paybyplatema.site Open in urlscan Pro
2606:4700:3030::ac43:b3fd Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://paybyplatema.site/
Effective URL:
https://paybyplatema.site/
Submission: On January 03 via api (January 3rd 2024, 8:02:33 pm UTC) from US — Scanned from DE

Summary HTTP 48 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 48 HTTP transactions. The main IP is 2606:4700:3030::ac43:b3fd, located in United States and belongs to CLOUDFLARENET, US. The main domain is paybyplatema.site.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 10th 2023. Valid for: a year.

This is the only time paybyplatema.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3037::6815:1fd7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700:303... 2606:4700:3030::ac43:b3fd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
5	2606:4700:e0:... 2606:4700:e0::ac40:6718	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	192.243.61.225 192.243.61.225	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	2606:4700:303... 2606:4700:3037::ac43:8977	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	139.45.197.251 139.45.197.251	9002 (RETN-AS) (RETN-AS)
7	2606:4700:e0:... 2606:4700:e0::ac40:640b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	2606:4700:303... 2606:4700:3034::6815:86c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
48	11

1 2606:4700:3037::6815:1fd7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700:3030::ac43:b3fd (United States)

ASN13335 (CLOUDFLARENET, US)

paybyplatema.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:e0::ac40:6718 (United States)

ASN13335 (CLOUDFLARENET, US)

achcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.243.61.225 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

alterassumeaggravate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8977 (United States)

ASN13335 (CLOUDFLARENET, US)

acacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 139.45.197.251 (United Kingdom)

ASN9002 (RETN-AS, GB)

yonhelioliskor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:e0::ac40:640b (United States)

ASN13335 (CLOUDFLARENET, US)

youradexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:86c (United States)

ASN13335 (CLOUDFLARENET, US)

pubtrky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	paybyplatema.site 1 redirects paybyplatema.site	106 KB
11	yonhelioliskor.com yonhelioliskor.com — Cisco Umbrella Rank: 568442	41 KB
7	youradexchange.com youradexchange.com — Cisco Umbrella Rank: 14501	1 KB
7	alterassumeaggravate.com alterassumeaggravate.com — Cisco Umbrella Rank: 793455
5	achcdn.com achcdn.com — Cisco Umbrella Rank: 76840	192 KB
1	pubtrky.com pubtrky.com — Cisco Umbrella Rank: 14780	408 B
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 6582	546 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1695	255 B
1	acacdn.com acacdn.com — Cisco Umbrella Rank: 117297	51 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	74 KB
48	10

	Domain	Requested by
13	paybyplatema.site	1 redirects paybyplatema.site
11	yonhelioliskor.com	paybyplatema.site yonhelioliskor.com
7	youradexchange.com	achcdn.com
7	alterassumeaggravate.com	paybyplatema.site
5	achcdn.com	paybyplatema.site achcdn.com
1	pubtrky.com	achcdn.com
1	my.rtmark.net	paybyplatema.site
1	region1.google-analytics.com	www.googletagmanager.com
1	acacdn.com	paybyplatema.site
1	www.googletagmanager.com	paybyplatema.site
48	10

This site contains links to these domains. Also see Links.

Domain
youradexchange.com
generatepress.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-10` - `2024-02-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
achcdn.com GTS CA 1P5	`2023-12-22` - `2024-03-21`	3 months	crt.sh
alterassumeaggravate.com R3	`2023-11-15` - `2024-02-13`	3 months	crt.sh
acacdn.com GTS CA 1P5	`2023-11-06` - `2024-02-04`	3 months	crt.sh
yonhelioliskor.com R3	`2023-11-22` - `2024-02-20`	3 months	crt.sh
youradexchange.com GTS CA 1P5	`2023-12-15` - `2024-03-14`	3 months	crt.sh
rtmark.net R3	`2023-12-23` - `2024-03-22`	3 months	crt.sh
pubtrky.com GTS CA 1P5	`2023-11-21` - `2024-02-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://paybyplatema.site/
Frame ID: BE7B60980A09A0FC8D05F172879EAE7B
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayByPlateMa - PayByPlateMa

Page URL History Show full URLs

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

48
Requests

98 %
HTTPS

73 %
IPv6

10
Domains

10
Subdomains

11
IPs

3
Countries

466 kB
Transfer

1366 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://youradexchange.com/ad/visit.php?al=1

