paybyplatema.site Open in urlscan Pro
2606:4700:3030::ac43:b3fd Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paybyplatema.site/
Effective URL:
https://paybyplatema.site/
Submission: On November 01 via manual (November 1st 2023, 10:13:54 pm UTC) from US — Scanned from DE

Summary HTTP 59 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 59 HTTP transactions. The main IP is 2606:4700:3030::ac43:b3fd, located in United States and belongs to CLOUDFLARENET, US. The main domain is paybyplatema.site.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 10th 2023. Valid for: a year.

This is the only time paybyplatema.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:1fd7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	2606:4700:303... 2606:4700:3030::ac43:b3fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
7	192.243.61.227 192.243.61.227	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
4	2606:4700:303... 2606:4700:3030::6815:30d3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
4	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
5	2606:4700:e4:... 2606:4700:e4::ac40:ab13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
59	13

1 2606:4700:3037::6815:1fd7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:3030::ac43:b3fd (United States)

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.243.61.227 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

alterassumeaggravate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3030::6815:30d3 (United States)

ASN13335 (CLOUDFLARENET, US)

acacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

yonhelioliskor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e4::ac40:ab13 (United States)

ASN13335 (CLOUDFLARENET, US)

youradexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	yonhelioliskor.com yonhelioliskor.com — Cisco Umbrella Rank: 605280	41 KB
10	paybyplatema.site 1 redirects paybyplatema.site	98 KB
9	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	224 KB
7	alterassumeaggravate.com alterassumeaggravate.com — Cisco Umbrella Rank: 795106
5	youradexchange.com youradexchange.com — Cisco Umbrella Rank: 26862	2 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	397 KB
4	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2462	334 B
4	acacdn.com acacdn.com — Cisco Umbrella Rank: 113725	160 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	5 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1181	609 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11206	545 B
59	12

	Domain	Requested by
11	yonhelioliskor.com	paybyplatema.site yonhelioliskor.com
10	paybyplatema.site	1 redirects paybyplatema.site
7	alterassumeaggravate.com	paybyplatema.site
6	pagead2.googlesyndication.com	paybyplatema.site pagead2.googlesyndication.com tpc.googlesyndication.com
5	youradexchange.com	acacdn.com
5	www.googletagmanager.com	paybyplatema.site www.googletagmanager.com
4	region1.google-analytics.com	www.googletagmanager.com
4	acacdn.com	paybyplatema.site acacdn.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	www.google.com	tpc.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	my.rtmark.net	paybyplatema.site
59	13

This site contains links to these domains. Also see Links.

Domain
generatepress.com
youradexchange.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-10` - `2024-02-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
alterassumeaggravate.com R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
acacdn.com GTS CA 1P5	`2023-09-08` - `2023-12-07`	3 months	crt.sh
yonhelioliskor.com R3	`2023-09-03` - `2023-12-02`	3 months	crt.sh
youradexchange.com GTS CA 1P5	`2023-10-17` - `2024-01-15`	3 months	crt.sh
rtmark.net R3	`2023-10-07` - `2024-01-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-16` - `2024-01-08`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://paybyplatema.site/
Frame ID: B83463339C68E861C563EAE9ADB7AEB5
Requests: 48 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231031/r20190131/zrt_lookup.html
Frame ID: 8DB4C6F4DBEF693381ECA4BA0BE9D24F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1698872787&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698876828174&bpp=4&bdt=1644&idt=390&shv=r20231031&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=982130696513&frm=20&pv=2&ga_vid=1785906443.1698876828&ga_sid=1698876829&ga_hid=895399549&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079193%2C44798934%2C44801485%2C44805934%2C44807047%2C44807334%2C44807406%2C44807454%2C31078297%2C31079155&oid=2&pvsid=240088827382533&tmod=1927177256&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=421
Frame ID: 8E7E518B41F91BE7C785233DFBC75D5D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 460B348708D60C92092B822F860E55A8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8E0EBBF34C60E25FF9E9AB0DBC839226
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayByPlateMa com Pay Online Toll Bills in Massachusetts

Page URL History Show full URLs

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

59
Requests

100 %
HTTPS

79 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

929 kB
Transfer

2658 kB
Size

8
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://generatepress.com/
Title: GeneratePress

Search URL Search Domain Scan URL

URL: https://youradexchange.com/ad/visit.php?al=1

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

59 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
paybyplatema.site/
Redirect Chain

http://paybyplatema.site/
https://paybyplatema.site/

92 KB
21 KB

419ms
385ms

Document
text/html

2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e36875fb48a3daa4f4790c277314140cd3a36a111df0494636b22eff45622a43

