pay-protection.site Open in urlscan Pro
2a00:f940:2:2:1:1:0:134  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://robolink.info/kkcb?n7e Page URL
2. https://pay-protection.site/ Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	kkcb Show response robolink.info/	1 KB 1022 B	312ms 118ms	Document text/html	190.115.24.42 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://robolink.info/kkcb?n7e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 190.115.24.42 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash e5d7e8d0d06e4addabc4194c5e68235316a50a57a05a2033d2da158012879cf9 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Strict-Transport-Security max-age=15768000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options ALLOWALL Request headers :method GET :authority robolink.info :scheme https :path /kkcb?n7e pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server ddos-guard content-security-policy upgrade-insecure-requests; set-cookie __ddg1=yVLWuMv4PgMgzlZhYp2o; Domain=.robolink.info; HttpOnly; Path=/; Expires=Sat, 29-May-2021 08:47:48 GMT cookieID=2069074; expires=Sun, 28-Jun-2020 08:47:49 GMT; Max-Age=2592000; path=/; domain=robolink.info date Fri, 29 May 2020 08:47:49 GMT content-type text/html; charset=utf-8 strict-transport-security max-age=15768000; includeSubdomains; preload access-control-allow-origin * x-frame-options ALLOWALL x-content-type-options nosniff content-encoding gzip
GET H/1.1	200 OK	jquery-2.1.3.min.js Show response code.jquery.com/	82 KB 29 KB	1951ms 130ms	Script application/javascript	209.197.3.24 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-2.1.3.min.js Requested by Host: robolink.info URL: https://robolink.info/kkcb?n7e Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 209.197.3.24 Phoenix, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS vip0x018.map2.ssl.hwcdn.net Software nginx / Resource Hash 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Request headers Referer https://robolink.info/kkcb?n7e User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 29 May 2020 08:47:51 GMT Content-Encoding gzip Last-Modified Thu, 18 Dec 2014 15:17:03 GMT Server nginx ETag W/"5492efef-14960" Vary Accept-Encoding X-HW 1590742069.dop013.lo4.t,1590742071.cds070.lo4.shn,1590742071.cds070.lo4.c Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * Cache-Control max-age=315360000, public Connection Keep-Alive Accept-Ranges bytes Content-Length 29507
GET H2	200	jquery.syotimer.js Show response robolink.info/js/	10 KB 4 KB	55ms 55ms	Script application/javascript	190.115.24.42 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://robolink.info/js/jquery.syotimer.js Requested by Host: robolink.info URL: https://robolink.info/kkcb?n7e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 190.115.24.42 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash b648262c5dd3817590d4077f423a487895ac9e0b185f3e7f683e6c75b24afe1b Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Request headers Referer https://robolink.info/kkcb?n7e User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; content-encoding gzip etag W/"5d11edd0-286f" age 458242 status 200 content-length 3291 last-modified Tue, 25 Jun 2019 09:48:00 GMT server ddos-guard date Sun, 24 May 2020 01:30:27 GMT vary Accept-Encoding access-control-allow-methods GET, POST, OPTIONS content-type application/javascript access-control-allow-origin * access-control-expose-headers Content-Length,Content-Range accept-ranges bytes access-control-allow-headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
GET H2	200	6952.jpg e-pay.name/i/product/695/	46 KB 46 KB	219ms 87ms	Image image/jpeg	190.115.19.162 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Show image Full URL https://e-pay.name/i/product/695/6952.jpg Requested by Host: robolink.info URL: https://robolink.info/kkcb?n7e Protocol H2 Security TLS 1.3, , AES_128_GCM Server 190.115.19.162 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software ddos-guard / Resource Hash 4ce89838e578b22e04b3ac12802e6bf7d2fd4b115190920cf62362868864340d Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Strict-Transport-Security max-age=15768000; includeSubdomains; preload X-Content-Type-Options nosniff X-Frame-Options ALLOWALL Request headers Referer https://robolink.info/kkcb?n7e User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy upgrade-insecure-requests; x-content-type-options nosniff last-modified Sun, 24 May 2020 14:50:09 GMT server ddos-guard age 13153 status 200 date Fri, 29 May 2020 05:08:36 GMT x-frame-options ALLOWALL content-type image/jpeg access-control-allow-origin * strict-transport-security max-age=15768000; includeSubdomains; preload accept-ranges bytes content-length 47041 etag "5eca89a1-b7c1"