Search URL Search Domain Scan URL

URL: https://generatepress.com/
Title: GeneratePress

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://paybyplatema.site/ HTTP 301
https://paybyplatema.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
paybyplatema.site/
Redirect Chain

http://paybyplatema.site/
https://paybyplatema.site/

88 KB
20 KB

799ms
727ms

Document
text/html

2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c2360808ae25b9e2ffb1b02a31c9817510c595fc9feb42ea265a8aa914b6bf3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 83fdd6e0dab95c41-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 03 Jan 2024 20:02:26 GMT
link: <https://paybyplatema.site/wp-json/>; rel="https://api.w.org/" <https://paybyplatema.site/wp-json/wp/v2/pages/14>; rel="alternate"; type="application/json" <https://paybyplatema.site/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=toX5hMrZrd0WxL9QpObB2TJCIuQU2J%2BvlYrdxa3IOnauLYwQ5jOgKR3fZZll1ncIawYJ7oA%2FRlF%2Fh4GO5JTZdn1jU4tLbxHBJZBadIdXRJMCTbghNXYgIpkJqMFfDJhTegkz2tYbZKa710QIoUXFuw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-ua-compatible: IE=edge

Redirect headers

CF-RAY: 83fdd6e01c2637fe-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Wed, 03 Jan 2024 20:02:25 GMT
Expires: Wed, 03 Jan 2024 21:02:25 GMT
Location: https://paybyplatema.site/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGqxsOf5vXuvL8BEmfoRtGIFeDcB78RXRjWoMviwmR8NA0ob%2BsA6EMxNPwmJs12VYr5LyIOH6%2FZgD72fbMCO5cbHbZRKWs6BEbyXJDFkRAWTFLnIMrNFxd26iuNymKNMearQPu%2Fz35ZAD3J9cfRRpA%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.min.css
paybyplatema.site/wp-includes/css/dist/block-library/ 107 KB
15 KB 244ms
243ms Stylesheet
text/css 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:26 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 08 Nov 2023 04:08:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVgkk5kjKmWC%2BSEmROE7qIvomLiaZZTKKaN0Sss1yaaGxSjoWlxXBbv0MdSQDpsERB6WZlY3YRsKqq0t2D8UNjvh2N4QYb3VrmZCq0VYeEidvT5XzPmhDOl0cY7sLS7fOnUVzjn74iPfbap1VRfynQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 83fdd6e56af85c41-AMS
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jan 2024 20:41:38 GMT

GET
H2 200 all.min.css
paybyplatema.site/wp-content/themes/generatepress/assets/css/ 31 KB
7 KB 438ms
438ms Stylesheet
text/css 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/themes/generatepress/assets/css/all.min.css?ver=3.3.1
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a494cb8a3fc5345ca81844d27d3e0834aa754aeaa0056f1710a1df56acd983c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 26 Oct 2021 19:13:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxY2w3zinKYx0j3L1iMeXD36ILv%2Ftl%2FwSTNcdpL%2F7Jgi5TQJPCIRc%2B4UsM91KlwR%2BaHlhYCBMLAApxHo4nmvlDGfGvkHpe%2BcZBp%2FRB3CcHajjywbleJMcZLxMGvK3ibYD7J3Kwb%2BFZSw2LONX2VdOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 83fdd6e56af95c41-AMS
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jan 2024 20:41:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
74 KB 251ms
97ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

28ab2fe4e7b064310c2cb1a47eeb5494502565c246e82642b8bcb8758a9f73e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75573
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Jan 2024 20:02:27 GMT

GET
H2 200 atg.js Show response
achcdn.com/script/ 162 KB
51 KB 134ms
53ms Script
text/javascript 2606:4700:e0::ac40:6718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://achcdn.com/script/atg.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6718 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 440390e5a30b5e718a48364dfae7168bc15d36fcd8eaf70878f8be6be0fae6ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3384
x-guploader-uploadid: ABPtcPr6pJQfzgoEHwGEuz4mjfe_zHZpF_eInNI4ZcyCm8GBoAGpXlRlDXOXH4Xtl1lQyn0BHaCFja_LNg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:19:10 GMT
server: cloudflare
etag: W/"03a8f2186adfb58f73609aac34b641a0"
vary: Accept-Encoding
x-goog-hash: crc32c=wwU6Bg==, md5=A6jyGGrftY9zYJqsNLZBoA==
x-goog-generation: 1704197949973962
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B10BwDnIVOX1P6VLszUSO5nd%2FdcWjQ5SzpPyMJWGcTDFq6ZaQ3%2Be6AvuTKn3l7tuojAYUEJ86JSQNzF1BHNn%2F%2B%2FIVI6NeXk8uj59Q1nlk5H%2BsQPYbmISe%2BxHALC21tcYLQGt%2B3pzBQ3I"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 166066
cf-ray: 83fdd6e5ef820a6d-AMS
expires: Wed, 03 Jan 2024 19:21:24 GMT

