globaladblocker.com Open in urlscan Pro
2606:4700:3036::6815:2f69 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paybyplatema.site/
Effective URL:
https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Submission Tags: https://phish.report @phish_report Search All
Submission: On June 12 via api (June 12th 2023, 8:11:03 pm UTC) from FI — Scanned from FI

Summary HTTP 102 Redirects Behaviour Indicators

Summary

This website contacted 23 IPs in 3 countries across 29 domains to perform 102 HTTP transactions. The main IP is 2606:4700:3036::6815:2f69, located in United States and belongs to CLOUDFLARENET, US. The main domain is globaladblocker.com. The Cisco Umbrella rank of the primary domain is 571336.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 18th 2023. Valid for: a year.

This is the only time globaladblocker.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::ac43:b3fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3037::6815:1fd7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	2606:4700:303... 2606:4700:3034::6815:5950	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
1	2606:4700:e0:... 2606:4700:e0::ac40:6113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.243.61.227 192.243.61.227	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2606:4700:e6:... 2606:4700:e6::ac40:ca17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.58.93.188 52.58.93.188	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
4 11	192.243.59.20 192.243.59.20	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
4 9	173.233.137.60 173.233.137.60	7979 (SERVERS-COM) (SERVERS-COM)
1	2600:9000:20c... 2600:9000:20c3:6800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
5	2606:4700:e6:... 2606:4700:e6::ac40:c309	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:303... 2606:4700:3036::6815:2f69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
102	23

1 2606:4700:3030::ac43:b3fd (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3037::6815:1fd7 (United States)

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3034::6815:5950 (United States)

ASN13335 (CLOUDFLARENET, US)

acacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

yonhelioliskor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e0::ac40:6113 (United States)

ASN13335 (CLOUDFLARENET, US)

g.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.243.61.227 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

alterassumeaggravate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e6::ac40:ca17 (United States)

ASN13335 (CLOUDFLARENET, US)

friendshipmale.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.58.93.188 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-93-188.eu-central-1.compute.amazonaws.com

simplewebanalysis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:e365:4988:e8a7:3270 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 192.243.59.20 (Ashburn, United States) 4 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

rampmention.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jellyhelpless.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 173.233.137.60 (United States) 4 redirects

ASN7979 (SERVERS-COM, US)

eyebrowsneardual.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20c3:6800:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e6::ac40:c309 (United States)

ASN13335 (CLOUDFLARENET, US)

youradexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3036::6815:2f69 (United States)

ASN13335 (CLOUDFLARENET, US)

globaladblocker.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

jurato.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	paybyplatema.site 1 redirects paybyplatema.site	142 KB
9	eyebrowsneardual.com 4 redirects eyebrowsneardual.com — Cisco Umbrella Rank: 51356	31 KB
9	rampmention.com 4 redirects rampmention.com — Cisco Umbrella Rank: 51937	46 KB
7	yonhelioliskor.com yonhelioliskor.com — Cisco Umbrella Rank: 811475	41 KB
5	youradexchange.com youradexchange.com — Cisco Umbrella Rank: 30566	2 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 75	385 KB
4	globaladblocker.com globaladblocker.com — Cisco Umbrella Rank: 571336 Failed	12 KB
4	acacdn.com acacdn.com — Cisco Umbrella Rank: 84302	105 KB
3	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1892	326 B
3	alterassumeaggravate.com alterassumeaggravate.com — Cisco Umbrella Rank: 302648	34 KB
3	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 127	185 KB
2	jellyhelpless.com jellyhelpless.com — Cisco Umbrella Rank: 50939	8 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1195 pixel.quantserve.com — Cisco Umbrella Rank: 973	10 KB
2	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54	5 KB
2	simplewebanalysis.com simplewebanalysis.com — Cisco Umbrella Rank: 13054	603 B
2	friendshipmale.com friendshipmale.com — Cisco Umbrella Rank: 19008	54 KB
1	jurato.info jurato.info — Cisco Umbrella Rank: 876093	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 377	30 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 9396	545 B
1	google.com adservice.google.com — Cisco Umbrella Rank: 106	456 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1086	609 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1130	634 B
1	ezodn.com g.ezodn.com — Cisco Umbrella Rank: 12244	2 KB
0	Failed function sub() { [native code] }. Failed
0	gstatic.com Failed csi.gstatic.com Failed
0	barscreative1.com Failed cdn.barscreative1.com Failed
0	banquetunarmedgrater.com Failed banquetunarmedgrater.com Failed
0	playerstrivefascinated.com Failed playerstrivefascinated.com Failed
0	supreme-ad-blocker.info Failed supreme-ad-blocker.info Failed
102	29

	Domain	Requested by
22	paybyplatema.site	1 redirects paybyplatema.site
9	eyebrowsneardual.com	4 redirects paybyplatema.site alterassumeaggravate.com
9	rampmention.com	4 redirects alterassumeaggravate.com paybyplatema.site
7	yonhelioliskor.com	paybyplatema.site
5	youradexchange.com	acacdn.com paybyplatema.site
5	www.googletagmanager.com	paybyplatema.site www.googletagmanager.com
4	globaladblocker.com	paybyplatema.site globaladblocker.com
4	acacdn.com	paybyplatema.site acacdn.com
3	region1.google-analytics.com	www.googletagmanager.com
3	alterassumeaggravate.com	paybyplatema.site
3	pagead2.googlesyndication.com	paybyplatema.site pagead2.googlesyndication.com
2	jellyhelpless.com	alterassumeaggravate.com
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	simplewebanalysis.com	alterassumeaggravate.com
2	friendshipmale.com	alterassumeaggravate.com rampmention.com
1	jurato.info	globaladblocker.com
1	cdn.jsdelivr.net	globaladblocker.com
1	my.rtmark.net	paybyplatema.site
1	pixel.quantserve.com	paybyplatema.site
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	rules.quantcount.com	secure.quantserve.com
1	secure.quantserve.com	paybyplatema.site
1	g.ezodn.com	paybyplatema.site
0	eklanaffifkpfdpnkngfilpcgodfdimb Failed	globaladblocker.com
0	csi.gstatic.com Failed	pagead2.googlesyndication.com
0	cdn.barscreative1.com Failed	alterassumeaggravate.com
0	banquetunarmedgrater.com Failed	rampmention.com
0	playerstrivefascinated.com Failed
0	supreme-ad-blocker.info Failed	paybyplatema.site
102	30

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-10` - `2024-02-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
acacdn.com GTS CA 1P5	`2023-05-13` - `2023-08-11`	3 months	crt.sh
yonhelioliskor.com R3	`2023-03-27` - `2023-06-25`	3 months	crt.sh
ezodn.com E1	`2023-05-04` - `2023-08-02`	3 months	crt.sh
alterassumeaggravate.com R3	`2023-05-19` - `2023-08-17`	3 months	crt.sh
simplewebanalysis.com Amazon RSA 2048 M01	`2023-03-02` - `2024-03-31`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
rampmention.com R3	`2023-05-08` - `2023-08-06`	3 months	crt.sh
eyebrowsneardual.com R3	`2023-04-28` - `2023-07-27`	3 months	crt.sh
quantserve.com R3	`2023-04-14` - `2023-07-13`	3 months	crt.sh
jellyhelpless.com R3	`2023-05-08` - `2023-08-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-19` - `2023-08-11`	3 months	crt.sh
rtmark.net R3	`2023-05-06` - `2023-08-04`	3 months	crt.sh
youradexchange.com GTS CA 1P5	`2023-04-23` - `2023-07-22`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
jurato.info GTS CA 1P5	`2023-05-23` - `2023-08-21`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Frame ID: 3F73B03A492086E6D5866380A7B92369
Requests: 96 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230608/r20190131/zrt_lookup.html
Frame ID: FBDA5DB2F3D23E9E2D77C4D2B8631ACF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1686586138&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686600656735&bpp=5&bdt=1271&idt=541&shv=r20230608&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1562759444817&rume=1&frm=20&pv=2&ga_vid=194342455.1686600656&ga_sid=1686600657&ga_hid=1838772467&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C44788441%2C44793497%2C31061691%2C31061692&oid=2&pvsid=3792411673577971&tmod=342910179&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=572
Frame ID: B5C6808F4FDA0BE8AF3AEC11D68CA02D
Requests: 1 HTTP requests in this frame

Frame: https://jurato.info/a.php?id=0068&e=VPGCNBK0FG&c=bttrP4697Z&r=tr&cid=25238e0ebf4385f3e6820ac2096b476c&z=18057692&m=728308&v=12&dr=https%3A%2F%2Fpaybyplatema.site%2F&inw=1600&inh=1200
Frame ID: 1D66278F6078FF4713BEEC13FA167E21
Requests: 1 HTTP requests in this frame

Frame: https://globaladblocker.com/gc.php
Frame ID: 7E0C5309A3340C53A9ADC583AE55774F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Global Ad Blocker

Page URL History Show full URLs

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL
https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

102
Requests

73 %
HTTPS

74 %
IPv6

29
Domains

30
Subdomains

23
IPs

3
Countries

1078 kB
Transfer

3179 kB
Size

57
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL
https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/

Request Chain 30

https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=bbf0340e67df54d8246a4bc424d1bd4c4687167d5e8ceea289ba5383d206a1339b9c2a323233b46bf66fb6e13235caa11785b25c25a88e1401f27b3afade9cd59701594e38d2590ef1660dd9e9339b89f76487ce&pst=1686600717&rmtc=t

Request Chain 33

https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=82d9a9e59106f94e6202ace9fc5ffa17e296429a85f4ba662db733b65bdddbf4b2ca861773ddc530605227b665d71585c4b37148494ac8618951b7df1e9b6121951888bfc6d3ed66f2cc879c2c0c2f56e3a2e4a1662995a758aa26d837b7f0&pst=1686600717&rmtc=t

Request Chain 35

https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=06beef2184f1dc8372eff56b052d1a969a08ac98ac1c68cd978ccbd588efbf23b44331a73dc8bcc9f95638afaaeb790b4c04a1502239f118ad9f1c12febe64b2583bd461e5a253e4f3182a4ad8963a6286004648ce5ef51d6a085290dcf98d&pst=1686600717&rmtc=t

Request Chain 36

https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=341b0594f6386f661ba9c3510f04d54eb750eedb95922913da6563411bfd6c35d2a996333605098e43d2f6288dbb55eeab2a7250d0e8583054e9411e9da32312c93f36f9bf0af6ae5df458c3ca674f29f266535f5699301b9310d785fe198b8a&pst=1686600717&rmtc=t

Request Chain 37

https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=be8c943bcbd2daf4b200ac577e8a1e735dda47df8c958df88fc90a936b9319c116da5cbabec68c642f1b1a9c4f91fa059ee61f8e83cf947cb5cdae1f0e69e59a3fd9fb7c5cfce865d55a42121840bf3b841df89c555d1b946d89a6ec48f9798e808842fe6e18&pst=1686600717&rmtc=t

Request Chain 38

https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=1ba4b1670e2e1f14a36ed4be00a8dcf243315099d9a62e4fd859d6be2d1f98e42bb27aa4f0060cf93462648a157a8de9720aaf3fced6037518611d2285828dd704edc8dea13f71a0587e497f5b79ae45b2c7ea0ce9810d9d6b4d2fbbfa301c&pst=1686600717&rmtc=t

Request Chain 39

https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=7f725ef164f5a7976144b4d4bb34f3ba2c08a2964ace30a171755aaf9c55a2b13cff4f01ad1da69005b1239e8df1238f5a96b86c54a70e6f8b022d0dd2b94dabb5886aad1eea5741e2f6e954e9f6ca75b12084&pst=1686600717&rmtc=t