GET H2	200	Primary Request / Show response pay-protection.site/	28 KB 6 KB	441ms 63ms	Document text/html	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/ Requested by Host: robolink.info URL: https://robolink.info/kkcb?n7e Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash d0e093e7e03c17faf007d2cefb0b5bcc1d4f17121a9e94b5dcf609831986cef4 Request headers :method GET :authority pay-protection.site :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer https://robolink.info/kkcb?n7e accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://robolink.info/kkcb?n7e Response headers status 200 server nginx date Fri, 29 May 2020 08:47:53 GMT content-type text/html vary Accept-Encoding content-encoding gzip
GET H2	200	site_global.css pay-protection.site/css/	7 KB 2 KB	42ms 41ms	Stylesheet text/css	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/css/site_global.css?crc=444006867 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 6303579ed9319f4224acba1999c45eda83f328fbed23f742663b5ada39d8b0c5 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:55:04 GMT server nginx etag W/"5ed0b1c8-1d5b" vary Accept-Encoding content-type text/css status 200
GET H2	200	master_______-a.css pay-protection.site/css/	460 B 579 B	42ms 41ms	Stylesheet text/css	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/css/master_______-a.css?crc=3939464080 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash a360c7a9c0d638e790cc69f82aabb5d3bcbe8851bd301215f4e8725d97dcbe62 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:55:04 GMT server nginx etag "5ed0b1c8-1cc" content-type text/css status 200 accept-ranges bytes content-length 460
GET H2	200	index.css pay-protection.site/css/	8 KB 2 KB	43ms 42ms	Stylesheet text/css	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/css/index.css?crc=427617229 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 2c287a32a8813a31bd8a5700ee8c4558e3c7d0cd0de842404cc9228b8e477144 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:55:08 GMT server nginx etag W/"5ed0b1cc-1fe1" vary Accept-Encoding content-type text/css status 200
GET H2	200	blank.gif pay-protection.site/images/	43 B 162 B	40ms 40ms	Image image/gif	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/blank.gif?crc=4208392903 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:51:00 GMT server nginx etag "5ed0b0d4-2b" content-type image/gif status 200 accept-ranges bytes content-length 43
GET H2	200	1f978804627acb7a1e0230027c69591e.js Show response megatimer.ru/get/	1 KB 1 KB	243ms 80ms	Script application/javascript	5.188.114.126 SELECTEL-MSK
General Check archive.org Show headers Download Go to Full URL https://megatimer.ru/get/1f978804627acb7a1e0230027c69591e.js Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.188.114.126 , Russian Federation, ASN50340 (SELECTEL-MSK, RU), Reverse DNS Software nginx / Resource Hash bae1da69593834eea93f76f784c5bf93e25a8ca4a283dc10e58d4bbd663b1c4d Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 29 May 2020 08:47:54 GMT server nginx content-type application/javascript
GET H2	200	require.js Show response pay-protection.site/scripts/	16 KB 7 KB	44ms 43ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/require.js?crc=4177726516 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 505740ccc3084fb2ca0f638c6d19fc8ee099e887482368615f49c7789c499cc1 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:38 GMT server nginx etag W/"5ed0b0fa-4024" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	proccess_domain.js Show response pay-protection.site/	986 B 1 KB	40ms 40ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/proccess_domain.js Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 0b7954ac26553b350b2a1e1fb3dde746921bf697ff0c02bd20159aa54df18bc6 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Mon, 18 May 2020 11:44:52 GMT server nginx etag "5ec27534-3da" content-type application/javascript status 200 accept-ranges bytes content-length 986