GET
H/1.1 403
Forbidden 103f872def2557028e4aca50c4daff0f.js
alterassumeaggravate.com/10/3f/87/ 0
0 1013ms
122ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Wed, 03 Jan 2024 20:02:27 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 atg.js Show response
acacdn.com/script/ 162 KB
51 KB 154ms
67ms Script
text/javascript 2606:4700:3037::ac43:8977
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://acacdn.com/script/atg.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8977 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 440390e5a30b5e718a48364dfae7168bc15d36fcd8eaf70878f8be6be0fae6ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1640
x-guploader-uploadid: ABPtcPrCjHcSIYtSjdysXez_hzfF21bCwHxlLlIkR9RAjJjHOFs7q44zLZ-NZhdvNV3nQCUux_m0_vfDG4-9iYeMAQRZL9PD8g5s
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:19:10 GMT
server: cloudflare
etag: W/"03a8f2186adfb58f73609aac34b641a0"
vary: Accept-Encoding
x-goog-hash: crc32c=wwU6Bg==, md5=A6jyGGrftY9zYJqsNLZBoA==
x-goog-generation: 1704197949973962
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JLYlbQTF%2Fr%2F1k2hhXxjLBgCaYSShxpDmFTNeK%2BbUEyU%2B7aJrTuF1ZWMd6awPRIUs7YqKpTZ8bz1iN2EN8vROoF9ycfccuWXsaWuPvuuZE6wTNaaXmYAoRQH%2BB8gKEm3HS%2Fr8GzpyHVK"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 166066
cf-ray: 83fdd6e5fb8104a4-CDG
expires: Wed, 03 Jan 2024 20:18:55 GMT

GET
H2 200 tag.min.js Show response
yonhelioliskor.com/pfe/current/ 13 KB
6 KB 148ms
37ms Script
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 13:38:02 GMT
server: nginx
etag: W/"65649bba-33f4"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 200 paybyplatema.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 21 KB
21 KB 163ms
163ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/paybyplatema.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fea20f71235ee7955f3fd0ca12ad15499e92e50a847527c41db626fec1ee0fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:26 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:38:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DtwU4hdGu2qY0c%2Fl3558rJLKH0k3AE90MuWfzyN00Xj7AV2ZkDb7TB1ftMlC4NIuz%2BuN7ovbX%2FBE2XWmYUUEXlACsIoJRp6J4eq7moqJ4st7MED%2Be3nK2iMN0IATCsqZS53KdpSSGeNu8gBUDNaFdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 83fdd6e56aff5c41-AMS
alt-svc: h3=":443"; ma=86400
content-length: 21239
expires: Wed, 10 Jan 2024 10:01:51 GMT

GET
H2 200 PaybyPlateMa-password-reset.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 12 KB
13 KB 453ms
452ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/PaybyPlateMa-password-reset.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:41:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPKWxOsih0i6kUNROUGeM8WnPWVTBpC7L44ZLd8gjFFoSGMzYD6idSkM%2Fwm%2BO8jHdqyKPZ3%2Bt1imMbHRytIkJ4i1E0qKmJiG2WX9MbFBJzTpUuZuW3vx2P9anurRr5NuOly4nptVgcRovyDP6lQLeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 83fdd6e56b025c41-AMS
alt-svc: h3=":443"; ma=86400
content-length: 12634
expires: Mon, 08 Jan 2024 20:41:38 GMT