Request Chain 40

https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1 HTTP 307
https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=ebeecc7ea826b2e7dc02700cf04a320a1de7780f9e2bfb0689167c2cc4a3326ff0bebf8a2aa9695a99bee4b5d72d668cc8eaa4afe1586ce88bb2eef3c4961acc343bac866618ea0c9d16a101b9d287eb77a62e5b&pst=1686600717&rmtc=t

102 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
paybyplatema.site/
Redirect Chain

http://paybyplatema.site/
https://paybyplatema.site/

108 KB
26 KB

787ms
645ms

Document
text/html

2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 593bbf2efc5afde2159758fcbcff5f5ebcad0c0a99bddbb37d709c6c159736ed

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 7d64bd6cbe5db509-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 12 Jun 2023 20:10:55 GMT
display: orig_site_sol
expires: Sun, 11 Jun 2023 20:10:55 GMT
last-modified: Mon, 12 Jun 2023 16:08:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pagespeed: off
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3ABdPNmboc2ZuXh9jeAjL3U8TPVuITNyjr4AK6XiazxzheaBr3G2AaPTBhQpZU5pIHNDfHQKgV8kRGXn3UT1u7ErCAPYByJ7qoO4%2F71VAWzS2BAsVrxw18G2tqmN%2FHTh7bLroI3Fl4mja8Zqbpl9A%3D%3D"}],"group":"cf-nel","max_age":604800}
response: 200
server: cloudflare
vary: Accept-Encoding,User-Agent
x-ezoic-cdn: Miss
x-middleton-display: orig_site_sol
x-middleton-response: 200
x-origin-cache-control: public, max-age=0
x-sol: orig

Redirect headers

CF-RAY: 7d64bd6b3ec8b527-OSL
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 12 Jun 2023 20:10:54 GMT
Expires: Mon, 12 Jun 2023 21:10:54 GMT
Location: https://paybyplatema.site/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2F%2FO%2BKwCWT%2F50O6zdr3PIVjKMuFSDpzOlchCsduUlnsrXg88Smm088R%2B7tc%2FkHW%2B3otMIkTjPRVK5nvecr8t%2Fysbhb0pTFV5UoMCN70g5%2FO7lYYMWVhuTd9MvSXH%2FhsZbLGwHfQXtyNoRpZMsGHl0A%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 160ef9e6f5c68b772c95505e7b828a2b.css
paybyplatema.site/wp-content/cache/min/1/ 129 KB
20 KB 133ms
130ms Stylesheet
text/css 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/cache/min/1/160ef9e6f5c68b772c95505e7b828a2b.css
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4030c5c6e8b7ca4408bed3b4c16ee5cf1836bac506cd9d01f0041714d456ac8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:55 GMT
content-encoding: br
cf-cache-status: HIT
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
cf-polished: origSize=132147
x-ezoic-cdn: Hit ds;ds;6020f45bd2c57ea2c45aeaa22e1688b3;2-460238-0;44177aec-15ba-47c6-51b6-7e2cc7b04c86
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
response: 200
cf-bgj: minify
last-modified: Mon, 08 May 2023 14:58:35 GMT
server: cloudflare
x-origin-cache-control: public, max-age=31536000,public
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=puUhDhpXuI%2BFNLp7hUgnnTXF1JZyYH0hWDWtS6TZZVL47GQKo8X7bhQT4LLlJo8hATqfRQ5c2roGf2DrGrHtroklnHa5CEoaYzkct6XbLoDYfGU1e2lkfEMzmaQCLuTYqKnFLHMSL2OWsMpeJ5Dbpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000,public
cf-ray: 7d64bd70dd54b509-OSL

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 195 KB
72 KB 288ms
101ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

05e76c02bbb4b026b8df4a8eb974817222ac5557606faf861fa41f6ed88c6fab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 73458
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Jun 2023 20:10:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 336ms
144ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec2fe7950597fcb2348f9ecf8a47a5d03ec370ae6db901167f607a49eb6c5749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Origin: https://paybyplatema.site
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47637
x-xss-protection: 0
server: cafe
etag: 9257653297355086588
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 12 Jun 2023 20:10:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 252 KB
86 KB 104ms
103ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f8d3963d521dba2106ecf72fe45c1479a58f60fff37e6cef77e47f32ff62728f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88370
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Jun 2023 20:10:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 177 KB
65 KB 142ms
140ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-256309008-1

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79c9acd56ecda2a70935972ccb5705809d34dc161c3685f0b2656ba473246b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66331
x-xss-protection: 0
last-modified: Mon, 12 Jun 2023 18:38:33 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Jun 2023 20:10:56 GMT

GET
H2 200 atg.js Show response
acacdn.com/script/ 104 KB
36 KB 236ms
79ms Script
application/javascript 2606:4700:3034::6815:5950
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/atg.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5950 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f8ee01d1d773f8a7af694b1ec494c9df5c0e438fe29435595eab0e3cacc81f3

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:55 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1920
x-guploader-uploadid: ADPycdsiSQ-T32cyLKo_1RaMCmYLBwXEQF0FkBXYxuhCNG4HpqTpECO047--uSSXAlXUzI-PmJ1n9FPAmwDlG1L7xXt9Lg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 May 2023 12:26:48 GMT
server: cloudflare
etag: W/"1ba41cdfce1d7767fd56bdd1463ae443"
vary: Accept-Encoding
x-goog-hash: crc32c=CLT9cg==, md5=G6Qc384dd2f9Vr3RRjrkQw==
x-goog-generation: 1685449608748031
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e4ki79AzJOv4XwYPYGePKGtlpQm%2B4zjrP0OLSteR6V3g%2BHt8yiN6ro5NWJ1Aan56SMlshNI1B08t7L8DDFqgU%2FPi1sohRo%2Beq6YvTwMIIla49WZibgPR6GeVtfONfJKbFx1n4Oy1zP%2F6"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 106891
cf-ray: 7d64bd71dc33b505-OSL
expires: Mon, 12 Jun 2023 20:04:10 GMT

GET
H2 200 tag.min.js Show response
yonhelioliskor.com/pfe/current/ 14 KB
6 KB 320ms
99ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 1bd584a86b1cd36b9581643c7ebcbbb6c63117da54659de5b793eefa939de63b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: gzip
last-modified: Mon, 12 Jun 2023 11:50:27 GMT
server: nginx
etag: W/"64870683-3957"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H3 200 paybyplate-ma-768x489.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 13 KB
14 KB 191ms
189ms Image
image/webp 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2022/10/paybyplate-ma-768x489.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c48d3f99f3a76f202f04a8722164461a25c5ea0caebe3a3e4bd14030c21b693d

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;mm;0fe7cf92d5eda825a3f2b085517d3556;2-460238-0;4e0a8aa6-df93-4b70-5bbf-2a52c7463c52
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
x-ezoic-excludewebp: false
response: 200
last-modified: Tue, 18 Oct 2022 14:43:51 GMT
server: cloudflare
x-origin-cache-control: public, max-age=10368000,public
vary: Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=it55d5eg65lbWbX3WCd7OED2ttbfO4Coiz96aNR2CIseY4OdUZCJkN%2FK2e2cW1CU%2BELdoWL%2Bd6yNyVQqRiF8Ql4m9n4aATqFmTRS9jGqK8Xp732MClQm8%2ByYWl8C0uIpYgPR3fscmRtq7ZTiN06NZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=15552000,public
cf-ray: 7d64bd789b49b4ee-OSL

GET
H3 200 email-decode.min.js Show response
paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 70ms
69ms Script
application/javascript 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Jun 2023 11:54:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"647f1e6b-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZ8nYrqtftFpMHoNXvWib3n%2B09P33%2F%2FDf%2BdnhMn0wC5Voyq5Yg5fNgQ%2FoCoqVNsl%2BUCvuoXAEzU%2B6yefewyBeNnFC2aFIuWpzF%2FXX5SJerI%2F1mvxf7p8tYi1Pzo22ARhy7yNuPR83t3cq0waHMnHow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7d64bd73b9f5b4ee-OSL
expires: Wed, 14 Jun 2023 20:10:55 GMT

GET
H3 200 menu.min.js Show response
paybyplatema.site/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 118ms
118ms Script
application/javascript 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.3.0
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;ds;40c05123ddd36389ba7ace5e923f05fc;2-460238-0;47aa939c-a99b-4ac9-4f5c-e7ae10e67e96
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
response: 200
last-modified: Wed, 22 Mar 2023 16:14:28 GMT
server: cloudflare
x-origin-cache-control: public, max-age=31536000,public
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0%2FlvcTyKP6DBjNSzuE2zeTnZJTVO2W07sRMu7n0MSS7rsZ8iskxrTbWVyDAsvXcdpTAhGry9hv4v4hBUQIUcGfF0Y5E0yXpEP2ShjRex6wUoYsyfLc7h1n2cIv1oDcBtVnNP1btgIs0iQIFHX0pC%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000,public
cf-ray: 7d64bd742ab4b4ee-OSL

GET
H3 200 main.min.js Show response
paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/ 4 KB
2 KB 122ms
121ms Script
application/javascript 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/main.min.js?ver=2.1.4
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;ds;a4730df993eaca048f98264e9da9a683;2-460238-0;cbcadd83-4db0-4836-6134-bdced73cc7ec
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
response: 200
last-modified: Fri, 14 Oct 2022 08:55:18 GMT
server: cloudflare
x-origin-cache-control: public, max-age=31536000,public
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MW%2BZmiMXyyHm9p9IhVxS3KhtozzQ1aSNcSWOJt7UlXsRW6nc4J8AuLxwq0dus6TIzBWwgmh5mLFMSvAQPIb8ddZx1f1l%2FGp9yeP3HdR%2BJU6pth3ADEqQEpf8VG3a1R8yqqYN3xhMH%2BYP0tXk32KXg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000,public
cf-ray: 7d64bd74ec40b4ee-OSL

GET
H2 200 v.js Show response
g.ezodn.com/cmp/v2/ 5 KB
2 KB 204ms
68ms Script
text/javascript 2606:4700:e0::ac40:6113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezodn.com/cmp/v2/v.js?v=4
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6113 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b104db680a9d1df48409a24d2f18c31e2867e67e921c44b00c72b22d9762bb8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Feb 2023 19:45:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 9503409
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFsheXtOQtySRQEda%2FHNKg%2BWPV7DEIp3EQ9KG5IMD4Bw9QBqxCwZ6%2B8GO97ThPDbbyw%2FIjmIIvIcAjaQHRN8eG8uPjrIwngoNB578ty4wOR2u%2FL4kQ%2FMSW6Ba0b5%2FWl1lnv7967E%2BoiVKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=15780000
cf-ray: 7d64bd796edf15f4-ARN
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK 103f872def2557028e4aca50c4daff0f.js Show response
alterassumeaggravate.com/10/3f/87/ 36 KB
14 KB 901ms
246ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

c0d8f6b23376ae9ace217252e26a9b439b0d54057b8ec22baecf167fc71f1bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 12 Jun 2023 20:10:56 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: 57ad8fdbbfb8b57d323c746abc161ee5
Expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 199ms
69ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BR9S49MX8J&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1686600655&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 252 KB
86 KB 201ms
200ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14907949e77e053af56f06215b532a69875a1ffce84ff513fe9b6d3b6866af28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88343
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Jun 2023 20:10:56 GMT

GET
H2 200 sfp.js Show response
friendshipmale.com/ 83 KB
27 KB 313ms
172ms Script
application/javascript 2606:4700:e6::ac40:ca17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://friendshipmale.com/sfp.js

