitiative.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 24th 2020. Valid for: 3 months.

This is the only time www.payplus.norahinitiative.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	23.94.150.194 23.94.150.194	36352 (AS-COLOCR...) (AS-COLOCROSSING)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2a00:1450:400... 2a00:1450:4001:817::200a	15169 (GOOGLE) (GOOGLE)
1	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
5	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	139.45.196.143 139.45.196.143	9002 (RETN-AS) (RETN-AS)
3	192.243.59.12 192.243.59.12	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
2	139.45.196.67 139.45.196.67	9002 (RETN-AS) (RETN-AS)
1	139.45.196.108 139.45.196.108	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
47	13

17 23.94.150.194 (United Kingdom)

ASN36352 (AS-COLOCROSSING, US)
PTR: wgh22.whogohost.com

www.payplus.norahinitiative.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 139.45.196.143 (Ascension Island)

ASN9002 (RETN-AS, GB)

lolsefti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.243.59.12 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

pl15718160.gatetocontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pl15717396.gatetocontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.196.67 (Ascension Island)

ASN9002 (RETN-AS, GB)

graizoah.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.196.108 (Ascension Island)

ASN9002 (RETN-AS, GB)

onmarshtompor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	norahinitiative.com www.payplus.norahinitiative.com	5 MB
9	lolsefti.com lolsefti.com	68 KB
8	cloudflare.com cdnjs.cloudflare.com	253 KB
3	gatetocontent.com pl15718160.gatetocontent.com pl15717396.gatetocontent.com
3	googleapis.com fonts.googleapis.com	1 KB
2	graizoah.com graizoah.com	24 KB
1	youtube.com www.youtube.com
1	onmarshtompor.com onmarshtompor.com
1	gstatic.com fonts.gstatic.com	10 KB
1	fontawesome.com use.fontawesome.com	14 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	20 KB
47	11

	Domain	Requested by
17	www.payplus.norahinitiative.com	www.payplus.norahinitiative.com
9	lolsefti.com	www.payplus.norahinitiative.com lolsefti.com
8	cdnjs.cloudflare.com	www.payplus.norahinitiative.com cdnjs.cloudflare.com
3	fonts.googleapis.com	www.payplus.norahinitiative.com
2	graizoah.com	www.payplus.norahinitiative.com
2	pl15717396.gatetocontent.com	www.payplus.norahinitiative.com
1	www.youtube.com	www.payplus.norahinitiative.com
1	onmarshtompor.com	graizoah.com
1	fonts.gstatic.com	fonts.googleapis.com
1	pl15718160.gatetocontent.com	www.payplus.norahinitiative.com
1	use.fontawesome.com	www.payplus.norahinitiative.com
1	maxcdn.bootstrapcdn.com	www.payplus.norahinitiative.com
47	12

This site contains links to these domains. Also see Links.

Domain
youtu.be
t.me
chat.whatsapp.com
www.facebook.com

Subject Issuer	Validity	Valid
*.payplus.online Let's Encrypt Authority X3	`2020-11-24` - `2021-02-22`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-21` - `2021-10-20`	a year	crt.sh
lolsefti.com R3	`2020-12-14` - `2021-03-14`	3 months	crt.sh
gatetocontent.com Let's Encrypt Authority X3	`2020-11-27` - `2021-02-25`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
graizoah.com R3	`2020-12-11` - `2021-03-11`	3 months	crt.sh
onmarshtompor.com R3	`2021-01-13` - `2021-04-13`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.payplus.norahinitiative.com/
Frame ID: DBFB4D9875994F0DE9AD142603B5AA4D
Requests: 44 HTTP requests in this frame

Frame: https://onmarshtompor.com/fac.php
Frame ID: E2AA5AEC9DBE2307FEEF8A6E4895964B
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/54zVTpaLuQA
Frame ID: EB8507EA83C6A763B7C3BFFE3EBF914C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