GET
H2 200 PaybyPlateMa-password-reset-1.jpg
paybyplatema.site/wp-content/uploads/2023/10/ 12 KB
13 KB 440ms
440ms Image
image/jpeg 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://paybyplatema.site/wp-content/uploads/2023/10/PaybyPlateMa-password-reset-1.jpg
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
cf-cache-status: HIT
last-modified: Fri, 27 Oct 2023 08:42:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JKxXTaZySpkuW91FYc26r4F8nSYDHDgV%2Fj4NtOS69YQMUT%2BgXvj7SOadYI0JGMRARK8Pr9ScElMxzlc5flrWDlPm1DY9cccq7qiA%2FGm9QQj4YH5RbP57E31h7foW3iKPRRqhJujn2TW0yQeQnEz4Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 83fdd6e56b035c41-AMS
alt-svc: h3=":443"; ma=86400
content-length: 12634
expires: Wed, 10 Jan 2024 10:01:52 GMT

GET
H3 200 email-decode.min.js Show response
paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 34ms
34ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://paybyplatema.site/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 19 Dec 2023 14:09:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6581a422-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXwPtdxE1Q%2FPM0gNC77Dm0nhwBSE1rzJL6ecSzKVerg32rpjIoxDUSO9LCVGjB%2FQ08wgZ%2B40aRFzIlyJy31ivql6sPHcMMHOfW2Mjr8nEtu3%2BzDQLNCGYINSQAiU%2BqqphAvaouFa7URGaux8e5dp6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 83fdd6e83fc33a94-FRA
expires: Fri, 05 Jan 2024 20:02:27 GMT

GET
H3 200 main.min.css
paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/ 3 KB
1 KB 161ms
161ms Stylesheet
text/css 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/main.min.css?ver=2.1.4
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5978d7eee4b0fb37c9409a3315f1ca722ebd7dfd476a42e9efa8cb016c076414

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 14 Oct 2022 08:55:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2vZ0szEn1IuLa6%2BPt1uyF8uiQghOfFtYZdZ9x%2BNAUboL8Yv4YmfzI3ybHJLhwMQ5bcGCnGELYxLsisaItFYyWOxusoznFx%2BexT2USF303deYy3sGEKca0lj7dqzFzbENgQ0LRbgd9ZdwKmTgpwqdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 83fdd6e83fcb3a94-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 06 Jan 2024 07:36:57 GMT

GET
H3 200 menu.min.js Show response
paybyplatema.site/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 465ms
465ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.3.1
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Mar 2023 16:14:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3B9QN2aooJRNMwbIopPzkxjy5BIYvQj6EUMG9Sd1p3EP%2FoMwaqc30iMTuJK%2BTzNFEOigrMdZn5sV1sN%2B%2B%2Bf49Nnmn8ukaHg%2F%2BfzEYhuVECyw46I34LnmQmuf5xa2INepyS7TcjhGElI5NDyZy56Ng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 83fdd6e868003a94-FRA
alt-svc: h3=":443"; ma=86400
expires: Sat, 06 Jan 2024 07:13:58 GMT

GET
H3 200 main.min.js Show response
paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/ 4 KB
2 KB 178ms
178ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-content/plugins/luckywp-table-of-contents/front/assets/main.min.js?ver=2.1.4
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 14 Oct 2022 08:55:18 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evNBZ%2F3En8dRSxtcG1c8DUuTefHy4LS5897rs5WoXfrd2DelpMX3zTJE9sx78q3PjLz0eogecuUZM92u8cwwuAfnEq6mHz8qFrriuJRXaDYXindp%2BBklBX287Z7Imp%2Bqi1lpWaCAFo1bidH8GiMNRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 83fdd6e938fc3a94-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jan 2024 19:51:17 GMT

GET
BLOB 200
OK f6c7e30a-aebc-4d09-bc2d-327bf55b150d
https://paybyplatema.site/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://paybyplatema.site/f6c7e30a-aebc-4d09-bc2d-327bf55b150d
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 czcf.php Show response
youradexchange.com/ad/ 204 B
668 B 228ms
161ms Fetch
text/html 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ad/czcf.php?cz=owybh2ufgq&chmob=%3F0
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 135d2cb4d2c2261a402b8f7175aa76df28721b6ac9bedd8baad3bfe87885c631