Requested by

Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:ca17 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
strict-transport-security: max-age=0; includeSubdomains
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400
x-request-id: 2656e75b17f91f75384b8057204b6372
last-modified: Mon, 12 Jun 2023 20:10:56 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UpW%2Fff1x3z%2FqJXlc8JptkHWfcV4219Ej2INvR%2Byu9kSGuo1Tj5wNUCZH0UwcfDyawMOhOxlYEWRX%2FBLhJrP%2BRbCU%2FqVEsIqY5dE8VPjFlE9BER6a4lMyK%2Bor3EskKE9cqCriRTW%2F7QbpAnMkYuzdyQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7d64bd796c879903-ARN
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 stats Show response
simplewebanalysis.com/ 40 B
302 B 292ms
90ms XHR
text/html 52.58.93.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://simplewebanalysis.com/stats
Requested by: Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.93.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-188.eu-central-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: 1b9269ecf5672dc6eae741bbbf3f15a92f887311b19cc49c2727fdc1db0589a7

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin: https://paybyplatema.site
date: Mon, 12 Jun 2023 20:10:56 GMT
access-control-allow-credentials: true
server: fasthttp
content-length: 40
vary: Origin
content-type: text/html; charset=UTF-8

GET
H3 200 cmbv2.js Show response
paybyplatema.site/detroitchicago/ 63 KB
20 KB 125ms
123ms Script
application/javascript 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ae4df3bd75d8320327a69eb07e916ed4eccedb7037065ad352eb39fba0b364f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 11 Jun 2023 05:49:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIW3kkKE9HsEoTQ9Hj7f7W8T6L4kTd4CLzXkbt%2F%2FCq7yttX2a1PcX7NAgKhRTT91qLowlz3E6BMdRyycxRcHEf%2F2vkRDLjJ46TkIurEsvQIdIJLjU%2FbL1QAPxKQ3KAmlLgS7Fp4MZ%2BEf6R13vX90qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-ray: 7d64bd789b50b4ee-OSL
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK invoke.js Show response
alterassumeaggravate.com/d3b70164122317877867615a5af5346f/ 26 KB
10 KB 180ms
180ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

09e30996481d88c7d78b5c4562857e6d67489c3407558c59aa995b21c62608e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 12 Jun 2023 20:10:56 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: 0f2ced2841aef6f144e40e3f096e8fc0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/ 352 KB
118 KB 333ms
154ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4784e037546fcb7f73c1e1b0b3052aa93dc4a0b841088ab47c998e26d98ae2b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120861
x-xss-protection: 0
server: cafe
etag: 7421295995491201118
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 12 Jun 2023 20:10:56 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230608/r20190131/ Frame FBDA 10 KB
5 KB 281ms
88ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230608/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4969693136336878

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

age: 72124
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Jun 2023 00:08:52 GMT
etag: 15057649708203361565
expires: Mon, 26 Jun 2023 00:08:52 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 imp.gif
paybyplatema.site/detroitchicago/ 43 B
637 B 289ms
289ms Ping
image/gif 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/imp.gif?e=%7B%22ab_test_id%22%3A%22mod1-c%22%2C%22ad_cache_level%22%3A1%2C%22ad_lazyload_version%22%3A0%2C%22ad_load_version%22%3A0%2C%22city%22%3A%22Espoo%22%2C%22country%22%3A%22FI%22%2C%22days_since_last_visit%22%3A-1%2C%22domain_id%22%3A460238%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A0%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22metro_code%22%3A0%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%2258ca02e6-4821-45ec-6914-9e8ef6851b48%22%2C%22position_selection_id%22%3A0%2C%22postal_code%22%3A%2202630%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A99536%2C%22response_time_orig%22%3A377%2C%22serverid%22%3A%22i-0577d0d2d5da2060c%22%2C%22state%22%3A%2218%22%2C%22t_epoch%22%3A1686600654%2C%22template_id%22%3A120%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fpaybyplatema.site%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A3421%2C%22worst_bad_word_level%22%3A0%7D&ez_orig=1
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-middleton-display: imp_sol
alt-svc: h3=":443"; ma=86400
content-length: 43
server: cloudflare
access-control-max-age: 1728000
access-control-allow-methods: HEAD, PUT, POST, GET, OPTIONS
content-type: image/gif
access-control-allow-origin: https://paybyplatema.site
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJrSRSTdjn%2BXYJ7WCUN2bsTOIib1fIp2ExBqTPwMpIgDIIF78lHTTCEFEgb1hLut%2Blnkc%2Fu74riNDQeB4hNyy8AdxlszY77n3OiXyxrsRHb1SjnPszWez%2BOcg82C23KBHndhntu%2FoymQYKaiHFb2XA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
vary: Accept-Encoding
cf-ray: 7d64bd79cd85b4ee-OSL
access-control-allow-headers: Content-Type
expires: Sun, 11 Jun 2023 20:10:57 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 253ms
88ms Script
application/javascript 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: gzip
etag: "sLp6xTjO7svFVaOemhLWUQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Mon, 19 Jun 2023 20:10:57 GMT

GET
H3 200 cmbdv2.js Show response
paybyplatema.site/detroitchicago/ 35 KB
10 KB 172ms
172ms Script
application/javascript 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-8y0c-6y1c-5&cmbcb=147&sj=x03x0cx1c
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2186c62483df74f6126183f48049291bda5b7d372abc2d7de9e5640e0425b75c

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 12 Jun 2023 20:10:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4eCVQZ%2BozmHwIM15ytShDJPnE0dxXBNGnGCvPUIF3q5%2BX%2BMoQRK3YgriXfWxlp4nYVuAgR%2Bnh%2BhZEOectiuDXAL8L0IrUDAE60Hxgjq%2F9vZP2L0PDB0vePsHWQQtg77pORhPKh6lrlOtOxbWkL4iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
x-robots-tag: noindex
cf-ray: 7d64bd79cd87b4ee-OSL
alt-svc: h3=":443"; ma=86400

GET
H2 200 stats Show response
simplewebanalysis.com/ 40 B
301 B 90ms
90ms XHR
text/html 52.58.93.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://simplewebanalysis.com/stats
Requested by: Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.93.188 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-93-188.eu-central-1.compute.amazonaws.com
Software: fasthttp /
Resource Hash: 9e80d4cbd46e87c8252336d360b1196a138371c334fe556cf90ab41902dc9526

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin: https://paybyplatema.site
date: Mon, 12 Jun 2023 20:10:56 GMT
access-control-allow-credentials: true
server: fasthttp
content-length: 40
vary: Origin
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK 1b6b360a8e7717a7517e85e704ad82f9.js Show response
rampmention.com/1b/6b/36/ 84 KB
29 KB 746ms
191ms Script
application/javascript 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rampmention.com/1b/6b/36/1b6b360a8e7717a7517e85e704ad82f9.js

Requested by

Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

0d4111e4882268268177db77636d5f826ba52e67df1c02bd4c4d0c2d823f2ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: 819ee39163867e90a1bd801b54ef5f3f
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK invoke.js Show response
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 26 KB
10 KB 178ms
178ms Script
application/javascript 192.243.61.227
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.61.227 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

19f8113c57259c026c13cd6cd9187398bd89620f6fc371b78adbe352f9abaaca

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: 9a5616db77c4d95cd24e1102c95c4724
Expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 70ms
69ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1686600656&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PQVTRPL0ST
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 209 KB
76 KB 106ms
105ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-256309008-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e19b3a85a335d78a60e423d4a76a429bccdcfc90e0ea83d4a777745eac8e43b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77280
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Jun 2023 20:10:57 GMT

GET
H/1.1

200
OK

watch.452971135795.js Show response
rampmention.com/
Redirect Chain

https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...
https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...

2 KB
2 KB

228ms
227ms

XHR
text/html

192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=bbf0340e67df54d8246a4bc424d1bd4c4687167d5e8ceea289ba5383d206a1339b9c2a323233b46bf66fb6e13235caa11785b25c25a88e1401f27b3afade9cd59701594e38d2590ef1660dd9e9339b89f76487ce&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

4e3e5db28d69f4fd53908202da94a4363ded4a02559d530da9e9ed538f6ed9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: 8820ea1c47646a2774b35d57bb946d8d
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://rampmention.com/watch.452971135795.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=bbf0340e67df54d8246a4bc424d1bd4c4687167d5e8ceea289ba5383d206a1339b9c2a323233b46bf66fb6e13235caa11785b25c25a88e1401f27b3afade9cd59701594e38d2590ef1660dd9e9339b89f76487ce&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: e10c8496620af5600a8f56658bdce873
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 zone Show response
yonhelioliskor.com/ 885 B
1 KB 106ms
106ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/zone?pub=0&zone_id=5907218&is_mobile=false&domain=paybyplatema.site&var=&ymid=&var_3=

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1ced0f86ca65e0ec419eb8b3b466b5f0c57e68ff29197deaf6e66e493f90d0b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-trace-id: a0d74b3dd0d55bb86972006a74b7888d
date: Mon, 12 Jun 2023 20:10:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 885

GET
H2 200 universal.min.js Show response
yonhelioliskor.com/pfe/current/ 101 KB
34 KB 306ms
105ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/universal.min.js?v=3.1.439
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: a671c6076dc1d4405d0944142486cc17bf3cef2972e3b210c108c47068a10c30

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: gzip
last-modified: Mon, 12 Jun 2023 11:50:27 GMT
server: nginx
etag: W/"64870683-1935f"
content-type: application/javascript
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache
access-control-allow-credentials: true

GET
H/1.1

200
OK

watch.498083873194.js
eyebrowsneardual.com/
Redirect Chain

https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...
https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...

1 KB
2 KB

194ms
194ms

XHR
text/html

173.233.137.60
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=82d9a9e59106f94e6202ace9fc5ffa17e296429a85f4ba662db733b65bdddbf4b2ca861773ddc530605227b665d71585c4b37148494ac8618951b7df1e9b6121951888bfc6d3ed66f2cc879c2c0c2f56e3a2e4a1662995a758aa26d837b7f0&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

173.233.137.60 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: f8dcdbb56dc9a0aae32a7f2f47204af7
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://eyebrowsneardual.com/watch.498083873194.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=82d9a9e59106f94e6202ace9fc5ffa17e296429a85f4ba662db733b65bdddbf4b2ca861773ddc530605227b665d71585c4b37148494ac8618951b7df1e9b6121951888bfc6d3ed66f2cc879c2c0c2f56e3a2e4a1662995a758aa26d837b7f0&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: 8b0ba1670da80259af423239d40fc250
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK 8a72d3026ba8d255251ce8649b87c898.js
eyebrowsneardual.com/8a/72/d3/ 36 KB
14 KB 719ms
196ms Script
application/javascript 173.233.137.60
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://eyebrowsneardual.com/8a/72/d3/8a72d3026ba8d255251ce8649b87c898.js

Requested by

Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

173.233.137.60 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-Request-ID: f84d48132c1444133bbcf4a2f3ddaab0
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.599961491668.js Show response
eyebrowsneardual.com/
Redirect Chain

https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...
https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...

1 KB
2 KB

175ms
175ms

XHR
text/html

173.233.137.60
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=06beef2184f1dc8372eff56b052d1a969a08ac98ac1c68cd978ccbd588efbf23b44331a73dc8bcc9f95638afaaeb790b4c04a1502239f118ad9f1c12febe64b2583bd461e5a253e4f3182a4ad8963a6286004648ce5ef51d6a085290dcf98d&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

173.233.137.60 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

353c4ef44bcc87605cc565359d01a39a79205508a124f7cab80c1ae72ceb5bcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: bdc41d0a69deacfd8b866a586a1ab416
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://eyebrowsneardual.com/watch.599961491668.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=06beef2184f1dc8372eff56b052d1a969a08ac98ac1c68cd978ccbd588efbf23b44331a73dc8bcc9f95638afaaeb790b4c04a1502239f118ad9f1c12febe64b2583bd461e5a253e4f3182a4ad8963a6286004648ce5ef51d6a085290dcf98d&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: 8f8f8a9a5449460bf1b2e28dfb5a8c00
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.62181056227.js Show response
eyebrowsneardual.com/
Redirect Chain

https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22mas...
https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22mas...