47
Requests

100 %
HTTPS

50 %
IPv6

11
Domains

12
Subdomains

13
IPs

5
Countries

5158 kB
Transfer

5874 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://youtu.be/54zVTpaLuQA
Title: Click here and subscribe to our YouTube channel

Search URL Search Domain Scan URL

URL: http://t.me/PayPluscares

Search URL Search Domain Scan URL

URL: https://chat.whatsapp.com/Li6QLkC5XI8DYYOZzuTLu9

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Payplus-Unlimited-100311681782616/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
www.payplus.norahinitiative.com/ 167 KB
168 KB 336ms
116ms Document
text/html 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache / PHP/7.3.23
Resource Hash: a15417c27856d84babc8937ce24174a24596f5069b25ab6ea23c13096ecdef5e

Request headers

Host: www.payplus.norahinitiative.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Server: Apache
X-Powered-By: PHP/7.3.23
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=b61f9b29325f5f37072836def125bc26; path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
20 KB 30ms
8ms Stylesheet
text/css 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.payplus.norahinitiative.com
Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:34:10 GMT
etag: "1544639650"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 20563

GET
H2 200 css
fonts.googleapis.com/ 365 B
356 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Buda:300

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b69de55b236c7ead680aa5dbe338f970dde6ddd6f99a040702960546b2af09b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 25 Jan 2021 22:44:21 GMT
server: ESF
date: Mon, 25 Jan 2021 22:44:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Jan 2021 22:44:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 1003 B
522 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Bungee

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca841b4162f1bf6d409d333732ac5812a732954ce767472255fefe392b88cc51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 25 Jan 2021 22:33:14 GMT
server: ESF
date: Mon, 25 Jan 2021 22:44:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Jan 2021 22:44:21 GMT

GET
H2 200 css2
fonts.googleapis.com/ 1 KB
517 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:817::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Rowdies:wght@700&display=swap

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

86975dbfdf542dd0df0519d9128201c41bd109b7bfb6fb4e3a42051bf66eea02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 25 Jan 2021 22:44:21 GMT
server: ESF
date: Mon, 25 Jan 2021 22:44:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Jan 2021 22:44:21 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.12.0/css/ 56 KB
14 KB 23ms
21ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.12.0/css/all.css
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: gzip
last-modified: Tue, 10 Dec 2019 22:46:05 GMT
server: NetDNA-cache/2.2
etag: W/"500d1a92f875b1d96d37a3a3f8f0438c"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 19ms
17ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 437757
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5631
cf-request-id: 07dd51423f000097b4b808f000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qLF%2FxsY%2BgpzZUZu2yfsMf9MkTum77tuHV63ID2VEJAC05JyInVhvQUlDzvNBXu5sKW2%2BHFHkaexACV3N2ikfpAoS4yM8b7MDMOZfcOHh%2Bwhnp1bPOCez%2BR2Gxh9ZHSwztA%3D%3D"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b06e6997b4-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H2 200 ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 50 KB
7 KB 15ms
13ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 437788
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6642
cf-request-id: 07dd514240000097b4bc971000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-c854"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BIALiioV%2Bb%2Byu1o5CpMXhhqHmxR8FyUo2N0TxpnlF6mqRI%2BnFnpJYcWHS%2BBjq3c8cbazcqNCFpKn9UgMShpJRYCKmlUbr1cLdnPSKGtJlQwDlUSOHBVMs5P2US92o%2BEfPw%3D%3D"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b06e6a97b4-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H/1.1 200
OK fontawesome5-overrides.min.css
www.payplus.norahinitiative.com/assets/fonts/ 566 B
806 B 307ms
109ms Stylesheet
text/css 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/assets/fonts/fontawesome5-overrides.min.css
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: a9ce56cf7ddd8c6685ef99fd1301b3908f0db32bdc3d4eb6bacdf19fec00e618

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Thu, 23 Jul 2020 19:29:26 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 566