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 81f77ca109bab75e-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 01 Nov 2023 22:13:46 GMT
expires: Wed, 01 Nov 2023 22:13:45 GMT
last-modified: Wed, 01 Nov 2023 21:06:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9f3ZmIGI5OhwN02eim3Pbi8MASoeS%2FpWywsF2RHmiriUTFbQG8vdoeIHAqeyZaj17MjtpNy4mzZKSzRdSeOt10KsrZoIbuQZkJG2FMphEpBA6DI7XWMReUvPvENruT7grT62m5VNY0%2Fp73c2He4p7w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding

Redirect headers

CF-RAY: 81f77ca09addbf67-WAW
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 01 Nov 2023 22:13:45 GMT
Expires: Wed, 01 Nov 2023 23:13:45 GMT
Location: https://paybyplatema.site/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQC5UubO6fIhNSsx9SW9DK05ZyAh5yDRBh6s4Uo6ktpBNeWyggYpS6xfYTdkcSG%2Ft0QhbHyL%2BaZEOtOfFUxwULKRUjmVT07ivZW8Q9E2DZ0fIsLfNJu5z14Jm9JxUwTKCmpv1v%2FR3eRAPEHU1NaG9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 0b3b72069a7bd8c745a15fb715254956.css
paybyplatema.site/wp-content/cache/min/1/ 136 KB
19 KB 418ms
416ms Stylesheet
text/css 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/cache/min/1/0b3b72069a7bd8c745a15fb715254956.css
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17e961d6033939b2efd42cebc0cfd8073230a4b4c1f44aeaec8d109e1194d6ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:55:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ARgtiwz43B9Lekip8bzbtA%2Be8PpFvk8%2Fxrf8xvbtY5Cd9l%2BTvxrMJXVGCw00PEQVwd7gGUy01FdMWjwbthPGbu8mc868DrSwz6DnX0ief7VN4MIece47zHM1s1nBj8knyYUqeEPUwe1elsVu3h7fDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
cf-ray: 81f77ca5ed7fb75e-AMS
alt-svc: h3=":443"; ma=86400
content-length: 19552
expires: Sat, 26 Oct 2024 12:32:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
74 KB 966ms
843ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b16af4257036d492b5143a944862f47a99a050d28d0f6388bcc959af194c69b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75019
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 22:13:46 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 223ms
107ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60d6f10daa1ba504958a59c7ea6aa50bc2e4b41bb31c74dec80701e0ed175d29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Origin: https://paybyplatema.site
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51876
x-xss-protection: 0
server: cafe
etag: 1035887697704991857
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 22:13:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
89 KB 102ms
100ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b9a874bcab7c9619b02d969e247cfe1c16dc42f6a75777eed49208c9b0930b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 22:13:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 186 KB
67 KB 73ms
72ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-256309008-1

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f2bb3fdf147ade4bf1f857841bfa72a20eff4d2dc9c4e9da98c5ff71a7bfc57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68949
x-xss-protection: 0
last-modified: Wed, 01 Nov 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Nov 2023 22:13:47 GMT

GET
H/1.1 403
Forbidden b233f1a8a86af17492dd04a1da354e1e.js
alterassumeaggravate.com/b2/33/f1/ 0
0 1308ms
120ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/b2/33/f1/b233f1a8a86af17492dd04a1da354e1e.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date: Wed, 01 Nov 2023 22:13:47 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 atg.js Show response
acacdn.com/script/ 192 KB
59 KB 118ms
45ms Script
application/javascript 2606:4700:3030::6815:30d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/atg.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:30d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e22a3779eda554a62997698c1ff25a7512228dadd256f04433ee2e1469cdf6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 173
x-guploader-uploadid: ABPtcPpE8ejUFGwPjgUR-0gbnwFYljs3-uGQr8JSgyJg7W4mwNw67ThbJhe40gqQFPkV4Ov3lgnxJbsWxVnCJuNtkNJ4ZA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 25 Oct 2023 12:35:09 GMT
server: cloudflare
etag: W/"2720cdb9c1844821c6800954f07ce6fd"
vary: Accept-Encoding
x-goog-hash: crc32c=P6pq1Q==, md5=JyDNucGESCHGgAlU8Hzm/Q==
x-goog-generation: 1698237309641451
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKRZoBVi7ZS7Bsq9eKN%2BUoMiDT0I27B4bsCIAJR1iRGZxuNJOsqKeD5IfnHVH%2FqmwG7MEGeik%2BWEFeOwVpSHHAjlFdhmedKEYAtcJ%2Fx9GKC6piLuiX90OaUDZKTJGLfEfDQF0ssrFH9i"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 196479
cf-ray: 81f77ca66d5a3530-WAW
expires: Wed, 01 Nov 2023 22:30:22 GMT