1 KB
2 KB

175ms
174ms

XHR
text/html

173.233.137.60
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=341b0594f6386f661ba9c3510f04d54eb750eedb95922913da6563411bfd6c35d2a996333605098e43d2f6288dbb55eeab2a7250d0e8583054e9411e9da32312c93f36f9bf0af6ae5df458c3ca674f29f266535f5699301b9310d785fe198b8a&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

173.233.137.60 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

a9be9d68ed8eb253021f912701aec28d04572ca48b613dca674a731b16d91b24

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: c4b6278cde11a5b3f50c8458304265e6
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://eyebrowsneardual.com/watch.62181056227.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=341b0594f6386f661ba9c3510f04d54eb750eedb95922913da6563411bfd6c35d2a996333605098e43d2f6288dbb55eeab2a7250d0e8583054e9411e9da32312c93f36f9bf0af6ae5df458c3ca674f29f266535f5699301b9310d785fe198b8a&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: 677a3d79802a7d632b8227f9f51f363b
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.624162257710.js
eyebrowsneardual.com/
Redirect Chain

https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...
https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22ma...

1 KB
2 KB

188ms
188ms

XHR
text/html

173.233.137.60
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL

https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=be8c943bcbd2daf4b200ac577e8a1e735dda47df8c958df88fc90a936b9319c116da5cbabec68c642f1b1a9c4f91fa059ee61f8e83cf947cb5cdae1f0e69e59a3fd9fb7c5cfce865d55a42121840bf3b841df89c555d1b946d89a6ec48f9798e808842fe6e18&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

173.233.137.60 , United States, ASN7979 (SERVERS-COM, US),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: f231e516cb749366e25da2764694e50d
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://eyebrowsneardual.com/watch.624162257710.js?key=c66d4a55a2c58bb312b1ffebcda49b63&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=be8c943bcbd2daf4b200ac577e8a1e735dda47df8c958df88fc90a936b9319c116da5cbabec68c642f1b1a9c4f91fa059ee61f8e83cf947cb5cdae1f0e69e59a3fd9fb7c5cfce865d55a42121840bf3b841df89c555d1b946d89a6ec48f9798e808842fe6e18&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: d44e8851e2558a0ac2ae8a8904cb76cc
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.520369696853.js Show response
rampmention.com/
Redirect Chain

https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...
https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...

2 KB
2 KB

197ms
196ms

XHR
text/html

192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=1ba4b1670e2e1f14a36ed4be00a8dcf243315099d9a62e4fd859d6be2d1f98e42bb27aa4f0060cf93462648a157a8de9720aaf3fced6037518611d2285828dd704edc8dea13f71a0587e497f5b79ae45b2c7ea0ce9810d9d6b4d2fbbfa301c&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

c0f8ab82a225918c628a20f948d3537bbae106ec6e6dd6239014b1a75a3e1014

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: 1689cc6684fc6afd85d0f8dee9a90ba2
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://rampmention.com/watch.520369696853.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=1ba4b1670e2e1f14a36ed4be00a8dcf243315099d9a62e4fd859d6be2d1f98e42bb27aa4f0060cf93462648a157a8de9720aaf3fced6037518611d2285828dd704edc8dea13f71a0587e497f5b79ae45b2c7ea0ce9810d9d6b4d2fbbfa301c&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: c6d2769386cc3bf226a8d776ceee8640
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.1080980144226.js Show response
rampmention.com/
Redirect Chain

https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massac...
https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massac...

2 KB
2 KB

181ms
180ms

XHR
text/html

192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=7f725ef164f5a7976144b4d4bb34f3ba2c08a2964ace30a171755aaf9c55a2b13cff4f01ad1da69005b1239e8df1238f5a96b86c54a70e6f8b022d0dd2b94dabb5886aad1eea5741e2f6e954e9f6ca75b12084&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

2c09b9af68d1bc481ff60d88e79c05073d712a1eff132fb7c3d8d9fd82e59aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: e4c5ab21446ce06c00db7cca79b2009f
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://rampmention.com/watch.1080980144226.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=7f725ef164f5a7976144b4d4bb34f3ba2c08a2964ace30a171755aaf9c55a2b13cff4f01ad1da69005b1239e8df1238f5a96b86c54a70e6f8b022d0dd2b94dabb5886aad1eea5741e2f6e954e9f6ca75b12084&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: 2a08ac5d6f9179ded62a117f50861d36
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1

200
OK

watch.572013452392.js Show response
rampmention.com/
Redirect Chain

https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...
https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massach...

2 KB
2 KB

189ms
188ms

XHR
text/html

192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=ebeecc7ea826b2e7dc02700cf04a320a1de7780f9e2bfb0689167c2cc4a3326ff0bebf8a2aa9695a99bee4b5d72d668cc8eaa4afe1586ce88bb2eef3c4961acc343bac866618ea0c9d16a101b9d287eb77a62e5b&pst=1686600717&rmtc=t

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

HTTP/1.1

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

281abd307952337b05605b3f480d476a06395acf326d0db104e3eb7d9be7284c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: d9056343d537b04888280674e2721877
Expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/html
Access-Control-Allow-Origin: https://paybyplatema.site
Location: https://rampmention.com/watch.572013452392.js?key=d3b70164122317877867615a5af5346f&kw=%5B%22paybyplatema%22%2C%22com%22%2C%22pay%22%2C%22online%22%2C%22toll%22%2C%22bills%22%2C%22in%22%2C%22massachusetts%22%5D&refer=https%3A%2F%2Fpaybyplatema.site%2F&tz=0&dev=r&res=12.31&uuid=a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1&shu=ebeecc7ea826b2e7dc02700cf04a320a1de7780f9e2bfb0689167c2cc4a3326ff0bebf8a2aa9695a99bee4b5d72d668cc8eaa4afe1586ce88bb2eef3c4961acc343bac866618ea0c9d16a101b9d287eb77a62e5b&pst=1686600717&rmtc=t
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-Request-ID: 32ee113420d5413782b893a56ae391f5
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 PayByPlateMA-768x299.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 19 KB
20 KB 121ms
121ms Image
image/webp 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2022/10/PayByPlateMA-768x299.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6401a8a455d3d0562e611c024ef59a29ad97eca51672a72b68183be006583ee8

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;ds;66019657eeb11e83df3ba269d9a0cd7b;2-460238-0;ce13c2ec-8833-4949-6a55-820b392d2a53
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
x-ezoic-excludewebp: false
response: 200
last-modified: Tue, 18 Oct 2022 14:26:49 GMT
server: cloudflare
x-origin-cache-control: public, max-age=10368000,public
vary: Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PiE0ZCLDrkoA%2Bo5WSPsoYjpdzsEc59j2Aa8v88gCspTZ1dBkQzPELtHfevNZmXKGJEUw8AAJlGG8sGi73fBXMKFiMf3zQmHzBtTrasysCb%2BXNALzRPRXEkYyGqbWR440%2FdMgAips%2FAGuhyM%2F6q8T%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=15552000,public
cf-ray: 7d64bd7b4851b4ee-OSL

GET
H3 200 PaybyPlateMa-password-reset-2-768x358.jpg
paybyplatema.site/wp-content/uploads/2022/10/ 18 KB
18 KB 118ms
118ms Image
image/webp 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2022/10/PaybyPlateMa-password-reset-2-768x358.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0470fbe642d7a6df792459a763a05d7c4a26e5f66ef4f4811e07ea3a6288e39

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol
x-ezoic-cdn: Hit ds;mm;2f3b3f6202ca4c50bfd528ab9f0e985f;2-460238-0;8fa8e7e5-852f-4ddf-6bdb-69a8f2e63ac9
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
x-ezoic-excludewebp: false
response: 200
last-modified: Tue, 18 Oct 2022 14:07:07 GMT
server: cloudflare
x-origin-cache-control: public, max-age=10368000,public
vary: Accept-Encoding,X-Ezoic-Excludewebp,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrb1xIfLT5szYN1u5xFv%2BAElWIvu%2BtkXC7u8tog2MkkyPwXdgF7LZQGMBaWk%2BzGYJ6RpGHcYKPWGyTbwYS%2FwGpG3Ems3FJnOaT4C21CrJ64JRBIPzo0vDkiRWOod9JwPeuoTJbm%2BFRWHR8UyXnr0Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=15552000,public
cf-ray: 7d64bd7b4854b4ee-OSL

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 160 B
634 B 292ms
96ms Script
application/javascript 2600:9000:20c3:6800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20c3:6800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 19:16:58 GMT
via: 1.1 5b3be43b5ff3292b36e9c737ff94254a.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-C1
age: 3240
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 00:41:49 GMT
server: AmazonS3
etag: "af15ecfe46737cb2a37226fd060f23a6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: PvUKTbnYo-VLolfPeAhcVrD1QhjVRExIq_XWrE8mBX6QNOLojPuvDA==

GET
H/1.1 200
OK sbar.json
jellyhelpless.com/ 8 KB
7 KB 862ms
366ms XHR
text/plain 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://jellyhelpless.com/sbar.json?key=103f872def2557028e4aca50c4daff0f&uuid=090df65a-8028-4375-9da7-2b9635313c49%3A2%3A1

Requested by

Host: alterassumeaggravate.com
URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:57 GMT
Custom-Referer: https://paybyplatema.site
Content-Encoding: gzip
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Transfer-Encoding: chunked
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://paybyplatema.site
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Request-ID: e5b4ab9d30fd1098f3d303b88c1a454e
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 rum_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20230608/r20110914/ 53 KB
20 KB 89ms
89ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230608/r20110914/rum_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306070101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4969693136336878&plah=paybyplatema.site

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

268ed9f2682cab7b835eab31969de281f4bf15d382041771ca74d5888fa33521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 02:34:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63361
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20932
x-xss-protection: 0
server: cafe
etag: 8619445290282718928
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Jun 2023 02:34:56 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 401 B
609 B 325ms
98ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=paybyplatema.site&callback=_gfp_s_&client=ca-pub-4969693136336878

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0e56326d1f81421ab6a0dcb21bd13886ea4d61587e9e531041e34e920fdb70d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 282ms
95ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=paybyplatema.site

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B5C6 603 B
218 B 263ms
262ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1686586138&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686600656735&bpp=5&bdt=1271&idt=541&shv=r20230608&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1562759444817&rume=1&frm=20&pv=2&ga_vid=194342455.1686600656&ga_sid=1686600657&ga_hid=1838772467&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C44788441%2C44793497%2C31061691%2C31061692&oid=2&pvsid=3792411673577971&tmod=342910179&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=572

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Jun 2023 20:10:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 68ms
68ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5M4EY5KCMW&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&ngs=1&_s=1&sid=1686600657&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5M4EY5KCMW&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=1084047797;labels=Domain.paybyplatema_site%2CDomainId.460238;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fpaybyplatema.site%2F;uht=2;fpan=1;fpa=P0-206944505-1686600657160;pbc=;ns=0;ce=1;qjs=1;q...
pixel.quantserve.com/ 35 B
372 B 92ms
83ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1084047797;labels=Domain.paybyplatema_site%2CDomainId.460238;rf=0;a=p-31iz6hfFutd16;url=https%3A%2F%2Fpaybyplatema.site%2F;uht=2;fpan=1;fpa=P0-206944505-1686600657160;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;cm=;gdpr=0;ref=;d=paybyplatema.site;dst=0;et=1686600657455;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts%2Cdescription.PaybyPlateMa%20com%20and%20E-ZPass%20is%20smooth%20%26%20easy%20ways%20to%20pay%20tolls%20online%20and%20with%20%2Curl.https%3A%2F%2Fpaybyplatema%252Esite%2F%2Csite_name.PayByPlateMa%2Cupdated_time.2023-05-12T07%3A59%3A24%2B00%3A00;ses=3fd586a1-c734-4783-a0a5-6656266d630e;mdl=