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DEM0F76WrvCY5bNSMB%2BsP8qX%2BGOQhANnK5%2FuAggDvagxEGhGezsnBZDXp%2FsuFHIn%2FF3e0eCooCjFanprOlpgvHkfIcuXbsSEQCuhPOYmnS5c%2BbL8MvJ08uNZq01%2FYJCZZXwAjhFf1OR5RtWAe5qM0MU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: text/html; charset=utf-8
cf-ray: 83fdd6e89b5e382e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H2 200 interstitial.js Show response
achcdn.com/script/ 116 KB
39 KB 53ms
53ms Script
text/javascript 2606:4700:e0::ac40:6718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://achcdn.com/script/interstitial.js
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6718 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02dd35e7dc9403a0f06477825dfe7a1e6f6e79b4c66a5d4610565c0aea8f62c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1097
x-guploader-uploadid: ABPtcPrvNvdoEeus1DrDyfPoGfahTztwqeeh6yYSFTMe1GfRX2z9rGLJ44e10hM61bgw2spyfiA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:22:38 GMT
server: cloudflare
etag: W/"859685d8077815077e80c74ddf850fef"
vary: Accept-Encoding
x-goog-hash: crc32c=Oxqzeg==, md5=hZaF2Ad4FQd+gMdN34UP7w==
x-goog-generation: 1704198157955227
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hkz0DXesFeIKTENCMqI%2FcatVbIl0wXFjvceL3%2FHNbw624Ym4BjvVcyygfRuzPUKXcjT2szvX%2Fhd4oREkTVeubtZWicsVqZUh4hRn7sHql%2BhNZiTXddnjkEpStZY2eBAdxUV%2FiCVBKa35"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 119152
cf-ray: 83fdd6ebb93c0a6d-AMS
expires: Wed, 03 Jan 2024 20:40:17 GMT

GET
H2 200 ippg.js Show response
achcdn.com/script/ 127 KB
41 KB 62ms
61ms Script
text/javascript 2606:4700:e0::ac40:6718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://achcdn.com/script/ippg.js
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6718 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 92b01d003409992d5ab6ab714c69865b1441ec02184d933ed63f411f40d93a2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 292
x-guploader-uploadid: ABPtcPqy4886mv37vEt5e8TwteW-8BIDDwgCXmfObbTK0iuJk_j4GTaF2_TaKq9vrkPqufb2QrI
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:23:32 GMT
server: cloudflare
etag: W/"1940a01c7370e14d68f7bc013a7679ad"
vary: Accept-Encoding
x-goog-hash: crc32c=5Y3Qdw==, md5=GUCgHHNw4U1o97wBOnZ5rQ==
x-goog-generation: 1704198212637904
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gYKXakICz%2Fg0KDMwz7Imqo0EQvh9cbygTW4iNkyOxZmrl6AdvzEtS%2BfK9nBESNbswhBzansyN83wj%2FcxGtrefzMrUQeve%2Fe5aZWOuSG3RoI6uvngWBJAnOVLoYXkIbtP%2FbDsAzXdI9F9"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 129628
cf-ray: 83fdd6ebb93f0a6d-AMS
expires: Wed, 03 Jan 2024 20:06:47 GMT

GET
H2 200 suv5.js Show response
achcdn.com/script/ 100 KB
32 KB 45ms
45ms Script
text/javascript 2606:4700:e0::ac40:6718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://achcdn.com/script/suv5.js
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6718 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 057b3beb14675e050e2889cb633620c57fea071497db942b9a14f350b650221b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 754
x-guploader-uploadid: ABPtcPqfRYO-5KTIGZGumrpOj5mr88RMDfeKlQmmDxmTiE4mtiWeLAkkbfm6Nze8x5jovKk9zVY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:27:37 GMT
server: cloudflare
etag: W/"6a1d59bcfd0704c6b9f6a935d9ab728b"
vary: Accept-Encoding
x-goog-hash: crc32c=9o6Q1w==, md5=ah1ZvP0HBMa59qk12atyiw==
x-goog-generation: 1704198457304802
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9tTzFz5te79%2Fws9oprCjYdj8g5NtVvgBKi2yTnjFetv8DNDCnNAZJcD7jVheKkuoaeXxjxQG8thdnFLMoP5T%2BnA%2F2gQ7ACfgLMPniZ4JRKPrxdfW001BQPIv5UbpNNd7oOYXrGvIHFV"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 102883
cf-ray: 83fdd6ebb9420a6d-AMS
expires: Wed, 03 Jan 2024 20:46:21 GMT