GET
H2 200 tag.min.js Show response
yonhelioliskor.com/pfe/current/ 13 KB
6 KB 54ms
12ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 4d2df9add43e1a637b598665758c91f03e692a8572001a2974fe349e1a276130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: gzip
last-modified: Wed, 01 Nov 2023 09:39:49 GMT
server: nginx
etag: W/"65421ce5-33d2"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 paybyplatema.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 21 KB
21 KB 427ms
427ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/paybyplatema.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fea20f71235ee7955f3fd0ca12ad15499e92e50a847527c41db626fec1ee0fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:38:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hOAxDfUG%2B0fJMIiGcfK5BABoqHNj2iQTDLGqOTQ7MxTsaTEvfCoX9EtniCSJSSNCqjzl%2Bpqf6LjifKD8%2FDzx7dtVhW5EBwkqUihAxVXMX%2Fjz7kdjZCINTuXI0cVKD0pu%2BRg8zEubgia%2BnCSOMuHApQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000,public
accept-ranges: bytes
cf-ray: 81f77ca5ed80b75e-AMS
alt-svc: h3=":443"; ma=86400
content-length: 21239
expires: Sat, 24 Feb 2024 12:32:37 GMT

GET
H2 200 PaybyPlateMa-password-reset.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 12 KB
13 KB 130ms
129ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/PaybyPlateMa-password-reset.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2BsFscaEr0c6IH9GQc2%2BaP424092aKkRpl3q0atrd7YwKrMVQb1XI4C0fahKOL%2BoablEgewOfxoNEONxs83lttucR62%2FlrWOdNDSFLbY6w6LWx8jNYOQDjF9WaeRAZmoMY7OQa%2FZJzmNk2OjtnCGJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000,public
accept-ranges: bytes
cf-ray: 81f77ca5ed81b75e-AMS
alt-svc: h3=":443"; ma=86400
content-length: 12634
expires: Sat, 24 Feb 2024 12:32:37 GMT

GET
H2 200 PaybyPlateMa-password-reset-1.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 12 KB
13 KB 443ms
442ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/PaybyPlateMa-password-reset-1.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:42:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r8M6b2wX1KNyzu8%2FBAfILknnWx5RadD3eWp%2FwtmiU6q1x0gyVf087tTdq3GUnK7Q%2FgNP6GcDB%2BEV6vMNEUF8C55k4pG%2FsVoP3PM8SjiahXWlpic1SbpuOcPtmQWcZCzYeBaYVymsfUPz%2BmADkQg22A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000,public
accept-ranges: bytes
cf-ray: 81f77ca5ed82b75e-AMS
alt-svc: h3=":443"; ma=86400
content-length: 12634
expires: Thu, 29 Feb 2024 21:47:10 GMT

GET
H3 200 email-decode.min.js Show response
paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 17ms
17ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 24 Oct 2023 17:54:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"653804c3-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2yyyXErKrT316LJbn1RLFskSzTQEzlFOVX6o1fJdm5LhO8jlelkODAYclHW2OHoIp%2BhamkIbu94rIdo2O0R88eDK6XJqrcWXSXGNLTHj4aedaczMAmBHn6ta3FnGq0OI3TRnn%2BLDE4PLhCNa93eQrw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 81f77ca6bff8b760-AMS
expires: Fri, 03 Nov 2023 22:13:46 GMT

GET
H3 200 menu.min.js Show response
paybyplatema.site/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 143ms
142ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.3.1
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Mar 2023 16:14:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mBmoW%2B%2BeaKTTQE%2FsuMQ2W5PevA54V%2Fbynq1%2FyGse%2FPs2Qnu3cDlUeQT%2Bt1uLW1IFOqZ9E9FQfoFpRPACzbHz%2FbXokPT5waZSeRG9HwN%2BESQZ5DlB%2FHlsIN68YGVtX4NiEil4Br%2FqbtYjzA3JXhQe2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
cf-ray: 81f77ca6d822b760-AMS
alt-svc: h3=":443"; ma=86400
content-length: 1535
expires: Sat, 26 Oct 2024 12:32:37 GMT

GET
H3 200 main.min.js Show response
paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/ 4 KB
2 KB 21ms
21ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/main.min.js?ver=2.1.4
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57417
alt-svc: h3=":443"; ma=86400
content-length: 1333
last-modified: Fri, 14 Oct 2022 08:55:18 GMT
server: cloudflare
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cxNg1%2FRAnuMiZsK8dDQJy38I8ysZGaB3wkzRk%2FO9i9IHCQxlmIQO97zXZZ9cQolqWmnfuULNJQhA7LK8L2wM3sZHofJHmfGMSERNRNomBKO9l0dEW8pJsKR%2BcpzbXPQstRljXHUMdLzOkP2cw1HjTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000,public
accept-ranges: bytes
cf-ray: 81f77ca7c8afb760-AMS
expires: Sat, 26 Oct 2024 12:32:37 GMT