GET
H/1.1 200
OK dashboard.css
www.payplus.norahinitiative.com/assets/css/ 3 KB
3 KB 314ms
106ms Stylesheet
text/css 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/assets/css/dashboard.css
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 23623b2782012dd57ccbd61da612a937fc5d79cee3784f3fa0c9214641480e50

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Thu, 23 Jul 2020 20:02:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 2793

GET
H/1.1 200
OK Footer-Basic.css
www.payplus.norahinitiative.com/assets/css/ 891 B
1 KB 313ms
104ms Stylesheet
text/css 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/assets/css/Footer-Basic.css
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: faf214739e2edb1a820fb049bf67aacfffaf435b12edbc79d92ed8b1390fd8c3

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Thu, 23 Jul 2020 20:02:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 891

GET
H/1.1 200
OK Login-Form-Clean.css
www.payplus.norahinitiative.com/assets/css/ 1 KB
1 KB 315ms
103ms Stylesheet
text/css 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/assets/css/Login-Form-Clean.css
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: ff262c58dd02a1d6eea589754c18d9d68c4b3e88c272d2dbe6cc354ee4658696

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Thu, 23 Jul 2020 20:02:00 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1247

GET
H/1.1 200
OK logo.png
www.payplus.norahinitiative.com/assets/img/ 14 KB
14 KB 362ms
121ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/logo.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 05f25f0dced602e86580202d81438b69a0cecc1af38b2b64d1b039810de6ce09

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Tue, 28 Jul 2020 19:14:05 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 13913

GET
H/1.1 200
OK ntfc.php Show response
lolsefti.com/ 39 KB
11 KB 54ms
19ms Script
application/javascript 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lolsefti.com/ntfc.php?p=3477225
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 008d5a9d53c757fadb7b3858ecdaa1f288bf20f9cb8baddc0a4d7babb2169369

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Dec 2020 13:35:40 GMT
Server: nginx
ETag: W/"5fd2242c-9b9e"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H/1.1 403
Forbidden c9535d4731606bf8c179792181ce23ca.js
pl15718160.gatetocontent.com/c9/53/5d/ 0
0 329ms
121ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl15718160.gatetocontent.com/c9/53/5d/c9535d4731606bf8c179792181ce23ca.js
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 25 Jan 2021 22:44:21 GMT
Server: nginx/1.17.6
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H/1.1 403
Forbidden 41748810c1d7879632a11cd48e797882.js
pl15717396.gatetocontent.com/41/74/88/ 0
0 315ms
108ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl15717396.gatetocontent.com/41/74/88/41748810c1d7879632a11cd48e797882.js
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 25 Jan 2021 22:44:21 GMT
Server: nginx/1.17.6
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H/1.1 200
OK 1597475235FlyerMaker_15082020_075600.png
www.payplus.norahinitiative.com/assets/img/slider/ 677 KB
677 KB 171ms
121ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/slider/1597475235FlyerMaker_15082020_075600.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 34bf20081a48aff1bed95918e03dcd2fb128cc920ac053d3a72092e8efbc5cf9

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Sat, 15 Aug 2020 07:07:15 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 692936

GET
H/1.1 200
OK 1597475494FlyerMaker_21072020_014954.png
www.payplus.norahinitiative.com/assets/img/slider/ 1 MB
1 MB 108ms
108ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/slider/1597475494FlyerMaker_21072020_014954.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 306cac784320d1fbc528f561c64f2de956953c316c1663cd93454daeeeb1934a

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Sat, 15 Aug 2020 07:11:34 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1467946

GET
H/1.1 200
OK 1597488190FlyerMaker_23072020_132333.png
www.payplus.norahinitiative.com/assets/img/slider/ 1 MB
1 MB 106ms
105ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/slider/1597488190FlyerMaker_23072020_132333.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: fb1851ab7a3e05cdc7807eae7fc36b1a46fb078123b1cf3c496ef92d030748e3

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Sat, 15 Aug 2020 10:43:10 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1285620