GET
H2 200 czcf.php Show response
youradexchange.com/ad/ 204 B
422 B 160ms
160ms Fetch
text/html 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/ad/czcf.php?cz=dddyue3gxn&chmob=%3F0
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WigS9FSeV6tesqyJ7RCiztXSoRag%2FP3sTXfD30G51Lmpi4MqezNUVrbNG58h223MHyj%2FV0fF%2BXq0NpiMsas%2BuV3x6vrpxA6paf%2B74AhHzq%2Fdq0IjHpbcMgOAte967RL%2BXdx2oVI8wn93ce1JoIKAPjU%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-type: text/html; charset=utf-8
cf-ray: 83fdd6ebcf86382e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 114ms
114ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:27 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 ut.js Show response
achcdn.com/script/ 85 KB
29 KB 52ms
52ms Script
text/javascript 2606:4700:e0::ac40:6718
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://achcdn.com/script/ut.js?cb=1704312147819
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/atg.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:6718 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e192dd3a8ddc8dee416d79a680c86c929bb74c1eb689fd09cfac1c2c8f42c809

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:27 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 50
x-guploader-uploadid: ABPtcPqy9Gk5b-9qedh6qiQ0Ya5VSJhe7FOCC4gg_VyN17BKVLQL0ggx1AUldv7n7ttcWiecP7U
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 12:28:22 GMT
server: cloudflare
etag: W/"aa1f8ab9f0ef3fbcec6aa58b52a6e09b"
vary: Accept-Encoding
x-goog-hash: crc32c=s/XdiQ==, md5=qh+KufDvP7zsaqWLUqbgmw==
x-goog-generation: 1704198502567436
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXwc8%2FzOHs7lrd9Y%2FkHlxPJWOH0HwvzXoeZMg2yEhenLRZ3Xe3rLfxZndr3IWPwJvtZp%2F%2F0U%2BnCoSpGfHfnNP0dDMuvk9hzgJlaXVCxpUTXIISlNxUA%2B2dWQXI9QIIjUQ4dZmQwJWOcQ"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 87304
cf-ray: 83fdd6ebf98c0a6d-AMS
expires: Wed, 03 Jan 2024 20:47:29 GMT

GET
H3 204 suurl5.php
youradexchange.com/script/ 0
0 163ms
162ms Fetch 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/suurl5.php?r=6949554&chmob=%3F0&cbur=0.5267443945406354&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=PayByPlateMa%20-%20PayByPlateMa&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&cbdescription=Technology%20is%20undoubtedly%20making%20our%20lives%20easier.%20With%20an%20intent%20to%20serve%20a%20similar%20purpose%20for%20toll%20payments%2C%20PaybyPlateMa%20and%20E-ZPass%20have%20come%20into%20action.%20You%20won%E2%80%99t%20have%20to%20go%20through%20heavy%20traffic%2C%20low%20fuel%20use%2C%20and%20chances%20of%20crashing%20with%20another%20vehicle%20to%20stay%20before%20time%20to%20pay%20toll%20charges.%20Instead&cbkeywords=&cbcdn=achcdn.com&ts=1704312147866&srs=e184bdbe7fa7e541b778a902eada3dae&atv=39.4-sw-atgv2&atag=1&aggr=2&czid=owybh2ufgq
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/suv5.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ncYvW2AggzKlT6M603TOtoebfwQk76Na1kdoebXTlZU%2ByDfN76ivh3yxVx%2FQ9eci8bCjfPDS8LB9MatVSr%2FtOdh6w%2F0BW2i9QJEQR5mVVt76MYQd%2Bt6abv85fsMCdiKvJYKCg5SlFU3awA7ukzqi94%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6ec4f069b8e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 204 interstitial.php
youradexchange.com/script/ 0
0 187ms
187ms Fetch 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/interstitial.php?r=6949546&chmob=%3F0&srs=e184bdbe7fa7e541b778a902eada3dae&cbpage=https://paybyplatema.site/&atv=39.4-sw-atgv2&cbref=&atag=1&czid=owybh2ufgq&aggr=2&ppv=1
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/interstitial.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5q5YmCsonHPDBG2asgC5FVQxFvDK082n0myy%2FEdTAiNdkr%2BqNdS%2FizCGvsOoVvZMOG%2F5bQDEZAUDGeXPR7M2z2R7rpTJpTGqYqU3fsBNBtjn5KpaKZPAwK6fALKvzOvExTAdwt4ZxdsleaKr4bQLsr0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6ec7f459b8e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 118ms
118ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:27 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