GET
H/1.1 403
Forbidden 103f872def2557028e4aca50c4daff0f.js
alterassumeaggravate.com/10/3f/87/ 0
0 862ms
99ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:47 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 100ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BR9S49MX8J&gtm=45je3au1v895380464&_p=895399549&gcd=11l1l1l1l1&cid=1785906443.1698876828&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698876827&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:47 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
89 KB 108ms
108ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a1b234db870be30a18fec1de2b258ce797c95d865ea1cfe3d066127bff8ff6f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91244
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 22:13:47 GMT

GET
H2 200 czcf.php Show response
youradexchange.com/ad/ 204 B
665 B 409ms
358ms Fetch
text/html 2606:4700:e4::ac40:ab13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ad/czcf.php?cz=dddyue3gxn&chmob=%3F0
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CY37oemvCq999hRwOi4u1x%2BUhPnsKo0lDdTF%2FCN%2FqB7yPiB%2FtYSprU0f9WunjoesxFVoAG1S9uFm%2FYFWZlxmk15ZYoR9fyuV6hOnw%2BA4B7q%2F2jfbDnclmjQEoLi1S4CHQvNMFaYLHSvNhrqDaxi158Y%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: text/html; charset=utf-8
cf-ray: 81f77caeaccc0e87-AMS
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 0
0 99ms
98ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:47 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 zone Show response
yonhelioliskor.com/ 887 B
1 KB 13ms
12ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/zone?pub=0&zone_id=5907218&is_mobile=false&domain=paybyplatema.site&var=&ymid=&var_3=&tg=0

Requested by

Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d49c3e35a17b982ce4158dbce1c23fdf3eee9a27228833d0f14f4bd675d181fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

x-trace-id: 5211bc75557bf64884ff9b34841f07b0
date: Wed, 01 Nov 2023 22:13:47 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 887

GET
H2 200 universal.min.js Show response
yonhelioliskor.com/pfe/current/ 86 KB
33 KB 37ms
12ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/universal.min.js?v=3.1.470
Requested by: Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 50353fd7011e167c9f518054f1221ca8ce0ee34f7f759c3fce002194b70f893f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:47 GMT
content-encoding: gzip
last-modified: Wed, 01 Nov 2023 09:39:49 GMT
server: nginx
etag: W/"65421ce5-1572c"
content-type: application/javascript
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache
access-control-allow-credentials: true

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 99ms
98ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:48 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

OPTIONS
H2 200 custom
yonhelioliskor.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 01 Nov 2023 22:13:48 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 13ms
13ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 1a99cda083dea88eea2a03193f4ed447
date: Wed, 01 Nov 2023 22:13:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H3 200 Code%20file Show response
paybyplatema.site/ 5 KB
6 KB 285ms
284ms Fetch 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/Code%20file
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 28 Apr 2023 20:57:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1N0HAp4gYaR%2F3tAjV%2B2ohiHO4LhQapkbU5CqGZFfJY27HQI0u3PNgdbKUoy8x5Wb%2BMrGhipuWTkOQXeJ0NvVwcMT02LvX9WDxu7MLRNVg93m5KwmnGDG7lJijqnZlyVDJI9rqcYCSZ8nKa8McXCk4w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 81f77caf2cd0b760-AMS
alt-svc: h3=":443"; ma=86400
content-length: 5242
expires: Fri, 01 Dec 2023 22:13:48 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 216 KB
77 KB 70ms
70ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-256309008-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9e53a945de001e16b8bccb12d39002b213153be72ba11bd86ef98c8b5bf19904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 01 Nov 2023 22:13:48 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 37ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je3au1v9101556420&_p=895399549&gcd=11l1l1l1l1&cid=1785906443.1698876828&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698876828&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 99ms
98ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:48 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/ 398 KB
135 KB 224ms
115ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5820665ab57fa5c082528eac11d498fc44b8caafbfaad93bbb4ff80acd27623