GET
H/1.1 200
OK 1597488221FlyerMaker_25072020_101833.png
www.payplus.norahinitiative.com/assets/img/slider/ 1 MB
1 MB 105ms
104ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/slider/1597488221FlyerMaker_25072020_101833.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 07943bc54fa73615562b0565be7ebec134c9ac9635ea40f743fde92e1e81e7da

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Sat, 15 Aug 2020 10:43:41 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1104216

GET
H/1.1 200
OK mtn.png
www.payplus.norahinitiative.com/assets/img/ 3 KB
3 KB 104ms
104ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/mtn.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 9d693d9d94579d02a700ee012aee61e6269ebc6ea503edf423a33f024b8c51f9

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Fri, 24 Jul 2020 18:03:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2948

GET
H/1.1 200
OK glo.png
www.payplus.norahinitiative.com/assets/img/ 7 KB
7 KB 107ms
106ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/glo.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 1ed6047e6fd475d04fecefe8fb96e6ec933680b0291073be4bbe02d5b439fda9

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Fri, 24 Jul 2020 18:01:56 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 6744

GET
H/1.1 200
OK airtel.png
www.payplus.norahinitiative.com/assets/img/ 2 KB
2 KB 122ms
122ms Image
image/png 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/airtel.png
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: cdd62f885a73a96d73570b792e7817be8e9c27f6810f473454166649f5ae3f81

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Fri, 24 Jul 2020 18:02:20 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1867

GET
H/1.1 200
OK 9mobile.jpg
www.payplus.norahinitiative.com/assets/img/ 2 KB
2 KB 105ms
104ms Image
image/jpeg 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/9mobile.jpg
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 906aa76783856aa1ac1446c5a54f533c34a3e6db1ab48c19dcf7109c500b96c1

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Fri, 24 Jul 2020 18:02:40 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2276

GET
H/1.1 200
OK services.jpeg
www.payplus.norahinitiative.com/assets/img/ 58 KB
58 KB 132ms
131ms Image
image/jpeg 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/services.jpeg
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 941e35f9d7bf2761bb2c4e744b18f327d6da7b58df7005f35bec7891e38cd658

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Tue, 28 Jul 2020 17:37:57 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 59007

GET
H/1.1 200
OK about.jpeg
www.payplus.norahinitiative.com/assets/img/ 58 KB
58 KB 136ms
135ms Image
image/jpeg 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.payplus.norahinitiative.com/assets/img/about.jpeg
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: 1368181c103fc85d2440d38e348c360fd5b424a6261f629c830483ae95ead555

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Tue, 28 Jul 2020 17:38:02 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 59633

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 19 KB
6 KB 13ms
12ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.payplus.norahinitiative.com
Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2659610
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6157
cf-request-id: 07dd5143040000dfe3433b7000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-4af4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=46Flnimc5vMWETE5Wnyl5xV8sGBPpmJIqgQU5cbiABuCMEXb6RFfTMCGIyaqKxQV4Qi%2FAvlvjLgjUlIcekyiqWUIqftf1twRgnUR%2BVQIT%2BZGESLx9HGYp8okbMcGY84EJA%3D%3D"}],"max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b1adc6dfe3-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 86 KB
27 KB 16ms
15ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 2659610
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27748
cf-request-id: 07dd514306000097b4de160000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15851"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JzW6vrbiV%2BZnQJUXdMEaV3av9gmuVHyEirueoqrbIBmUnrCCLAOul3LpVqrZID8Ptm32nHFmwg%2BwivPgwSrmjrbSu0xcL1%2F4ECt%2FZBxN3rsJpkQAuUYNe1dENhqFNeFEQw%3D%3D"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b1aead97b4-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H2 200 bootstrap.bundle.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/js/ 79 KB
20 KB 22ms
21ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.4.1/js/bootstrap.bundle.min.js