GET
H2 200 zone Show response
yonhelioliskor.com/ 886 B
1 KB 38ms
37ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/zone?pub=0&zone_id=5907218&is_mobile=false&domain=paybyplatema.site&var=&ymid=&var_3=&tg=0&sw=3.1.471

Requested by

Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ce03ca0ed0465f3aa91fb39b34cdd23454eab214117dd54fa467a4ec5c35028a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-trace-id: 4ab0b843e329daa7f57673cae825351d
date: Wed, 03 Jan 2024 20:02:27 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 886

GET
H2 200 universal.min.js Show response
yonhelioliskor.com/pfe/current/ 86 KB
33 KB 111ms
37ms Fetch
application/javascript 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/pfe/current/universal.min.js?v=3.1.471
Requested by: Host: yonhelioliskor.com
URL: https://yonhelioliskor.com/pfe/current/tag.min.js?z=5907218
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:02:28 GMT
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 13:38:02 GMT
server: nginx
etag: W/"65649bba-1572c"
content-type: application/javascript
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache
access-control-allow-credentials: true

GET
H3 204 interstitial.php
youradexchange.com/script/ 0
0 157ms
157ms Fetch 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/interstitial.php?r=6713762&chmob=%3F0&srs=e184bdbe7fa7e541b778a902eada3dae&cbpage=https://paybyplatema.site/&atv=39.4-sw-atgv2-sw-atgv2&cbref=&atag=1&czid=dddyue3gxn&aggr=2&ppv=1
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/interstitial.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Do2GXM3Ub4WgoVNDvrtHU7mfMTqtEEN7wJAKgkA4O5z8lZCtjzX5MiWPXt4lcsIH2uLNynaZzlGAmYg7jFm1EO7waizWB0P0nKERAORBBOaNG8RBt50DnaG7YyDf%2BryfgJbZ%2B6Xe%2BPqPXcLqXexyYE%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6ecdfa69b8e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 204 suurl5.php
youradexchange.com/script/ 0
0 160ms
160ms Fetch 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/suurl5.php?r=6713770&chmob=%3F0&cbur=0.5101285509761471&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=PayByPlateMa%20-%20PayByPlateMa&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&cbdescription=Technology%20is%20undoubtedly%20making%20our%20lives%20easier.%20With%20an%20intent%20to%20serve%20a%20similar%20purpose%20for%20toll%20payments%2C%20PaybyPlateMa%20and%20E-ZPass%20have%20come%20into%20action.%20You%20won%E2%80%99t%20have%20to%20go%20through%20heavy%20traffic%2C%20low%20fuel%20use%2C%20and%20chances%20of%20crashing%20with%20another%20vehicle%20to%20stay%20before%20time%20to%20pay%20toll%20charges.%20Instead&cbkeywords=&cbcdn=achcdn.com&ts=1704312147960&srs=e184bdbe7fa7e541b778a902eada3dae&atv=39.4-sw-atgv2-sw-atgv2&atag=1&aggr=2&czid=dddyue3gxn
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/suv5.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBml4SzAWKd1u%2BXjlwcsVL21hQFUl6PLcrb8KMwrgS01Q74uodd2h5tIxFASyNqVoZOFQnLjJdA%2BppGAV0TN2%2B1kT0YOPnMRSDCAe7BR89XU5m1aU4XCnUuzoZEW%2FlLq2aJS4vNeviZxGPpt9Wa%2FIHs%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6ecdfa89b8e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 117ms
117ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:28 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 274ms
57ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-BR9S49MX8J&gtm=45je3bt0v895380464&_p=1704312147208&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=975271865.1704312148&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1704312148&sct=1&seg=0&dl=https%3A%2F%2Fpaybyplatema.site%2F&dt=PayByPlateMa%20-%20PayByPlateMa&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2267
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-BR9S49MX8J
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 20:02:28 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://paybyplatema.site
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 117ms
117ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:28 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

OPTIONS
H2 200 custom
yonhelioliskor.com/ 0
0 38ms
38ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Jan 2024 20:02:28 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 37ms
37ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: db3e32dacac66a27cbb53cd11c3e7be9
date: Wed, 03 Jan 2024 20:02:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H3 200 Code%20file Show response
paybyplatema.site/ 5 KB
6 KB 326ms
325ms Fetch 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/Code%20file
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 28 Apr 2023 20:57:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3szZl2S3t8jF4fkkhICvWEqbvIZP3vT7%2Fw1tQUdKa3SAz7rUsMfN0BNQxT7w%2Ft3ZRzyrvhS571Uf8MqXBEs7qhHgOtszADWudIVxATjfB0rXtDvovljpgtbZ57a0JkwuJlUHx8ESbmsKZWXUpGYe%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 83fdd6ee2e523a94-FRA
alt-svc: h3=":443"; ma=86400
content-length: 5242