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138074
x-xss-protection: 0
server: cafe
etag: 15963719046878232666
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Nov 2023 22:13:48 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20231031/r20190131/ Frame 8DB4 10 KB
5 KB 183ms
54ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231031/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 28850
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4502
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 14:12:58 GMT
etag: 251720774729838433
expires: Wed, 15 Nov 2023 14:12:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 36ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5M4EY5KCMW&gtm=45je3au1v9111444929&_p=895399549&gcd=11l1l1l1l1&cid=1785906443.1698876828&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1698876828&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 100ms
99ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:48 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H3 204 display.php Show response
youradexchange.com/n/ 0
474 B 180ms
139ms Script
text/plain 2606:4700:e4::ac40:ab13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/n/display.php?r=6713762&atag=1&aggr=2&czid=dddyue3gxn&ppv=1&srs=aab6e8fd758e7340541923c1eb563b17
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3r%2B%2FPCCUs0VMsDG7qK7%2B6QoB3vZuJTPHFzW6QVmDyO%2FWbjfYybnmpsjLdxgKcEziVGTrWR4DEp%2FYLXuhDX7wpJK0THaP4QiZYJLk8yTdarzsxlamW1RVoG%2B07i95oIeKakeVZMsxCMC1gfJdEci7uec%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 81f77cb128d20ba8-AMS
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H2 200 ippg.js Show response
acacdn.com/script/ 122 KB
41 KB 49ms
46ms Script
application/javascript 2606:4700:3030::6815:30d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/ippg.js
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:30d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c18c2d9f5f5ba0b76470e6dfe9a8d8cf75fda9d232c8a46d21abbef7e132fc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 887
x-guploader-uploadid: ABPtcPp1oRBVrp8B44BGtIWzL-IqFfcraEp8xfG9OucKoeVRtQroGUoo0fQIgFbHvLen4b14HLPa_eM2jI86_xQ1X4E9bM859c4f
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 25 Oct 2023 12:39:10 GMT
server: cloudflare
etag: W/"da64042e7ab2b1799f0cf8881bffaeb3"
vary: Accept-Encoding
x-goog-hash: crc32c=20gkPA==, md5=2mQELnqysXmfDPiIG/+usw==
x-goog-generation: 1698237550361305
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vgejs4r9cy%2BSH4MtVtJu4%2FQtnunFmHkL6wlLBb6yfWvvRd0OdsMRRe4aOyr0lvxSRQ8gsSwtYxdMz4LSyRHoJ4NWUsaCL67uH8uTx9ZA9TrE80N2ykXrKlnJeOklGiuhr1XekCVFzAzS"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 125154
cf-ray: 81f77cb10a103530-WAW
expires: Wed, 01 Nov 2023 22:32:55 GMT

GET
H2 200 suv5.js Show response
acacdn.com/script/ 95 KB
32 KB 40ms
38ms Script
application/javascript 2606:4700:3030::6815:30d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/suv5.js
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:30d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d681c352fabc13437dce30e2d5ad2f2766027f73e23d3d6fd17895f1e533872d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1271
x-guploader-uploadid: ABPtcPrA4fCG-rtFGnD7957vYoT7zJqcnRwSoEog_bdxzSCfHAP_OHWp-WzULBlxzMpMV0TduJumjftrr10NAffJ2tQU03KAzYB2
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 25 Oct 2023 12:43:53 GMT
server: cloudflare
etag: W/"a41871ae92f846dcf69b56e6dd09b971"
vary: Accept-Encoding
x-goog-hash: crc32c=BkRHLA==, md5=pBhxrpL4Rtz2m1bm3Qm5cQ==
x-goog-generation: 1698237832907080
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88vRckMXHZ5OxzoScU3YZ0MVh4v9CrKNH%2Fl%2BeKTlH3ByLBJe%2F1iGyLMT%2FoKKKtDEeKz6YgG10dkRivIcTEnK4pQm4hpZ6ZuNblhxmCgWZ5g%2FFP7nnyHgW6QrpCCAUBPRRbgtPhkJC6WC"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 97496
cf-ray: 81f77cb10a113530-WAW
expires: Wed, 01 Nov 2023 22:18:08 GMT

OPTIONS
H2 200 custom
yonhelioliskor.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 01 Nov 2023 22:13:48 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 12ms
12ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: ab71ada4fc5e218ebbd456c7a6a2496e
date: Wed, 01 Nov 2023 22:13:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 63ms
16ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=b7c5f54af3744ed782cfebcf221110b6&zoneId=5907218&checkDuplicate=true&ymid=&var=

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1e5025a92878aeb0dfaf31d1b40fd80ef769c367f34fdf6620227704b73c8278

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 0
0 98ms
97ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 01 Nov 2023 22:13:48 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 401 B
609 B 346ms
62ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=paybyplatema.site&callback=_gfp_s_&client=ca-pub-4969693136336878

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202310260102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9fda9ca1f54a4868de7bad9dbcfce8eac37a855091abca28f4dcd13a084329b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8E7E 603 B
218 B 208ms
207ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1698872787&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698876828174&bpp=4&bdt=1644&idt=390&shv=r20231031&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=982130696513&frm=20&pv=2&ga_vid=1785906443.1698876828&ga_sid=1698876829&ga_hid=895399549&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079193%2C44798934%2C44801485%2C44805934%2C44807047%2C44807334%2C44807406%2C44807454%2C31078297%2C31079155&oid=2&pvsid=240088827382533&tmod=1927177256&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=421

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 22:13:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 event
yonhelioliskor.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 01 Nov 2023 22:13:48 GMT
server: nginx

POST
H2 200 event Show response
yonhelioliskor.com/ 94 B
354 B 14ms
14ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/event

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e2e1ff11f9ea4012f2db134fc42d692238f339b01d4ae386c08edd960a34a1f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 94