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1041343
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 20039
cf-request-id: 07dd514309000097b4c2148000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04010-13b3a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YMKIpuYNL7OzS4l79YMcm%2F75Qbnf1R30uLb7XZ2z2We5g%2Fb9O%2BdmmorgAKG3RaPZWAh9fdedWydyS3KeNGlq%2Bun0R5QTq5f6Or7HO9Z%2Bln7z79rEjJr1SS9WEAGdQh8YGQ%3D%3D"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b1aeaf97b4-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H2 200 swiper.jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/Swiper/3.3.1/js/ 67 KB
15 KB 17ms
17ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/Swiper/3.3.1/js/swiper.jquery.min.js

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c00bb48a08def03cff2ae8dda410b182f059d4b9d7d81b0e53ab2fec81cb4cce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 878829
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14997
cf-request-id: 07dd514307000097b4d59db000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:02 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03cf2-10c6c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rSkTVv1JM7salCv8%2B4zzsCFp9POBRIiLBTG7lHck1CM3t3u%2B%2FlSAURvibr3QKdXstJNRIQzUMFTF54YQjyOFIXH8ZAJb8UpKaL%2F8ydZwkEEejpehUjly0cx9RxOLvEbtXA%3D%3D"}]}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b1aeb097b4-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H2 200 ptRMTieMYPNBAK219gtm1On4KCFtpe4.woff2
fonts.gstatic.com/s/rowdies/v3/ 10 KB
10 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rowdies/v3/ptRMTieMYPNBAK219gtm1On4KCFtpe4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Rowdies:wght@700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff702eeb3e875ef98146f5e4e5f17882ca9789bfe0d0ce1b45295f5ad747cc9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.payplus.norahinitiative.com
Referer: https://fonts.googleapis.com/css2?family=Rowdies:wght@700&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 23 Jan 2021 06:35:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 21 Jan 2021 05:49:34 GMT
server: sffe
age: 230957
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10392
x-xss-protection: 0
expires: Sun, 23 Jan 2022 06:35:04 GMT

GET
H2 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 17ms
17ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.payplus.norahinitiative.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 15103
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
cf-request-id: 07dd5143910000dfe3433be000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2ZOGHGgYo7oge3O0uJx%2FO7t1Tqsy%2FsrTnHc%2Fb0OSpH2bO3mNqWz7GrSfSNP94jQ1Bhyo5aMynZe4e3oTo73g6HsoxXSmezSQZHdstmojLbgKhTRMS0UkQEbLytiy6DMsEQ%3D%3D"}],"max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b28ed2dfe3-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

GET
H/1.1 200
OK apu.php Show response
graizoah.com/ 3 KB
2 KB 94ms
43ms XHR
application/json 139.45.196.67
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://graizoah.com/apu.php?zoneid=3477445&oo=1

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

139.45.196.67 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

5b5ae5692164f7dee312f83d9d6f3d22785313ec9c9582705cd4d661cf5c8d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 47303d8725a594298493dea9c8e71550
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=1
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *, *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK tag.min.js Show response
graizoah.com/ 81 KB
22 KB 94ms
41ms Script
application/javascript 139.45.196.67
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://graizoah.com/tag.min.js

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

139.45.196.67 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

cf44440b5a5d9f372b338ca5859fa02f7a8997b19bfe709fff0bd40a6d6f7f79

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 21958
X-Trace-Id: 2f340ec0ebf4cd6147d43a0ad2848918
Pragma: no-cache
Last-Modified: Thu, 21 Jan 2021 10:52:27 GMT
Server: nginx
Strict-Transport-Security: max-age=1
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H/1.1 200
OK zone Show response
lolsefti.com/ 686 B
1 KB 23ms
23ms Fetch
application/json 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lolsefti.com/zone?pub=0&zone_id=3477225&is_mobile=false&domain=www.payplus.norahinitiative.com&var=&ymid=&var_3=