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Jun 2023 20:10:57 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

OPTIONS
H2 200 custom
yonhelioliskor.com/ Frame 0
0 107ms
106ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Mon, 12 Jun 2023 20:10:57 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
326 B 101ms
99ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: bcda1ada98c8fd0f8d2d5ec0e333cbdc
date: Mon, 12 Jun 2023 20:10:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H3 200 Code%20file Show response
paybyplatema.site/ 5 KB
3 KB 237ms
237ms Fetch
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/Code%20file
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: br
cf-cache-status: DYNAMIC
x-sol: orig
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
display: staticcontent_sol, orig_site_sol
x-ezoic-cdn: Hit ds;ms;34b813e6777372f1e8468eee27236fab;2-460238-0;6e24768d-53cb-45e2-4ff4-a7b155be8b3f
x-middleton-display: staticcontent_sol, orig_site_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400
response: 200
last-modified: Fri, 28 Apr 2023 20:57:03 GMT
server: cloudflare
x-origin-cache-control: public, max-age=2592000
vary: Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dVMnsyHwLi4Ae2htPrCHBfISSD3EdCzix6EcmOtG2wDtJgRqrB7nFwt56e%2FtfwVD4NxzBIyQ2FFM%2BLdv%2B1S%2FJghGIDOg2uGsdue5zok2y8JXOSE%2FLmSAp4z8pvR6p2i4X%2Fv1AmDjBSWWO0iNta0tgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: public, max-age=2592000
cf-ray: 7d64bd7d7cc8b4ee-OSL

OPTIONS
H2 200 custom
yonhelioliskor.com/ Frame 0
0 98ms
98ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Mon, 12 Jun 2023 20:10:57 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
326 B 106ms
106ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 24c5c20cd46f63363d1bf3ac64313532
date: Mon, 12 Jun 2023 20:10:57 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js
my.rtmark.net/ 65 B
545 B 355ms
106ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=815a268c5abd4ac4a5b69adfe302fdc4&zoneId=5907218&checkDuplicate=true&ymid=&var=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET extension.php
supreme-ad-blocker.info/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
520 B 106ms
105ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiNThjYTAyZTYtNDgyMS00NWVjLTY5MTQtOWU4ZWY2ODUxYjQ4IiwiZG9tYWluX2lkIjoiNDYwMjM4IiwidF9lcG9jaCI6MTY4NjYwMDY1NCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjMtMDYtMTIifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIyMCJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiIxIn0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX1d
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cb2NP%2FyoE0JmSusjucpozDxr9n2Kc51ssJPdBbzHBNnGz4KMEDsYAG3XgViUs%2FP58T8NtnE7JIZD5%2Fbhjn5Iv4RpeaIzXf6keEOWseM5K1nN82pyC0psxthlyfRGyPzXK5P0ETsX%2F8pkB7jFAfYAEw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd7f79c5b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:56 GMT

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
522 B 177ms
176ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3ODA5In1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wFCDo3GyDkPHKfe5JRS8lIHtNjiaybPCdKV4m90MO4JqxX6JggmEzGIzWTSxsU0Qui9vxIBx%2BDsO6DJLhYUZU96WqLNzAt%2FVT%2B8jAduwwNIhchHrXbHy44QJeyeOalZlPcZBzcMkZkB0vUKvrgP6ew%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd7f79c9b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:56 GMT

GET extension.php
supreme-ad-blocker.info/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
521 B 164ms
164ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3ODEyIn1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4uWxa%2FrotrLSvYB8kNDGD4k4XLdofWeGEPP2ayAavjDL7lesVkf8Lkn3%2ByExf5kM2a1SAylngEizFZpRbadKanH%2FdOb%2BaUBDUoxondTqt4mivxSudbql50zDUc7sjm6FLj1yg6k1mj2wlMCNxRr0w%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd7f79d5b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:58 GMT

GET extension.php
supreme-ad-blocker.info/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
522 B 174ms
173ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3ODI2In1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=48XpWdGdEHg0ifO8oFvjFFNONsFX60qRjR9pCYlBS%2B2JOIKbRTigcEaQS5dtqhDnU3d3CxPBJEdPErLqGFY%2Fo1GblnI4jEdsLThd7%2BseLNjP9IcQNYGwslMt5gTXuYjlWvygc17%2BkfS0GtjuWwSmXA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd7f9a07b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:57 GMT

GET extension.php
supreme-ad-blocker.info/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
520 B 191ms
191ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3ODI4In1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1X%2Bt872hZMat9b71fFfecXDqO4ssGB8vkXM5ctLbXc8Rn7xMkpW8vvNAUIkceVGdi1JbppY2Zk2O%2F89g0ANJMdpigM%2FLhPoGxfVCFfYm8fPlH6Ysz52cCR%2FlRJ6MMFImGbQyAwndG9OzlR50DOcGvA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd7f9a0eb4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:58 GMT

GET
H2 200 sfp.js
friendshipmale.com/ 83 KB
27 KB 266ms
265ms Script
application/javascript 2606:4700:e6::ac40:ca17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://friendshipmale.com/sfp.js

Requested by

Host: rampmention.com
URL: https://rampmention.com/1b/6b/36/1b6b360a8e7717a7517e85e704ad82f9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e6::ac40:ca17 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
strict-transport-security: max-age=0; includeSubdomains
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc: h3=":443"; ma=86400
x-request-id: b5b8ec71f5a0f4df285ea2e25cd7fa96
last-modified: Mon, 12 Jun 2023 20:10:57 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vnzm7ZM4xkyHEUYIhBQW1EHEekBvFJmF2T9SC%2BUPVnwdOjZ5JJ7FYu4idf%2BBXZWJw0I5qYVz8A00mYVdx4aen7B1JdudEgq1DWx%2BSFXhrmMcEuPpIy66Zsb%2B2WraQs0sruANC0GnNr7tu8FF88U76i0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 7d64bd7fa9e79903-ARN
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET purst
playerstrivefascinated.com/pixel/ 0
0

GET
H2 200 ut.js Show response
acacdn.com/script/ 80 KB
28 KB 76ms
75ms Script
application/javascript 2606:4700:3034::6815:5950
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/ut.js?cb=1686600656721
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:5950 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 758519148bca76af1cfe30b12896dc40207967dd283a8aec6281588d07cb433a

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:57 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2698
x-guploader-uploadid: ADPycdsc9EOFOIdZ_Ufo2yWO6tWD-OBXdTvf0E486JGlXGaM-u00R9nGSJbH0IlmqVdtaa1KGlX8CeE2Imx-kRM-6EzKhw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 May 2023 12:36:05 GMT
server: cloudflare
etag: W/"4549edd6adc0674f59e20ade3b3f8b23"
vary: Accept-Encoding
x-goog-hash: crc32c=e/HddQ==, md5=RUnt1q3AZ09Z4greOz+LIw==
x-goog-generation: 1685450165695067
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wj5itvD9tJoxh0U867Fk6nhCbmptufCOCwBudAW34%2BQRpeKkZydqszJqKQoBOd1DVOpO9VmL8L0ti0%2BRRoPGI%2BCO%2FcwvoxOOr1Fat4S6gnwyG25SqBkihzrHGBlF%2F8xRS%2FMoBq2UVmHN"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 82158
cf-ray: 7d64bd7fbce5b505-OSL
expires: Mon, 12 Jun 2023 19:46:25 GMT

GET
H2 200 czcf.php
youradexchange.com/ad/ 204 B
592 B 358ms
197ms Fetch
text/html 2606:4700:e6::ac40:c309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ad/czcf.php?cz=dddyue3gxn&chmob=%3F0
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TndFrCS2w9xCW5uxsiwvGc7d3xsM%2Fq5OdQvOL1HAji4hqzZDtG5zdP0vgZhe7VPoNPDTgrhKRGnN8okZVi0IOHEBLlaK%2FNgSDBxOi9hbZat7j4PsZW3%2FPkKKttZrsxJBzeSSahdq8yZLYw79yKBnjEE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 7d64bd80bcc209b3-ARN
alt-svc: h3=":443"; ma=86400

GET addon.php
globaladblocker.com/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
526 B 112ms
111ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3OTgwIn1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2FpTXoVm5At5PV%2BUqls3PROzWXDYNOfDp%2B9RDGuEtiqdBBhS0u8IkH%2FIF2i389W9SvWAERY0D5b9E5eakpyNXVR0Yl9Ej6f3tgT5S4jek9%2BPc%2BCM8qlskI929UniEjlvCXvuOBxn0m4ZKNEs%2FaoNEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd808ba3b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:56 GMT

GET addon.php
globaladblocker.com/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
521 B 106ms
105ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3OTgyIn1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cofTFpYhu051O4z5yuzoSsfWVwAsNPed7VCA0LM86fCa02NqLPfUOyj0GJHx%2F9gwNynv3e5wDugcwBt9jyXNEvATU4DhWQWbaIGyUJjOjswjXN5fCzOCBPtGtla%2FUdtw37apo%2F%2FiZ07sTgi8RnETOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd808bb1b4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:11:01 GMT

POST
H2 204 hb.php
youradexchange.com/ut/ 0
416 B 321ms
193ms Ping
text/plain 2606:4700:e6::ac40:c309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ut/hb.php?cb=0.5987698480870929
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/ut.js?cb=1686600656721
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwBCoX6Ig3u44pGEJ5oLWa0Z1YNSdrLdm3SyGl0c5XbznbwNOq4xWw3JqSJG8gOajm9lTj5JI9%2Fv%2FbyuFQrMJS9YJtTlWOEULQbP%2BPGH%2FJyBPXE3fN6r1BsRHkKU0IvSDeth9raMsZEEPkxn4amgajg%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7d64bd815e290a43-ARN
alt-svc: h3=":443"; ma=86400

GET addon.php
globaladblocker.com/ 0
0

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
525 B 104ms
104ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3OTg5In1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPfTvroCP%2FWsGmOwS5nS5LKk%2BQhKJEXKJ%2FB7ZRQHLcisjZ1OItDXe0lxi2WfuYnx8EByNQ31lpE6RXgh81dOobUDVZo2v0M%2BrUaQm5PrdarouIJM3xoueNGUbKkZ2QUw%2BvRQYvs3VbAZeSNQKpv%2BKw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd809bbab4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:56 GMT

POST
H2 204 hb.php
youradexchange.com/ut/ 0
268 B 322ms
198ms Ping
text/plain 2606:4700:e6::ac40:c309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ut/hb.php?cb=0.9362626594522414
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/ut.js?cb=1686600656721
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dxvT04rltdkhRfCxyRV%2B8b6BGCwybAR%2BOJwDTIbdOGXyzp3%2BkUdzg%2BUwbZMFXszx1EzQAly%2BHUXAf%2BJzVzssB8bfu4JomeqK8Avhk2hgK2fS3njY0Upo0Ebv7nmjBOxaBNrTr6dA84jsZnPRqnf5ghA%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7d64bd815e2d0a43-ARN
alt-svc: h3=":443"; ma=86400

GET
H2 200 Primary Request addon.php Show response
globaladblocker.com/ 8 KB
3 KB 443ms
306ms Document
text/html 2606:4700:3036::6815:2f69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:2f69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c1c4eaa979cfd353714ac3de813dd67b7344b3daf0ad311fbc00b15125a70f0