GET
H2 204 suurl5.php
youradexchange.com/script/ 0
0 134ms
133ms Fetch 2606:4700:e4::ac40:ab13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/suurl5.php?r=6713770&chmob=%3F0&cbur=0.2643723849886923&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&cbdescription=PaybyPlateMa%20com%20and%20E-ZPass%20is%20smooth%20%26%20easy%20ways%20to%20pay%20tolls%20online%20and%20with%20the%20introduction%20of%20app%20it%20has%20become%20even%20more%20easier.&cbkeywords=&cbcdn=acacdn.com&ts=1698876828609&srs=aab6e8fd758e7340541923c1eb563b17&atv=37.3-sw-atgv2&atag=1&aggr=2&czid=dddyue3gxn
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/suv5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2FaanvYmWdCNFikzZ5mNkEh5SjJ3tLt2TAs7ldiCqFhAz5zRNATXpOypoI01kqiPJqXVmkDbOlpi3GBTEsa2tByA%2BcGwEz%2BTvve7TaY6Yj5hvb6VPuzxXU%2Bo5xkSCPEi0eqsR8R0sr63d9sBlxzLC8I%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 81f77cb2da400e87-AMS
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H2 204 push.php
youradexchange.com/script/ 0
0 128ms
127ms Fetch 2606:4700:e4::ac40:ab13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/push.php?r=6713766&ipp=1&mads=1&position=top&czid=dddyue3gxn&aggr=2&atag=1&atv=37.3-sw-atgv2&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&srs=aab6e8fd758e7340541923c1eb563b17&chmob=%3F0
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/ippg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uw2Dkh2SSIOW3jmQxMyyyMr4zM9UIMkzPDN%2BFp1MWjk4bNdtRmazoOr0hi2gqERKwMrzmeR5WywYsK%2Bx2KlsQKVUN6yUE1DNDYHmQcUyaBLW0LcPY7vMztDgG16pkBfTDMju9XmLEzxgENv%2Bu1P%2BcnA%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 81f77cb2da440e87-AMS
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

OPTIONS
H2 200 custom
yonhelioliskor.com/ Frame 0
0 12ms
12ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 01 Nov 2023 22:13:48 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 12ms
12ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 99cbb91bfae583eff8bad13370ffb280
date: Wed, 01 Nov 2023 22:13:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 102ms
101ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231031&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

009654dc2a20620ac27633d0a3d0e6396f2b6b687fa81573c3bb091bdbff51bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12244
x-xss-protection: 0

GET
H3 200 ut.js Show response
acacdn.com/script/ 80 KB
29 KB 18ms
17ms Script
application/javascript 2606:4700:3030::6815:30d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/ut.js?cb=1698876829011
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:30d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dcc76edeafdee6d9f51e0bfb3c1f67f4a93221ca5dc98d7e7155fdd90799f39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:49 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18
x-guploader-uploadid: ADPycdvIfnlGVBR3R6XibxLFzJqE9d8g8815zbLGXa9TVnAn40DE8P-D4VJAjB0MoIUS69DKoNUf48cnwRoj5dke-JibWs3kMQOn
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 09 Oct 2023 10:07:02 GMT
server: cloudflare
etag: W/"05e67634907bf37307f1a50ea4b42cca"
vary: Accept-Encoding
x-goog-hash: crc32c=b724KA==, md5=BeZ2NJB783MH8aUOpLQsyg==
x-goog-generation: 1696846022267412
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPxulnj%2BrmScr8pJKIgxVzhlw08RB17YkIxm5Cn%2F%2FjSa5wU1bjqEXSATvvxuYziguWodRQCictH4oL4I7ZRu7%2Fg3%2BU7wM6CM4%2B74m29e8njpNqA1TXu9rleH9yVwH8RLotEOf94oEJgY"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 82120
cf-ray: 81f77cb559da9208-FRA
expires: Wed, 01 Nov 2023 23:00:54 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 208ms
61ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Nov 2023 22:13:49 GMT

POST
H3 204 hb.php
youradexchange.com/ut/ 0
401 B 136ms
136ms Ping
text/plain 2606:4700:e4::ac40:ab13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ut/hb.php?cb=0.24453635498618365
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/ut.js?cb=1698876829011
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Wed, 01 Nov 2023 22:13:49 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lc8lfSGHed6CD5X5pmRQv4vXOpmZ2Rv6QogeunaYWmo7cxYAMzv4ViajyRtDY39QOobXHoCOomfyv%2BLExlKHrOyBZNojUB0rbOcD44DmZSbRlZLARqlfhmk5wCDZZ08yIbzF0tWZ9IDMGeuMBMCKNTE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 81f77cb5ae4d0ba8-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 460B 13 KB
5 KB 55ms
53ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6715
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 20:21:54 GMT
expires: Thu, 31 Oct 2024 20:21:54 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8E0E 829 B
1 KB 191ms
73ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