Requested by

Host: lolsefti.com
URL: https://lolsefti.com/ntfc.php?p=3477225

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

5ec61302bc9cdefa6b52faac5717d81953362179b8005e43be4e13a5589b7dc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Trace-Id: b34015cd6124e303852f9d6657bb0d9b
Date: Mon, 25 Jan 2021 22:44:21 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 686

GET
H/1.1 200
OK universal.min.js Show response
lolsefti.com/pfe/current/ 188 KB
54 KB 82ms
44ms Fetch
application/javascript 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lolsefti.com/pfe/current/universal.min.js?v=3.1.281
Requested by: Host: lolsefti.com
URL: https://lolsefti.com/ntfc.php?p=3477225
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 6d85189d6bb0bbafeab584b658483689630c0393c3be7f1bae6d2673c0957160

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Dec 2020 13:35:40 GMT
Server: nginx
ETag: W/"5fd2242c-2ef30"
Transfer-Encoding: chunked
Content-Type: application/javascript
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H/1.1 204
No Content fac.php
onmarshtompor.com/ Frame E2AA 0
0 85ms
23ms Document
text/html 139.45.196.108
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://onmarshtompor.com/fac.php

Requested by

Host: graizoah.com
URL: https://graizoah.com/tag.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_128_CBC

Server

139.45.196.108 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Host: onmarshtompor.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.payplus.norahinitiative.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.payplus.norahinitiative.com/

Response headers

Server: nginx
Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Type: text/html; charset=utf8
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Timing-Allow-Origin: * *
X-Trace-Id: a62241fba89be06bcbe5eb11b7854ea2
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET
H/1.1 403
Forbidden 41748810c1d7879632a11cd48e797882.js
pl15717396.gatetocontent.com/41/74/88/ 0
0 113ms
113ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pl15717396.gatetocontent.com/41/74/88/41748810c1d7879632a11cd48e797882.js
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 25 Jan 2021 22:44:21 GMT
Server: nginx/1.17.6
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 0
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

OPTIONS
H/1.1 200
OK custom
lolsefti.com/ Frame 0
0 16ms
15ms Other
text/plain 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lolsefti.com/custom
Protocol: HTTP/1.1
Server: 139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.payplus.norahinitiative.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Mon, 25 Jan 2021 22:44:21 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 86400

POST
H/1.1 200
OK custom Show response
lolsefti.com/ 39 B
506 B 26ms
25ms Fetch
application/json 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lolsefti.com/custom

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: ee1c808c836edf84f998ee91d16b8857
Date: Mon, 25 Jan 2021 22:44:21 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

GET
H/1.1 200
OK sw.js Show response
www.payplus.norahinitiative.com/ 3 KB
3 KB 132ms
104ms Fetch
application/javascript 23.94.150.194
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://www.payplus.norahinitiative.com/sw.js
Requested by: Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 23.94.150.194 , United Kingdom, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: wgh22.whogohost.com
Software: Apache /
Resource Hash: e9fa780a83ce3773cda2ffd08b087d08e8d47e7f4b32d4a6a102fc273a9950dc

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 25 Jan 2021 22:44:21 GMT
Last-Modified: Wed, 29 Jul 2020 08:55:37 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2735

GET
H2 200 54zVTpaLuQA
www.youtube.com/embed/ Frame EB85 0
0 115ms
96ms Document
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/54zVTpaLuQA

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/54zVTpaLuQA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.payplus.norahinitiative.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.payplus.norahinitiative.com/

Response headers

content-encoding: br
strict-transport-security: max-age=31536000
content-length: 20286
cache-control: no-cache
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 27 Apr 1971 19:44:06 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
date: Mon, 25 Jan 2021 22:44:21 GMT
server: YouTube Frontend Proxy
x-xss-protection: 0
set-cookie: VISITOR_INFO1_LIVE=tTtO8ylIqic; path=/; domain=.youtube.com; secure; expires=Sat, 24-Jul-2021 22:44:21 GMT; httponly; samesite=None GPS=1; path=/; domain=.youtube.com; expires=Mon, 25-Jan-2021 23:14:21 GMT VISITOR_INFO1_LIVE=tTtO8ylIqic; path=/; domain=.youtube.com; secure; expires=Sat, 24-Jul-2021 22:44:21 GMT; httponly; samesite=None YSC=mYrzI32zd3s; path=/; domain=.youtube.com; secure; httponly; samesite=None
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 137 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b307c4ae27381c0bc19983833f7bc324bb100468b4f22bdd7594b179c836aa4a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 137 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3bc188ffa450c649d95d661372fddb6bbdf17e7d63578d499ab98b984da8381