Request headers

Referer: https://paybyplatema.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d64bd8179610b69-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 12 Jun 2023 20:10:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5SwRxpMu7zhMwQKL2zsgeiWyq7ojMT%2BUYoExAXv1gXFrIZxfmF1LQwmNQTV2ICKYXH0OevrVrZ4eRlBo21hRjZFaJ41IGLA1Fdh92aGcjrLqAfk8XXR0FQEa7SjoUN9HKRNXfj6w%2Fu%2Fr6zPN2HFw5Txt"}],"group":"cf-nel","max_age":604800}
server: cloudflare

POST
H3 204 greenoaks.gif
paybyplatema.site/detroitchicago/ 0
523 B 108ms
108ms Ping
text/plain 2606:4700:3037::6815:1fd7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoidF91bmxvYWQiLCJ2YWwiOiIxNjg2NjAwNjU3OTk2In1dfV0=
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/cmbv2.js?gcb=195-0&cb=04-3y02-8y06-13y07-2y1d-7y0b-6y0d-23y17-4y1b-5y20-4y25-3y33-4y59-2&cmbcb=147&sj=x04x02x06x07x1dx0bx0dx17x1bx20x25x33x59
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:1fd7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K38q65BwulWkEHoYSvSkYVdaBJaTqqcz37V2AphewXYqQA0AM%2FcQwZRQMYFCKJCJO3yMAudWsNK%2FLCDgGuzgBpH%2BbPsijzODSatkgUtoDmy0Vw9WhcoDASvmvf1%2FkGYeBsvNz7OWVaDGhsFpOCNFxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://paybyplatema.site
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
cf-ray: 7d64bd80abccb4ee-OSL
alt-svc: h3=":443"; ma=86400
expires: Sun, 11 Jun 2023 20:10:58 GMT

POST
H2 204 hb.php
youradexchange.com/ut/ 0
263 B 320ms
202ms Ping
text/plain 2606:4700:e6::ac40:c309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ut/hb.php?cb=0.335792438622482
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/ut.js?cb=1686600656721
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B8cU6U1ZbrljRb0%2BNC%2BsQbh63vZStZBUNCzucc0X04gYn0sFuXVKpR8BtjaEYYHzhIEKBS26ZAGEkZOkNP5enyidgcl4wJzh4JwgvYCZuqkp60TEyt2n3xZWVbxQmOUZPP85Go8XOb5Uk3ISaFxagpo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7d64bd815e2b0a43-ARN
alt-svc: h3=":443"; ma=86400

GET advertisers.js
banquetunarmedgrater.com/ 0
0

GET index.html
cdn.barscreative1.com/sb/notifications/rtb/mac/2/ 0
0

GET
H/1.1 200
OK ren.gif
jellyhelpless.com/ 7 B
641 B 166ms
166ms Image
image/gif 192.243.59.20
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://jellyhelpless.com/ren.gif?sid=H4sIAAAAAAAC%2F6xTS2hkWRm%2Bt3sQcXQxoxsR4UJNhm6YunXvua%2BqCW3IqzJF0jNNUhJcNed1K6fr3If3nFs3iZvBGXRwIXEhCC68%2BSszmfbVNq5ERKkSNwHFUhe1yUY37gRRNy6k0tE0Llz5b%2F7nge%2F7%2Fv985bS8NBwo8Vzfz46FlLgV2I51Z1%2BkLKuU9Wbfch3bWbb2RRr6y9Zh6N%2B1VvNc8n1OtoVuBV5ke6F1Z%2FuN%2Fv2d1ywphtza4nSY3bXWD4os4S3X9W3HDiIvsF0ntPZwjAtx%2FQ5E%2FgO349mu17YjGyEHDov%2FKqjSBIVNYKNL42UQbPbixhf%2BCYJOIE1%2BtMHVUGf5a5tJKbHOChix88%2BnwzSrUkhuwrgwIU7Pr6chUzPD%2BNYtyNLza56Qjc4WPIGImWH%2B%2BSGQ9INn8IGMxq7rA5EQCyDsE1CNJsDlBASeAM3eAcG6QBl0e5Am512RSpyyZ028aM6MF%2F7%2BVxDVzPjIPx5DmvxwTYpDay%2BTpRZZquAwrkEcTkAMJpCXU9DHt0FUU6D6yyDYr42PvehCmnz4BpdKpEMBgs1fcToOi8MAN9sOajd9LwqaHYajJiKd0As816N%2B50oiISYg4glIfgJY3YJSmVAKE8rYhDI3IWFzy0PE7XQIYi7vuB0vdNptFyPHp4HnxZh6UNIFjxPQ%2BQlQeQK0eBvy4m0YihMoyl%2BAOqhBMROUNmDEaqi4AZUyoMIGVMKAShtQjer3mVRI1R8wqUriXnt07b16nOnBKX4%2F0wOeGqf5pfHSQjzzk39bgyGfW67jxe0IMR6jIIgc1OY%2BpjhwqM9wHDsxKFGDULcAKxOOxcywlt%2BFXMyMj7a%2FAwRPQckpUHEbcPlZwNU4Qg7gg7HfduA4fZrjI3KUS6x5gm0lNAeW1ZDrF0Afmafy0vj01SZX%2F%2FQX4PRi5SefeunJH371GaBFDXlRwyPxSwMG8r3xblYZZ7tZpYynb%2BVaJOIYL7a8p7Hmxne3%2BVGVFay3oU4er9JFYxF%2Bv8%2BV3sEpE%2BlAGd9bE4zxopsVlBs%2F66l9Th6U6mCtLNIy33mw3u0lecGVElk6Aby41tNHQMXM%2BPjmF6%2Bu95XPHYMoplCUc32gda5eb7VKZVdZMSSYDu2U61aqj1p5pvSi0KJS0OHKkB%2FdG6GmG7bD0HHCIGp7qBk1XTeKUNNFKHICtxkQNwxxmzVJ4LtN7EftJm2joIlYhxKHuRGKYkjKi5X6j1vkm9bXQWRToPm7HzYavfW33mw05rP%2FBSnhuhBUtRQecVskgxU%2B4qm%2BJ%2F7DWL1KBGsK9v9B%2BqpIBveu8Cx5q0uou4S6lKU2ZoeuTbNkCXUDxyPIjxnl3I2c0HcYDUISMB%2F5sRf6of0o54PHjUa%2F19%2FZbDR%2BvC0KJaw7foCsKy7Ts7tPGo2Nzb313d6Dfm%2BhwE%2F7peSWLLOh4qmw9PQsnZ5ZQmqc4ieNxs7q7tbmw9791a3NRmP%2B%2Br%2FVeh5Xq%2BO3Pd9xOmEc84DFkctczgMURSggKKT0ChWo%2FMK4NlCZAYW8yUluQlXW4wKRi5WD%2Fte%2B%2FZvf%2FxykmBnLD18GyW8GMalBPZeTm%2FhUvQeDwgSs34E0qWFU1DCSNWB5Aqq8PdZ5cbHyO%2B%2FKgEhzTGRhnhFZyG88%2B0hKzC3ieZy4MfGdKAxiFnisw5FLPcePAuR4HdBqxr76pd%2F%2BCwAA%2F%2F8BAAD%2F%2F4Y9EVCnBgAA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.243.59.20 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

Software

nginx/1.19.5 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubdomains

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Mon, 12 Jun 2023 20:10:58 GMT
Strict-Transport-Security: max-age=0; includeSubdomains
Server: nginx/1.19.5
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 7
X-Request-ID: 096f16787cb5f33ed7efc44980988b95
Expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 204 display.php
youradexchange.com/n/ 0
269 B 202ms
201ms Script
text/plain 2606:4700:e6::ac40:c309
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/n/display.php?r=6713762&atag=1&czid=dddyue3gxn&aggr=2&ppv=1
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:c309 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nBfWH57UIm0RuH%2BdytJWWnqqS8U8TewtSdqJ1grOM1fF6qRB3bN6JXCGSTaIWnk4y%2FU45XX31Xh79y%2B7s8Mg1kSJQX0pIvBLmJiKdI0DkEKPAuovG7QL%2FdKvFj5EH0r%2B7MA3U%2BHHFxFrfRvX7DCkyo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 7d64bd81feaf0a43-ARN
alt-svc: h3=":443"; ma=86400

GET
H3 200 ippg.js
acacdn.com/script/ 120 KB
40 KB 78ms
78ms Script
application/javascript 2606:4700:3034::6815:5950
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/ippg.js
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5950 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2638
x-guploader-uploadid: ADPycduGwrXidNyb2SVZwOpHBZHdxzgUoSSNJdFBUCaOmRNXymVj7J6iO96lnD-3aQCQSeSDUq0lsvKIg2aeBB_1EcrxqsADNCO6
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 May 2023 12:30:59 GMT
server: cloudflare
etag: W/"9fe719dd6f79fe55a5eb8bb18d8ebb9b"
vary: Accept-Encoding
x-goog-hash: crc32c=awDDpA==, md5=n+cZ3W95/lWl64uxjY67mw==
x-goog-generation: 1685449858943240
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zVTDr%2FDDIKKebMMyNCPOC0IuoSdzVcequHsr1emXjOYmAVnbX81GbeVRUoxFLFiOlr3Y7ERpxhe5eC%2FDiVyviKuKCFJjx5FfAPl22exKkt46WY9LfyWpD4YQO9VpVARB%2BuDckhFnqcP"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 123143
cf-ray: 7d64bd81ff01b512-OSL
expires: Mon, 12 Jun 2023 20:20:02 GMT

GET
H3 200 suv4.js
acacdn.com/script/ 87 KB
0 210ms
210ms Script
application/javascript 2606:4700:3034::6815:5950
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/suv4.js
Requested by: Host: acacdn.com
URL: https://acacdn.com/script/atg.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:5950 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 239
x-guploader-uploadid: ADPycdvXRcj0OINZAWqXqkTxVRDlrsaN8AlXhZPiE_4G8uMZtwJLblk5d5cO0sBO9SXMfttPjcdF0EZjv9fmTF3P0b6n-YtZez0c
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 May 2023 12:34:39 GMT
server: cloudflare
etag: W/"004289f37c0edc9a9ff5d7c42dc39fdd"
vary: Accept-Encoding
x-goog-hash: crc32c=t1ikYA==, md5=AEKJ83wO3Jqf9dfELcOf3Q==
x-goog-generation: 1685450078957310
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y%2BeQ0KoFIQrAePwcL5Wdo7MIT1sGADzoZTfje80TsZ%2BVWpcG2G2FtnfrXFwyOQRzXJ0PsWE0CUQy0b1VgkI3ioJv%2BMdxgnRc0pCctLdYvqQu5W7EgR1F10MtJ0uie6reWy5%2BqCmazquE"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 110518
cf-ray: 7d64bd81ff06b512-OSL
expires: Mon, 12 Jun 2023 20:16:50 GMT

GET push.php
youradexchange.com/script/ 0
0

POST collect
region1.google-analytics.com/g/ 0
0

POST greenoaks.gif
paybyplatema.site/detroitchicago/ 0
0

POST collect
region1.google-analytics.com/g/ 0
0

POST csi
csi.gstatic.com/ 0
0

POST hb.php
youradexchange.com/ut/ 0
0

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/ 190 KB
30 KB 190ms
60ms Stylesheet
text/css 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css

Requested by

Host: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://globaladblocker.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 12 Jun 2023 20:10:58 GMT
x-content-type-options: nosniff
content-encoding: br
age: 8179672
x-jsd-version: 5.2.3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30336
x-served-by: cache-fra-eddf8230122-FRA, cache-bma1648-BMA
x-jsd-version-type: version
etag: W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 icon.png
globaladblocker.com/ 5 KB
5 KB 86ms
85ms Image
image/png 2606:4700:3036::6815:2f69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://globaladblocker.com/icon.png
Requested by: Host: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:2f69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cd7865925cd7cb9cad3960822a7603383a6502421146879f7842fc9ed7039186