GET H2	200	brutaltype.woff pay-protection.site/fonts/	27 KB 27 KB	104ms 104ms	Font application/octet-stream	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/fonts/brutaltype.woff Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash a589357fcb9b56018f2a5e44edc508da4438112f44122bf08a1eb0b00b48c089 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://pay-protection.site/css/index.css?crc=427617229 Origin https://pay-protection.site Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:55:00 GMT server nginx etag W/"51c5363-6be8-5a6c3ec7e4421" vary Accept-Encoding content-type text/plain status 200
GET H2	200	timer.min.js Show response megatimer.ru/timer/	27 KB 27 KB	138ms 138ms	Script application/javascript	5.188.114.126 SELECTEL-MSK
General Check archive.org Show headers Download Go to Full URL https://megatimer.ru/timer/timer.min.js?v=1 Requested by Host: megatimer.ru URL: https://megatimer.ru/get/1f978804627acb7a1e0230027c69591e.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 5.188.114.126 , Russian Federation, ASN50340 (SELECTEL-MSK, RU), Reverse DNS Software nginx / Resource Hash aedf3551219404450d4b89ae507abb6d9078aec674b24d3e5709b89ca52e1ee8 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 01 May 2020 12:45:46 GMT server nginx etag "5eac19fa-6c37" content-type application/javascript status 200 cache-control max-age=2592000 accept-ranges bytes content-length 27703 expires Sun, 28 Jun 2020 08:47:54 GMT
GET H2	200	brutaltype-black.woff pay-protection.site/fonts/	26 KB 26 KB	109ms 108ms	Font application/octet-stream	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/fonts/brutaltype-black.woff Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash fa12a0f980af3d44447b8540316820888f07f92b1df3535f70c52ec2c4915b32 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://pay-protection.site/css/index.css?crc=427617229 Origin https://pay-protection.site Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:55:02 GMT server nginx etag W/"51c5364-6840-5a6c3ec9e9979" vary Accept-Encoding content-type text/plain status 200
GET H2	200	jquery-1.8.3.min.js Show response pay-protection.site/scripts/	91 KB 33 KB	49ms 49ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/jquery-1.8.3.min.js?crc=209076791 Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:36 GMT server nginx etag W/"5ed0b0f8-16dc5" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	request_domain.php Show response pay-epay.net/	40 B 229 B	236ms 92ms	XHR text/html	190.115.26.190 DDOS-GUARD CORP.
General Check archive.org Show headers Download Go to Full URL https://pay-epay.net/request_domain.php Requested by Host: pay-protection.site URL: https://pay-protection.site/proccess_domain.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 190.115.26.190 , Belize, ASN262254 (DDOS-GUARD CORP., BZ), Reverse DNS Software ddos-guard / Resource Hash 8704d9b07fac0e139ea0998ef3d221dab0af4ff36c39861d396d1cbef41f6264 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip server ddos-guard access-control-allow-origin * content-type text/html; charset=UTF-8
GET H2	200	museconfig.js Show response pay-protection.site/scripts/	2 KB 1 KB	40ms 40ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/museconfig.js?crc=3936894949 Requested by Host: pay-protection.site URL: https://pay-protection.site/scripts/require.js?crc=4177726516 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash fcc3774651fc98c43b9eee36d2eb3d88a55916015c177329c5342f350d2f864b Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:37 GMT server nginx etag W/"5ed0b0f9-7fd" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	css fonts.googleapis.com/	2 KB 645 B	15ms 15ms	Stylesheet text/css	2a00:1450:4001:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Comfortaa&subset=latin,cyrillic Requested by Host: megatimer.ru URL: https://megatimer.ru/timer/timer.min.js?v=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0a2465343b48ab93b33382254e3782abe09f938f97f1ead27177f10d6e47b308 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff status 200 alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 29 May 2020 08:47:54 GMT server ESF date Fri, 29 May 2020 08:47:54 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 29 May 2020 08:47:54 GMT