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H2 200 ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 184 KB
96 KB 27ms
27ms Font
application/octet-stream 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.payplus.norahinitiative.com
Referer: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 25 Jan 2021 22:44:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1641650
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 97438
cf-request-id: 07dd5144e00000dfe32b8cb000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:20 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ea8-2e05c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8kqQvsajA9U28mv7GWUPBu6xcvcfchP2yEJa8LJ1S2jyz1p0b90aD82X9z7zau%2FxBEhybVaMov8XbMfBvWK3Jz8C3c4d4hvGXUgdlpXIJaQClQxXpi%2BxzU3nfnj5XWvHcw%3D%3D"}],"max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 617584b49987dfe3-FRA
expires: Sat, 15 Jan 2022 22:44:21 GMT

OPTIONS
H/1.1 200
OK custom
lolsefti.com/ Frame 0
0 16ms
16ms Other
text/plain 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lolsefti.com/custom
Protocol: HTTP/1.1
Server: 139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.payplus.norahinitiative.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Mon, 25 Jan 2021 22:44:22 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 86400

POST
H/1.1 200
OK custom Show response
lolsefti.com/ 39 B
506 B 40ms
39ms Fetch
application/json 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lolsefti.com/custom

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: 66cdc9c8286138b34f9927301c23a42f
Date: Mon, 25 Jan 2021 22:44:22 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

OPTIONS
H/1.1 200
OK custom
lolsefti.com/ Frame 0
0 16ms
16ms Other
text/plain 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://lolsefti.com/custom
Protocol: HTTP/1.1
Server: 139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.payplus.norahinitiative.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Mon, 25 Jan 2021 22:44:22 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Access-Control-Max-Age: 86400

POST
H/1.1 200
OK custom Show response
lolsefti.com/ 39 B
506 B 17ms
17ms Fetch
application/json 139.45.196.143
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lolsefti.com/custom

Requested by

Host: www.payplus.norahinitiative.com
URL: https://www.payplus.norahinitiative.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.196.143 , Ascension Island, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payplus.norahinitiative.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

X-Trace-Id: f6b9d983e7766b41bc1beeceb113127d
Date: Mon, 25 Jan 2021 22:44:22 GMT
X-Content-Type-Options: nosniff
Server: nginx
Strict-Transport-Security: max-age=1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.payplus.norahinitiative.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 39

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1970-01-19 19:59:26	Name: VISITOR_INFO1_LIVE Value: tTtO8ylIqic
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: mYrzI32zd3s
www.payplus.norahinitiative.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b61f9b29325f5f37072836def125bc26