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Dec 2022 15:51:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1544
etag: "63a1d9e8-1281"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ug%2FuYK0yAoh6fmy67MeOI7NYN%2FP0waYllvpHgg6mjbef48i68K5KWayFClU2LruJG3uASbm00n%2BkSdSMS1GANDIPko4Buf0HuTF9LKj0ijWbYB%2F1nUScct%2Bl2M4Ac9QLBGWC2DAy0FaaupGuZZJxHp9T"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 7d64bd838c790b69-OSL
alt-svc: h3=":443"; ma=86400
content-length: 4737

GET
H2 200 cws.png
globaladblocker.com/ 3 KB
4 KB 77ms
77ms Image
image/png 2606:4700:3036::6815:2f69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://globaladblocker.com/cws.png
Requested by: Host: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:2f69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 20:10:58 GMT
cf-cache-status: HIT
last-modified: Fri, 06 Jan 2023 11:11:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1544
etag: "63b801e2-d6b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nePyhd7oQ%2B4bFBv2MD0Ecg5iKT4czZTXlDz6TpssjaZkp3wwkSs1go4p%2B2SPRuK%2FdEKIVmYMFyCRjG%2BBM2FlUAditJL5UizRas2vWjR1NWIp2zmf8F85I51AXddXgidYwa8G1v4tD8oTXSxEr5aj0qmB"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 7d64bd838c820b69-OSL
alt-svc: h3=":443"; ma=86400
content-length: 3435

GET 3aefc5e5-dbff-4b30-b153-edbe89ddecd4.png
eklanaffifkpfdpnkngfilpcgodfdimb/filters/static/ 0
0

GET
H2 200 a.php Show response
jurato.info/ Frame 1D66 96 B
1 KB 366ms
207ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jurato.info/a.php?id=0068&e=VPGCNBK0FG&c=bttrP4697Z&r=tr&cid=25238e0ebf4385f3e6820ac2096b476c&z=18057692&m=728308&v=12&dr=https%3A%2F%2Fpaybyplatema.site%2F&inw=1600&inh=1200
Requested by: Host: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6

Request headers

Referer: https://globaladblocker.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d64bd85dca6b511-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 12 Jun 2023 20:10:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCKUquyQNaOkJf6BtGnaF%2FOay8Mbv8w9SpRR3bx209qASdN%2FrcSUx5cGESzm8qQfje33uwaN6QwVn24L%2FvPp7K3%2FdvSe%2FrANBlRZJ7jf01jPMUPI0KUrggYNsuZCGy6HnzZeg8CIXejquA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 gc.php Show response
globaladblocker.com/ Frame 7E0C 0
553 B 129ms
129ms Document
text/html 2606:4700:3036::6815:2f69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://globaladblocker.com/gc.php
Requested by: Host: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:2f69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d64bd84ebff0b65-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 12 Jun 2023 20:10:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxmP%2F1p1MQkqFGexVaH8dp3wcH5UxumPwBgOY%2BVxUmexwAgMM3xk7PtRXQ5yWexOHP5QBMYGx32pgVdAUs9zD7ko8Y8X7wkWhmwpO5lAXd3pYhEm2YZZibmPPQqHj41S80oivZ0Is3RkNdwdmWX6gnOJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: supreme-ad-blocker.info
URL: https://supreme-ad-blocker.info/extension.php?ed=botra5uZFy&version=3&ek=18052404&eg=252cd34fab3683ee9a09cee63ae8b4f3&ef=tr&ei=795058

Domain: supreme-ad-blocker.info
URL: https://supreme-ad-blocker.info/extension.php?ed=botra5uZFy&version=3&ek=18052404&eg=2520af60be9e9856bb59740c127f2254&ef=tr&ei=795058

Domain: supreme-ad-blocker.info
URL: https://supreme-ad-blocker.info/extension.php?ed=botra5uZFy&version=3&ek=18052404&eg=252d44998aa8bc2d9da84a8fb33d58aa&ef=tr&ei=795058

Domain: supreme-ad-blocker.info
URL: https://supreme-ad-blocker.info/extension.php?ed=botra5uZFy&version=3&ek=18052404&eg=25245e5da12c114813c0818eeab61f05&ef=tr&ei=795058

Domain: playerstrivefascinated.com
URL: https://playerstrivefascinated.com/pixel/purst?dl=0&th=0&sc=0&rs=3350&rd=3350&fd=914.8999977111816&bv=22.10.v.10&tmpl=136

Domain: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=252adc1a595cb75f892d233dd2a7901c&gd=tr&gg=728308

Domain: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=2528089ef2d5f8240d3a0bba171924b7&gd=tr&gg=728308

Domain: globaladblocker.com
URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=252c0fa8dd4fdbdea5dba1011187439f&gd=tr&gg=728308

Domain: banquetunarmedgrater.com
URL: https://banquetunarmedgrater.com/advertisers.js

Domain: cdn.barscreative1.com
URL: https://cdn.barscreative1.com/sb/notifications/rtb/mac/2/index.html

Domain: youradexchange.com
URL: https://youradexchange.com/script/push.php?r=6713766&ipp=1&mads=1&position=top&czid=dddyue3gxn&aggr=2&atag=1&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&chmob=%3F0

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BR9S49MX8J&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=2&sid=1686600655&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=user_engagement&_et=2493

Domain: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoiY2xzX3ZhbHVlIiwidmFsIjoiMC4wMDA2MzA5Mjc4MTA2Njg5NDUzIn1dfV0=

Domain: paybyplatema.site
URL: https://paybyplatema.site/detroitchicago/greenoaks.gif?orig=1&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiI1OGNhMDJlNi00ODIxLTQ1ZWMtNjkxNC05ZThlZjY4NTFiNDgiLCJkb21haW5faWQiOiI0NjAyMzgiLCJ0X2Vwb2NoIjoxNjg2NjAwNjU0LCJkYXRhIjpbeyJuYW1lIjoibGNwX3ZhbHVlIiwidmFsIjoiMjY1MC4yMDAwMDA3NjI5Mzk1In1dfV0=

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=2&sid=1686600656&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=scroll&epn.percent_scrolled=90&_et=14

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PQVTRPL0ST&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=3&sid=1686600656&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=user_engagement&_et=1425

Domain: region1.google-analytics.com
URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-5M4EY5KCMW&gtm=45je3671&_p=1838772467&cid=194342455.1686600656&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&ngs=1&_s=2&sid=1686600657&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20com%20Pay%20Online%20Toll%20Bills%20in%20Massachusetts&en=user_engagement&_et=1107

Domain: csi.gstatic.com
URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~litahg4h&c=3792411673577971&e=44759926%2C44759837%2C44759875%2C44788441%2C44793497%2C31061691%2C31061692&ctx=1&uet=2&met.3=1001.1qn_1__1~164.1qq_1~165.1qm_5~166.1qd_q~1032.25n~326.25q_2~832.25t~868.25t~216.25n_7~215.25n_8~843.25m_9~889.26g~639.26l~112.28g_1~629.2f2_2&met.1=24.32c

Domain: youradexchange.com
URL: https://youradexchange.com/ut/hb.php?cb=0.2019242001834778

Domain: eklanaffifkpfdpnkngfilpcgodfdimb
URL: chrome-extension://eklanaffifkpfdpnkngfilpcgodfdimb/filters/static/3aefc5e5-dbff-4b30-b153-edbe89ddecd4.png

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

57 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paybyplatema.site/	1970-01-20 12:30:02	Name: ezoadgid_460238 Value: -1
.paybyplatema.site/	1970-01-20 12:30:07	Name: ezoref_460238 Value:
.paybyplatema.site/	1970-01-20 21:15:36	Name: ezosuibasgeneris-1 Value: c22ebef4-f865-49e5-56f0-40501bccd8b0
.paybyplatema.site/	1970-01-20 12:30:07	Name: ezoab_460238 Value: mod1-c
.paybyplatema.site/	1970-01-20 12:30:02	Name: lp_460238 Value: https://paybyplatema.site/
.paybyplatema.site/	1970-01-20 12:32:53	Name: ezovuuidtime_460238 Value: 1686600655
.paybyplatema.site/	1970-01-20 12:30:02	Name: ezovuuid_460238 Value: 1d9a472b-88a4-4977-7fb8-e3a5be8776b6
.paybyplatema.site/	1970-01-20 12:30:02	Name: ezopvc_460238 Value: 1
.paybyplatema.site/	1970-01-20 22:06:00	Name: _ga Value: GA1.1.194342455.1686600656
simplewebanalysis.com/	1970-01-20 22:06:00	Name: uid_id2 Value: a952bd42-8054-47fa-95bb-c2f94f762601:3:1
paybyplatema.site/	1970-01-20 12:40:05	Name: dom3ic8zudi28v8lr6fgphwffqoz0j6c Value: a952bd42-8054-47fa-95bb-c2f94f762601%3A3%3A1
paybyplatema.site/	1970-01-20 12:30:07	Name: sb_main_103f872def2557028e4aca50c4daff0f Value: 1
paybyplatema.site/	1970-01-20 12:30:07	Name: sb_count_103f872def2557028e4aca50c4daff0f Value: 1
.quantserve.com/	1970-01-20 22:00:15	Name: mc Value: 64877bd1-7a55c-c07fd-43b45
.paybyplatema.site/	1970-01-20 21:54:29	Name: __qca Value: P0-206944505-1686600657160
.doubleclick.net/	1970-01-20 12:30:01	Name: test_cookie Value: CheckForPermission
rampmention.com/	1970-01-20 12:31:27	Name: u_pl Value: 18052404
rampmention.com/	1970-01-20 12:30:00	Name: ain Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODA1MjQwNCwiayI6ImQzYjcwMTY0MTIyMzE3ODc3ODY3NjE1YTVhZjUzNDZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTEyMzg4LCJwaWQiOjUzODc4MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJmY3hoNmVnbiIsImNwa3MiOnsgIjI4IjoiMWI2YjM2MGE4ZTc3MTdhNzUxN2U4NWU3MDRhZDgyZjkifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE4OTAyODg2MCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyNTI3OSwiYm4iOiJDaHJvbWUiLCJidiI6IjExNCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjcwLCJjIjoiRkkiLCJuIjoiRmlubGFuZCJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYXlieXBsYXRlbWEuc2l0ZS8ifX0.nlATqT0OJHA1NqB9kTz7wZZhsWBx1YeJOzy8T4EW8oY
.paybyplatema.site/	1970-01-20 21:51:36	Name: __gads Value: ID=e41d4dd201367ac3-229f98c960e10020:T=1686600657:RT=1686600657:S=ALNI_MbPz7rmh1ohHuE7Yspu8aQBloBITg
.paybyplatema.site/	1970-01-20 21:51:36	Name: __gpi Value: UID=00000c4d11b95a1e:T=1686600657:RT=1686600657:S=ALNI_MYUSNJPNwtah22iuTeJwFjZ57UPQQ
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: u_pl Value: 18057692
eyebrowsneardual.com/	1970-01-20 12:30:00	Name: ain Value: eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODA1NzY5MiwiayI6ImM2NmQ0YTU1YTJjNThiYjMxMmIxZmZlYmNkYTQ5YjYzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTEyMzg4LCJwaWQiOjUzODc4MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjUsInB0Ijo0LCJwayI6Inl5Mm5renNhdyIsImNwa3MiOnsgIjI5IjoiOGE3MmQzMDI2YmE4ZDI1NTI1MWNlODY0OWI4N2M4OTgifSwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjE4OTAyODg2MCwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyNTI3OSwiYm4iOiJDaHJvbWUiLCJidiI6IjExNCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjcwLCJjIjoiRkkiLCJuIjoiRmlubGFuZCJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYXlieXBsYXRlbWEuc2l0ZS8ifX0.Idxgkqlm6m5T3z7bMaohSYytybhyiK1IrV-U233aock
rampmention.com/	1970-01-20 12:40:05	Name: uid_id2 Value: a952bd42-8054-47fa-95bb-c2f94f762601:3:1
rampmention.com/	1970-01-20 12:31:27	Name: iprc03214137506cd15ed040f89f9435b97a Value: 4283197
rampmention.com/	1970-01-20 12:31:27	Name: pdhtkv Value: true
rampmention.com/	1970-01-20 12:31:27	Name: uncs Value: 1
rampmention.com/	1970-01-20 12:31:27	Name: pdhtkv23 Value: true
rampmention.com/	1970-01-20 12:31:27	Name: uncs23 Value: 1
paybyplatema.site/	1969-12-31 23:59:59	Name: ezux_et_460238 Value: 0
paybyplatema.site/	1969-12-31 23:59:59	Name: ezux_tos_460238 Value: 0
eyebrowsneardual.com/	1970-01-20 12:40:05	Name: uid_id2 Value: a952bd42-8054-47fa-95bb-c2f94f762601:3:1
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: iprc1add0e61cde5857c734cb3f76cc7f9a6 Value: 3989563
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: pdhtkv Value: true
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: uncs Value: 1
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: pdhtkv5 Value: true
eyebrowsneardual.com/	1970-01-20 12:31:27	Name: uncs5 Value: 1
jellyhelpless.com/	1970-01-20 12:31:27	Name: u_pl Value: 18085186
jellyhelpless.com/	1970-01-20 12:40:05	Name: uid_id2 Value: 090df65a-8028-4375-9da7-2b9635313c49:2:1
jellyhelpless.com/	1970-01-20 12:31:27	Name: pdhtkv Value: true
jellyhelpless.com/	1970-01-20 12:31:27	Name: uncs Value: 1
jellyhelpless.com/	1970-01-20 12:31:27	Name: pdhtkv29 Value: true
jellyhelpless.com/	1970-01-20 12:31:27	Name: uncs29 Value: 1
jellyhelpless.com/	1970-01-20 12:30:00	Name: slec103f872def2557028e4aca50c4daff0f Value: [4318448]
paybyplatema.site/	1970-01-20 12:30:00	Name: pbpr0tpuw4isk85t8yg3jb2lj5vqf Value: jellyhelpless.com
my.rtmark.net/	1970-01-20 21:15:36	Name: ID Value: 815a268c5abd4ac4a5b69adfe302fdc4
paybyplatema.site/	1970-01-20 12:30:04	Name: ppu_main_1b6b360a8e7717a7517e85e704ad82f9 Value: 1
paybyplatema.site/	1970-01-20 12:30:00	Name: ppu_idelay_1b6b360a8e7717a7517e85e704ad82f9 Value: 1
.paybyplatema.site/	1970-01-20 22:06:00	Name: _ga_BR9S49MX8J Value: GS1.1.1686600655.1.0.1686600658.0.0.0
.paybyplatema.site/	1970-01-20 22:06:00	Name: _ga_PQVTRPL0ST Value: GS1.1.1686600656.1.0.1686600658.0.0.0
.paybyplatema.site/	1970-01-20 22:06:00	Name: _ga_5M4EY5KCMW Value: GS1.1.1686600657.1.0.1686600658.0.0.0
.jurato.info/	1970-01-20 22:06:00	Name: c0068 Value: bttrP4697Z
.jurato.info/	1970-01-20 22:06:00	Name: r0068 Value: tr
.jurato.info/	1970-01-20 22:06:00	Name: cid0068 Value: 25238e0ebf4385f3e6820ac2096b476c
.jurato.info/	1970-01-20 22:06:00	Name: z0068 Value: 18057692
.jurato.info/	1970-01-20 22:06:00	Name: v0068bttrP4697Z Value: %7B%2212%22%3A1%7D
.jurato.info/	1970-01-20 22:06:00	Name: e0068 Value: VPGCNBK0FG
.jurato.info/	1970-01-20 21:15:36	Name: _asd Value: 16866006587513151