GET H2	200	1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfJh1Zyc61YA.woff fonts.gstatic.com/s/comfortaa/v28/	14 KB 15 KB	8ms 7ms	Font font/woff	2a00:1450:4001:81b::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/comfortaa/v28/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4WjMDrMfJh1Zyc61YA.woff Requested by Host: pay-protection.site URL: https://pay-protection.site/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ed20b30ec035bd16a506f1e0c6245f2b25397e8fe42f7fb78a7cc730b9bf1dca Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://fonts.googleapis.com/css?family=Comfortaa&subset=latin,cyrillic Origin https://pay-protection.site Response headers date Mon, 18 May 2020 19:18:32 GMT x-content-type-options nosniff last-modified Tue, 04 Feb 2020 22:48:45 GMT server sffe age 912562 status 200 content-type font/woff access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14828 x-xss-protection 0 expires Tue, 18 May 2021 19:18:32 GMT
GET H2	200	museutils.js Show response pay-protection.site/scripts/	60 KB 17 KB	48ms 47ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/museutils.js?crc=4250906080 Requested by Host: pay-protection.site URL: https://pay-protection.site/scripts/require.js?crc=4177726516 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash c7c1a7ae1726b8d533c1fff76eb03f86e91bb9246a84edf85ca797fa39ec9a8a Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:37 GMT server nginx etag W/"5ed0b0f9-f04b" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	whatinput.js Show response pay-protection.site/scripts/	2 KB 925 B	49ms 48ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/whatinput.js?crc=86476730 Requested by Host: pay-protection.site URL: https://pay-protection.site/scripts/require.js?crc=4177726516 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 8b4507ad2677bc9668ee296a3b44db60aea2134e6ca3c76131c0f7f24b5788db Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:37 GMT server nginx etag W/"5ed0b0f9-6b0" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	jquery.watch.js Show response pay-protection.site/scripts/	2 KB 1 KB	49ms 49ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/jquery.watch.js?crc=399457859 Requested by Host: pay-protection.site URL: https://pay-protection.site/scripts/require.js?crc=4177726516 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 5dde53486284162b986bd1ab520500c750f652a18798df3bf0f58621950c1f56 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:38 GMT server nginx etag W/"5ed0b0fa-73b" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	jquery.museresponsive.js Show response pay-protection.site/scripts/	6 KB 3 KB	50ms 49ms	Script application/javascript	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Full URL https://pay-protection.site/scripts/jquery.museresponsive.js?crc=3939574382 Requested by Host: pay-protection.site URL: https://pay-protection.site/scripts/require.js?crc=4177726516 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash ce25a043e12677adf5cbd3d99f008d729c0f5e82747e6d7c44a15a4e03e434c6 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT content-encoding gzip last-modified Fri, 29 May 2020 06:51:38 GMT server nginx etag W/"5ed0b0fa-190d" vary Accept-Encoding content-type application/javascript status 200
GET H2	200	paypal-logo-pp-2014.jpg pay-protection.site/images/	12 KB 12 KB	42ms 40ms	Image image/jpeg	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/paypal-logo-pp-2014.jpg?crc=235121363 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 6e79f2287a98c9d8460474d2688673e2e9fa5b322abac8df75bd07e60c3321cc Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:57 GMT server nginx etag "5ed0b0d1-2f88" content-type image/jpeg status 200 accept-ranges bytes content-length 12168
GET H2	200	%d0%b2%d0%b8%d0%b7%d0%b0.png pay-protection.site/images/	8 KB 8 KB	42ms 41ms	Image image/png	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/%d0%b2%d0%b8%d0%b7%d0%b0.png?crc=3932582911 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 80c47a46c982308414703d04125daca320966ee0b0f7da989646c2dfc390df25 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:58 GMT server nginx etag "5ed0b0d2-1e55" content-type image/png status 200 accept-ranges bytes content-length 7765
GET H2	200	%d1%87%d0%b5%d0%ba.jpg pay-protection.site/images/	43 KB 44 KB	43ms 42ms	Image image/jpeg	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/%d1%87%d0%b5%d0%ba.jpg?crc=172412674 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 36158fe5d325274a18361bad3d317aa3312b2dc0f2a22b4a06709bab9d3c2263 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:58 GMT server nginx etag "5ed0b0d2-adf4" content-type image/jpeg status 200 accept-ranges bytes content-length 44532