89dd81cb4b80d20fc5a48a73d01a4ef4620beebce7378a8ad123cd236f365ee4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--PSqvYFH-7X9Jmdk3DMsQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce--PSqvYFH-7X9Jmdk3DMsQA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 01 Nov 2023 22:13:49 GMT
expires: Wed, 01 Nov 2023 22:13:49 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js Show response
pagead2.googlesyndication.com/bg/ Frame 460B 38 KB
15 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 20:21:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15010
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 31 Oct 2024 20:21:54 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8E0E 0
0 88ms
87ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231031&jk=240088827382533&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 460B 0
10 B 54ms
54ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?anvggA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date: Wed, 01 Nov 2023 22:13:49 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 91ms
90ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231031&jk=240088827382533&bg=!0NOl05zNAAbo5yKYyOc7ADQBe5WfOGwoFF1AoxH9kZa4IF_9qnXRGyosLqztaB9pkiDqVH6W_y2588qJxRKHhRoh38rgAgAAAGdSAAAADGgBB5kCun54WjrhG6mjq9bDJgip6cd6xaFTgEuDIiVax5mAJPzIO5gQT-PV4TbjdDCAK2xUep9FeIcPJDYbjapXQ5xf7SNap2Q1CFxcwXTeFDBNEAH-_-86UegsfJWsdiain3tdXyw_ucK_VwZNt0Z3nqRJaKLICqKCBdcuLd7vksANSNI1LS-0Atqku4yrhzp1CumkWXy72a9_Z5OlUYtbHQgWLHD_2YvHb4sneLWuVLunWlAqP8N2pezjKPopUG9G2pyKWGZQhJItsbVJyP1-b8xUXAD1zYs0EMUy6C6N1BQBz87OfD6pj5MmjIQXt4GU9LYvwfhrMP04kV1ccwSTaN3sbJTwFBk1wpX14eh38gJDzGNWx2tPIYXRDbxtvmJfM8f82ZH_USxNJn1iZ3BJ5o464eLbHrXveaP6I0-0WwfamgirRA4PkNOAk2x877iCTOIHioSB03nqbY4Q7Cp98sSVvE4lALWHwvCOnqFa4ka5pGKpZ2oE_-RRZ1mXi_uoNX7pXSFkUrwCnMj6xniketDEvG3zoi564ogg7JSZWccR0XTa6Mp0feR85nM4e179mMzyEcwmDZABwujIGLccQ6UONzkwrioR53xd8r0GnSsSQd_-iWxeul2If2bBTXfw-Bv4MlA3psODoRH6Wzd_u086JmTXKqDCtcpC44Gf2wvVKcUe3MUV4U3AvKMi0iQUil-gsWbLzHFOvNNZkJBDitJzHby-DdzQkS-mM6tQx4VoiEILYHvpR3eO8T8_QUoxTaL2tji_EuMdTMe2kTQUx-hTynzPbM6rbih9pwuy-l_hhTc5a_zS2y1DWk7qJNmHXuF2a7gVcxP7PRaLPHpf7OxHDSFQv4zKDdN45-EXLQvc5gmXCc6TyewV8SEuBruq-BEV7TcNFdUY70YrkXoSGFZPOLfD9qMSJ044f7EA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 36ms
36ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je3au1v9101556420&_p=895399549&gcd=11l1l1l1l1&cid=1785906443.1698876828&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1698876828&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=scroll&epn.percent_scrolled=90&_et=13
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Nov 2023 22:13:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paybyplatema.site/	1970-01-21 01:30:36	Name: _ga_BR9S49MX8J Value: GS1.1.1698876827.1.0.1698876827.0.0.0
.paybyplatema.site/	1970-01-21 01:30:36	Name: _ga Value: GA1.1.1785906443.1698876828
.paybyplatema.site/	1970-01-21 01:30:36	Name: _ga_PQVTRPL0ST Value: GS1.1.1698876828.1.0.1698876828.0.0.0
.paybyplatema.site/	1970-01-21 01:30:36	Name: _ga_5M4EY5KCMW Value: GS1.1.1698876828.1.0.1698876828.0.0.0
my.rtmark.net/	1970-01-21 00:40:12	Name: ID Value: b7c5f54af3744ed782cfebcf221110b6
.doubleclick.net/	1970-01-20 15:54:37	Name: test_cookie Value: CheckForPermission
.paybyplatema.site/	1970-01-21 01:16:12	Name: __gads Value: ID=cc4cbbf1f82cf7b2-226db3bbb2e400ac:T=1698876828:RT=1698876828:S=ALNI_MZR8DBglVvRA2npQUjOv9Nvtx2sEw
.paybyplatema.site/	1970-01-21 01:16:12	Name: __gpi Value: UID=00000d9e5e0511db:T=1698876828:RT=1698876828:S=ALNI_MagBTCCe0tppRdvSynKS6oRp2JVZA