22 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://paybyplatema.site/(Line 105) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 105) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 8) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/d3b70164122317877867615a5af5346f/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4969693136336878&output=html&adk=1812271804&adf=3025194257&lmt=1686586138&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x1080_l%7C212x1080_r&format=0x0&url=https%3A%2F%2Fpaybyplatema.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686600656735&bpp=5&bdt=1271&idt=541&shv=r20230608&mjsv=m202306070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1562759444817&rume=1&frm=20&pv=2&ga_vid=194342455.1686600656&ga_sid=1686600657&ga_hid=1838772467&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759926%2C44759837%2C44759875%2C44788441%2C44793497%2C31061691%2C31061692&oid=2&pvsid=3792411673577971&tmod=342910179&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=572 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	Message: The script has an unsupported MIME type ('text/plain').
javascript	error	URL: https://globaladblocker.com/addon.php?gb=bttrP4697Z&_c=12&gi=18057692&ge=25238e0ebf4385f3e6820ac2096b476c&gd=tr&gg=728308(Line 44) Message: Access to XMLHttpRequest at 'chrome-extension://eklanaffifkpfdpnkngfilpcgodfdimb/filters/static/3aefc5e5-dbff-4b30-b153-edbe89ddecd4.png' from origin 'https://globaladblocker.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://eklanaffifkpfdpnkngfilpcgodfdimb/filters/static/3aefc5e5-dbff-4b30-b153-edbe89ddecd4.png Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acacdn.com
adservice.google.com
alterassumeaggravate.com
banquetunarmedgrater.com
cdn.barscreative1.com
cdn.jsdelivr.net
csi.gstatic.com
eklanaffifkpfdpnkngfilpcgodfdimb
eyebrowsneardual.com
friendshipmale.com
g.ezodn.com
globaladblocker.com
googleads.g.doubleclick.net
jellyhelpless.com
jurato.info
my.rtmark.net
pagead2.googlesyndication.com
partner.googleadservices.com
paybyplatema.site
pixel.quantserve.com
playerstrivefascinated.com
rampmention.com
region1.google-analytics.com
rules.quantcount.com
secure.quantserve.com
simplewebanalysis.com
supreme-ad-blocker.info
www.googletagmanager.com
yonhelioliskor.com
youradexchange.com
banquetunarmedgrater.com
cdn.barscreative1.com
csi.gstatic.com
eklanaffifkpfdpnkngfilpcgodfdimb
globaladblocker.com
paybyplatema.site
playerstrivefascinated.com
region1.google-analytics.com
supreme-ad-blocker.info
youradexchange.com
139.45.195.8
139.45.197.251
173.233.137.60
192.243.59.20
192.243.61.227
2001:4860:4802:34::36
2600:9000:20c3:6800:6:44e3:f8c0:93a1
2606:4700:3030::ac43:b3fd
2606:4700:3034::6815:5950
2606:4700:3036::6815:2f69
2606:4700:3037::6815:1fd7
2606:4700:e0::ac40:6113
2606:4700:e6::ac40:c309
2606:4700:e6::ac40:ca17
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:800::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:82f::2008
2a04:4e42:600::485
2a06:98c1:3120::3
52.58.93.188
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
05e76c02bbb4b026b8df4a8eb974817222ac5557606faf861fa41f6ed88c6fab
09e30996481d88c7d78b5c4562857e6d67489c3407558c59aa995b21c62608e1
0ae4df3bd75d8320327a69eb07e916ed4eccedb7037065ad352eb39fba0b364f
0c1c4eaa979cfd353714ac3de813dd67b7344b3daf0ad311fbc00b15125a70f0
0d4111e4882268268177db77636d5f826ba52e67df1c02bd4c4d0c2d823f2ed6
0e56326d1f81421ab6a0dcb21bd13886ea4d61587e9e531041e34e920fdb70d2
14907949e77e053af56f06215b532a69875a1ffce84ff513fe9b6d3b6866af28
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
19f8113c57259c026c13cd6cd9187398bd89620f6fc371b78adbe352f9abaaca
1b9269ecf5672dc6eae741bbbf3f15a92f887311b19cc49c2727fdc1db0589a7
1bd584a86b1cd36b9581643c7ebcbbb6c63117da54659de5b793eefa939de63b
1ced0f86ca65e0ec419eb8b3b466b5f0c57e68ff29197deaf6e66e493f90d0b7
2186c62483df74f6126183f48049291bda5b7d372abc2d7de9e5640e0425b75c
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
268ed9f2682cab7b835eab31969de281f4bf15d382041771ca74d5888fa33521
281abd307952337b05605b3f480d476a06395acf326d0db104e3eb7d9be7284c
2b104db680a9d1df48409a24d2f18c31e2867e67e921c44b00c72b22d9762bb8
2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f
2c09b9af68d1bc481ff60d88e79c05073d712a1eff132fb7c3d8d9fd82e59aed
353c4ef44bcc87605cc565359d01a39a79205508a124f7cab80c1ae72ceb5bcd
4718dd9f68e969d1cb5e1b6172206b7150ad1d8cd5c5c1fe5812dd0e1646d426
4784e037546fcb7f73c1e1b0b3052aa93dc4a0b841088ab47c998e26d98ae2b1
4e3e5db28d69f4fd53908202da94a4363ded4a02559d530da9e9ed538f6ed9a5
593bbf2efc5afde2159758fcbcff5f5ebcad0c0a99bddbb37d709c6c159736ed
5f8ee01d1d773f8a7af694b1ec494c9df5c0e438fe29435595eab0e3cacc81f3
6401a8a455d3d0562e611c024ef59a29ad97eca51672a72b68183be006583ee8
758519148bca76af1cfe30b12896dc40207967dd283a8aec6281588d07cb433a
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711
79c9acd56ecda2a70935972ccb5705809d34dc161c3685f0b2656ba473246b39
8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6
995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac
9e80d4cbd46e87c8252336d360b1196a138371c334fe556cf90ab41902dc9526
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a671c6076dc1d4405d0944142486cc17bf3cef2972e3b210c108c47068a10c30
a9be9d68ed8eb253021f912701aec28d04572ca48b613dca674a731b16d91b24
b4030c5c6e8b7ca4408bed3b4c16ee5cf1836bac506cd9d01f0041714d456ac8
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
c0d8f6b23376ae9ace217252e26a9b439b0d54057b8ec22baecf167fc71f1bb0
c0f8ab82a225918c628a20f948d3537bbae106ec6e6dd6239014b1a75a3e1014
c48d3f99f3a76f202f04a8722164461a25c5ea0caebe3a3e4bd14030c21b693d
cd7865925cd7cb9cad3960822a7603383a6502421146879f7842fc9ed7039186
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0470fbe642d7a6df792459a763a05d7c4a26e5f66ef4f4811e07ea3a6288e39
e19b3a85a335d78a60e423d4a76a429bccdcfc90e0ea83d4a777745eac8e43b7
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ec2fe7950597fcb2348f9ecf8a47a5d03ec370ae6db901167f607a49eb6c5749
eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae
f8d3963d521dba2106ecf72fe45c1479a58f60fff37e6cef77e47f32ff62728f
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

globaladblocker.com Open in urlscan Pro 2606:4700:3036::6815:2f69 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

102 Requests

73 %HTTPS

74 %IPv6

29 Domains

30 Subdomains

23 IPs

3 Countries

1078 kBTransfer

3179 kBSize

57 Cookies

0 Outgoing links

Page URL History

Redirected requests

102 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

globaladblocker.com Open in urlscan Pro
2606:4700:3036::6815:2f69 Public Scan

Screenshot
Live screenshot

Full Image

102
Requests

73 %
HTTPS

74 %
IPv6

29
Domains

30
Subdomains

23
IPs

3
Countries

1078 kB
Transfer

3179 kB
Size

57
Cookies

102 HTTP transactions
0 data transactions