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	(Line 1) Message: service worker path (u): /sw.js event domain: https://lolsefti.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
graizoah.com
lolsefti.com
maxcdn.bootstrapcdn.com
onmarshtompor.com
pl15717396.gatetocontent.com
pl15718160.gatetocontent.com
use.fontawesome.com
www.payplus.norahinitiative.com
www.youtube.com
139.45.196.108
139.45.196.143
139.45.196.67
192.243.59.12
2001:4de0:ac19::1:b:2a
23.111.9.35
23.94.150.194
2606:4700::6810:125e
2606:4700::6810:135e
2a00:1450:4001:812::2003
2a00:1450:4001:817::200a
2a00:1450:4001:828::200e
008d5a9d53c757fadb7b3858ecdaa1f288bf20f9cb8baddc0a4d7babb2169369
05f25f0dced602e86580202d81438b69a0cecc1af38b2b64d1b039810de6ce09
07943bc54fa73615562b0565be7ebec134c9ac9635ea40f743fde92e1e81e7da
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1368181c103fc85d2440d38e348c360fd5b424a6261f629c830483ae95ead555
1ed6047e6fd475d04fecefe8fb96e6ec933680b0291073be4bbe02d5b439fda9
23623b2782012dd57ccbd61da612a937fc5d79cee3784f3fa0c9214641480e50
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
306cac784320d1fbc528f561c64f2de956953c316c1663cd93454daeeeb1934a
34bf20081a48aff1bed95918e03dcd2fb128cc920ac053d3a72092e8efbc5cf9
394156ee114ed3faf968419340ecfd17f69740eb7e4f0a88d59e1f6d5bf0c34e
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
5b5ae5692164f7dee312f83d9d6f3d22785313ec9c9582705cd4d661cf5c8d74
5ec61302bc9cdefa6b52faac5717d81953362179b8005e43be4e13a5589b7dc4
6d85189d6bb0bbafeab584b658483689630c0393c3be7f1bae6d2673c0957160
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
86975dbfdf542dd0df0519d9128201c41bd109b7bfb6fb4e3a42051bf66eea02
906aa76783856aa1ac1446c5a54f533c34a3e6db1ab48c19dcf7109c500b96c1
941e35f9d7bf2761bb2c4e744b18f327d6da7b58df7005f35bec7891e38cd658
9d693d9d94579d02a700ee012aee61e6269ebc6ea503edf423a33f024b8c51f9
a15417c27856d84babc8937ce24174a24596f5069b25ab6ea23c13096ecdef5e
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
a9ce56cf7ddd8c6685ef99fd1301b3908f0db32bdc3d4eb6bacdf19fec00e618
b307c4ae27381c0bc19983833f7bc324bb100468b4f22bdd7594b179c836aa4a
b3bc188ffa450c649d95d661372fddb6bbdf17e7d63578d499ab98b984da8381
b69de55b236c7ead680aa5dbe338f970dde6ddd6f99a040702960546b2af09b2
c00bb48a08def03cff2ae8dda410b182f059d4b9d7d81b0e53ab2fec81cb4cce
c9b46437d7418e1712daaad6d73fa17c2c6afb5681770c90339c25428415b7fd
ca841b4162f1bf6d409d333732ac5812a732954ce767472255fefe392b88cc51
cdd62f885a73a96d73570b792e7817be8e9c27f6810f473454166649f5ae3f81
cf44440b5a5d9f372b338ca5859fa02f7a8997b19bfe709fff0bd40a6d6f7f79
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e9fa780a83ce3773cda2ffd08b087d08e8d47e7f4b32d4a6a102fc273a9950dc
faf214739e2edb1a820fb049bf67aacfffaf435b12edbc79d92ed8b1390fd8c3
fb1851ab7a3e05cdc7807eae7fc36b1a46fb078123b1cf3c496ef92d030748e3
ff262c58dd02a1d6eea589754c18d9d68c4b3e88c272d2dbe6cc354ee4658696
ff702eeb3e875ef98146f5e4e5f17882ca9789bfe0d0ce1b45295f5ad747cc9c
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

www.payplus.norahinitiative.com Open in urlscan Pro 23.94.150.194 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

47 Requests

100 %HTTPS

50 %IPv6

11 Domains

12 Subdomains

13 IPs

5 Countries

5158 kBTransfer

5874 kBSize

3 Cookies

4 Outgoing links

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.payplus.norahinitiative.com Open in urlscan Pro
23.94.150.194 Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

100 %
HTTPS

50 %
IPv6

11
Domains

12
Subdomains

13
IPs

5
Countries

5158 kB
Transfer

5874 kB
Size

3
Cookies

47 HTTP transactions
2 data transactions