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://paybyplatema.site/(Line 110) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 110) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: https://alterassumeaggravate.com/b2/33/f1/b233f1a8a86af17492dd04a1da354e1e.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	Message: The script does not have a MIME type.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1698872787&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1698876828174&bpp=4&bdt=1644&idt=390&shv=r20231031&mjsv=m202310260102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=982130696513&frm=20&pv=2&ga_vid=1785906443.1698876828&ga_sid=1698876829&ga_hid=895399549&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079193%2C44798934%2C44801485%2C44805934%2C44807047%2C44807334%2C44807406%2C44807454%2C31078297%2C31079155&oid=2&pvsid=240088827382533&tmod=1927177256&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=421 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acacdn.com
alterassumeaggravate.com
googleads.g.doubleclick.net
my.rtmark.net
pagead2.googlesyndication.com
partner.googleadservices.com
paybyplatema.site
region1.google-analytics.com
tpc.googlesyndication.com
www.google.com
www.googletagmanager.com
yonhelioliskor.com
youradexchange.com
139.45.195.8
139.45.197.251
192.243.61.227
2001:4860:4802:34::36
2606:4700:3030::6815:30d3
2606:4700:3030::ac43:b3fd
2606:4700:3037::6815:1fd7
2606:4700:e4::ac40:ab13
2a00:1450:4001:806::2001
2a00:1450:4001:806::2004
2a00:1450:4001:80e::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2008
009654dc2a20620ac27633d0a3d0e6396f2b6b687fa81573c3bb091bdbff51bb
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0f2bb3fdf147ade4bf1f857841bfa72a20eff4d2dc9c4e9da98c5ff71a7bfc57
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
17e961d6033939b2efd42cebc0cfd8073230a4b4c1f44aeaec8d109e1194d6ef
19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6
1dcc76edeafdee6d9f51e0bfb3c1f67f4a93221ca5dc98d7e7155fdd90799f39
1e5025a92878aeb0dfaf31d1b40fd80ef769c367f34fdf6620227704b73c8278
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2b9a874bcab7c9619b02d969e247cfe1c16dc42f6a75777eed49208c9b0930b6
2e22a3779eda554a62997698c1ff25a7512228dadd256f04433ee2e1469cdf6b
3fea20f71235ee7955f3fd0ca12ad15499e92e50a847527c41db626fec1ee0fd
4d2df9add43e1a637b598665758c91f03e692a8572001a2974fe349e1a276130
50353fd7011e167c9f518054f1221ca8ce0ee34f7f759c3fce002194b70f893f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
60d6f10daa1ba504958a59c7ea6aa50bc2e4b41bb31c74dec80701e0ed175d29
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
626c65063bcb00fcc4574cffc418820fc209794a0519ec1e65931896c79a6ee1
7b16af4257036d492b5143a944862f47a99a050d28d0f6388bcc959af194c69b
89dd81cb4b80d20fc5a48a73d01a4ef4620beebce7378a8ad123cd236f365ee4
8c18c2d9f5f5ba0b76470e6dfe9a8d8cf75fda9d232c8a46d21abbef7e132fc7
90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db
99235240097ffe1c3ccf93f0275840df66a62f6ce406788402b06df413755d67
995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac
9e53a945de001e16b8bccb12d39002b213153be72ba11bd86ef98c8b5bf19904
a1b234db870be30a18fec1de2b258ce797c95d865ea1cfe3d066127bff8ff6f5
c5820665ab57fa5c082528eac11d498fc44b8caafbfaad93bbb4ff80acd27623
d49c3e35a17b982ce4158dbce1c23fdf3eee9a27228833d0f14f4bd675d181fc
d681c352fabc13437dce30e2d5ad2f2766027f73e23d3d6fd17895f1e533872d
e2e1ff11f9ea4012f2db134fc42d692238f339b01d4ae386c08edd960a34a1f5
e36875fb48a3daa4f4790c277314140cd3a36a111df0494636b22eff45622a43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae
f9fda9ca1f54a4868de7bad9dbcfce8eac37a855091abca28f4dcd13a084329b
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

paybyplatema.site Open in urlscan Pro 2606:4700:3030::ac43:b3fd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

59 Requests

100 %HTTPS

79 %IPv6

12 Domains

13 Subdomains

13 IPs

3 Countries

929 kBTransfer

2658 kBSize

8 Cookies

2 Outgoing links

Page URL History

Redirected requests

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

paybyplatema.site Open in urlscan Pro
2606:4700:3030::ac43:b3fd Public Scan

Screenshot
Live screenshot

Full Image

59
Requests

100 %
HTTPS

79 %
IPv6

12
Domains

13
Subdomains

13
IPs

3
Countries

929 kB
Transfer

2658 kB
Size

8
Cookies

59 HTTP transactions
0 data transactions