GET H2	200	%d1%81%d1%81%d0%bb.jpg pay-protection.site/images/	6 KB 6 KB	83ms 82ms	Image image/jpeg	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/%d1%81%d1%81%d0%bb.jpg?crc=3768380653 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 27a6be16d3a7a138e15cbd2a3f095182165fdb1fdc6f4eba59c6e163a613623b Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:59 GMT server nginx etag "5ed0b0d3-17ff" content-type image/jpeg status 200 accept-ranges bytes content-length 6143
GET H2	200	secure.png pay-protection.site/images/	10 KB 10 KB	84ms 83ms	Image image/png	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/secure.png?crc=4160000218 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 5054b1a7ab72cb39cf1932b24bda0e999ce2ce0111050125581e534ae0ca6246 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:59 GMT server nginx etag "5ed0b0d3-2903" content-type image/png status 200 accept-ranges bytes content-length 10499
GET H2	200	%d0%bf%d1%80%d0%be%d1%82%d0%be.png pay-protection.site/images/	19 KB 19 KB	84ms 83ms	Image image/png	2a00:f940:2:2:1:1:0:134 AS-REG
General Check archive.org Show headers Download Go to Show image Full URL https://pay-protection.site/images/%d0%bf%d1%80%d0%be%d1%82%d0%be.png?crc=3764313077 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a00:f940:2:2:1:1:0:134 , Russian Federation, ASN197695 (AS-REG, RU), Reverse DNS Software nginx / Resource Hash 6fc198fecd40cb3be3f8eec35bf0abc0329e51abbc048e706c5500235368ba57 Request headers Referer https://pay-protection.site/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 29 May 2020 08:47:54 GMT last-modified Fri, 29 May 2020 06:50:59 GMT server nginx etag "5ed0b0d3-4d1d" content-type image/png status 200 accept-ranges bytes content-length 19741

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Muse function| $ function| jQuery boolean| suppressMissingFileError function| muse_init function| getDomainDef function| proccess_main_urls function| isEmpty function| requirejs function| require function| define string| flipchartCss function| MegaTimer boolean| museConfigLoadedAndExecuted object| jQuery18305930455959341911 function| S

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			pay-protection.site/	1970-01-19 09:58:07	Name: timer1f978804627acb7a1e0230027c69591e Value: 1590828414430

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=15768000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
e-pay.name
fonts.googleapis.com
fonts.gstatic.com
megatimer.ru
pay-epay.net
pay-protection.site
robolink.info
190.115.19.162
190.115.24.42
190.115.26.190
209.197.3.24
2a00:1450:4001:815::200a
2a00:1450:4001:81b::2003
2a00:f940:2:2:1:1:0:134
5.188.114.126
0a2465343b48ab93b33382254e3782abe09f938f97f1ead27177f10d6e47b308
0b7954ac26553b350b2a1e1fb3dde746921bf697ff0c02bd20159aa54df18bc6
27a6be16d3a7a138e15cbd2a3f095182165fdb1fdc6f4eba59c6e163a613623b
2c287a32a8813a31bd8a5700ee8c4558e3c7d0cd0de842404cc9228b8e477144
36158fe5d325274a18361bad3d317aa3312b2dc0f2a22b4a06709bab9d3c2263
4ce89838e578b22e04b3ac12802e6bf7d2fd4b115190920cf62362868864340d
5054b1a7ab72cb39cf1932b24bda0e999ce2ce0111050125581e534ae0ca6246
505740ccc3084fb2ca0f638c6d19fc8ee099e887482368615f49c7789c499cc1
5dde53486284162b986bd1ab520500c750f652a18798df3bf0f58621950c1f56
6303579ed9319f4224acba1999c45eda83f328fbed23f742663b5ada39d8b0c5
6e79f2287a98c9d8460474d2688673e2e9fa5b322abac8df75bd07e60c3321cc
6fc198fecd40cb3be3f8eec35bf0abc0329e51abbc048e706c5500235368ba57
80c47a46c982308414703d04125daca320966ee0b0f7da989646c2dfc390df25
8704d9b07fac0e139ea0998ef3d221dab0af4ff36c39861d396d1cbef41f6264
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8b4507ad2677bc9668ee296a3b44db60aea2134e6ca3c76131c0f7f24b5788db
a360c7a9c0d638e790cc69f82aabb5d3bcbe8851bd301215f4e8725d97dcbe62
a589357fcb9b56018f2a5e44edc508da4438112f44122bf08a1eb0b00b48c089
aedf3551219404450d4b89ae507abb6d9078aec674b24d3e5709b89ca52e1ee8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b648262c5dd3817590d4077f423a487895ac9e0b185f3e7f683e6c75b24afe1b
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32
bae1da69593834eea93f76f784c5bf93e25a8ca4a283dc10e58d4bbd663b1c4d
c7c1a7ae1726b8d533c1fff76eb03f86e91bb9246a84edf85ca797fa39ec9a8a
ce25a043e12677adf5cbd3d99f008d729c0f5e82747e6d7c44a15a4e03e434c6
d0e093e7e03c17faf007d2cefb0b5bcc1d4f17121a9e94b5dcf609831986cef4
e5d7e8d0d06e4addabc4194c5e68235316a50a57a05a2033d2da158012879cf9
ed20b30ec035bd16a506f1e0c6245f2b25397e8fe42f7fb78a7cc730b9bf1dca
fa12a0f980af3d44447b8540316820888f07f92b1df3535f70c52ec2c4915b32
fcc3774651fc98c43b9eee36d2eb3d88a55916015c177329c5342f350d2f864b