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 303ms
302ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:28 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

OPTIONS
H2 200 custom
yonhelioliskor.com/ 0
0 37ms
37ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Jan 2024 20:02:28 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 37ms
37ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: b28a75a2a5a959ec58faf46745dc9e90
date: Wed, 03 Jan 2024 20:02:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
546 B 123ms
38ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=7d3948ead34448919f835497f2dbd586&zoneId=5907218&checkDuplicate=true&ymid=&var=

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

f03812ab4b07645180df9f77ab2b163a971c9b04f2c08b3cfa002929b37b8031

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H/1.1 403
Forbidden invoke.js
alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/ 0
0 821ms
820ms Script
application/javascript 192.243.61.225
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.243.61.225 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.21.6 /
Resource Hash

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Wed, 03 Jan 2024 20:02:29 GMT
Server: nginx/1.21.6
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Connection: keep-alive
Content-Length: 0

OPTIONS
H2 200 event
yonhelioliskor.com/ 0
0 37ms
36ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Jan 2024 20:02:28 GMT
server: nginx

POST
H2 200 event Show response
yonhelioliskor.com/ 94 B
354 B 38ms
38ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/event

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

97938fb31a119b15ddf96e9bc8f037523ee629599afab6d1f4202889959f04ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 03 Jan 2024 20:02:28 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 94

GET
H3 200 wp-emoji-release.min.js Show response
paybyplatema.site/wp-includes/js/ 18 KB
5 KB 459ms
459ms Script
application/javascript 2606:4700:3030::ac43:b3fd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://paybyplatema.site/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by: Host: paybyplatema.site
URL: https://paybyplatema.site/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:b3fd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:29 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 30 Mar 2023 10:48:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pAEY3h%2BHx3WSXfROaIPKZMnF%2BOlE5vmQ1lu7qvzYyc169laQTD2cqM%2FoS5F1JdCSuM8XtDLe9ETEKxWRI23lG8SatyJyMDSp3pbAJMApKkyArwgOgYAGnbU1GHBv1KkOGHB36vTCQOukZal9nPI0pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=604800
cf-ray: 83fdd6f5deb23a94-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 08 Jan 2024 20:41:38 GMT

POST
H2 204 hb.php
pubtrky.com/ut/ 0
408 B 229ms
162ms Ping
text/plain 2606:4700:3034::6815:86c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pubtrky.com/ut/hb.php?cb=0.040366815256668964&v=1
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/ut.js?cb=1704312147819
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:86c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain; charset=utf-8

Response headers

date: Wed, 03 Jan 2024 20:02:29 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i6qazAWohQQpijwMP3kAvhpZX1qsLbBNeTziUbbt5KiFAbhGCfI8%2BeulqlTvNvSS7ik4TAaoJS4d9uGIXWGweoKhTtFlu7X3%2FMPtkzBMsf4KvnA9bR2LUMwVNffali6C5SW6NwfArlJZaw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6f659734db3-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 204 push.php
youradexchange.com/script/ 0
0 151ms
151ms Fetch 2606:4700:e0::ac40:640b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://youradexchange.com/script/push.php?r=6949550&ipp=1&mads=1&position=top&czid=owybh2ufgq&aggr=2&atag=1&atv=39.4-sw-atgv2&cbpage=https%3A%2F%2Fpaybyplatema.site%2F&cbref=&srs=e184bdbe7fa7e541b778a902eada3dae&chmob=%3F0
Requested by: Host: achcdn.com
URL: https://achcdn.com/script/ippg.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:640b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://paybyplatema.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 20:02:29 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I6uOmLq8dNB1HDO8iSTViap9RvHTI1mgsZFz0754Z9oqUucohq8MbL7csSUeu47bpnimPkfPmcVvvkr9OICh0FdBLRbMb8K63%2F4Pw62CyfoNHX9TbC1%2Fzej7nWCCrvVhTscri01hoFlz%2FxK8WR5vIk4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 83fdd6f66bbf9b8e-FRA
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

OPTIONS
H2 200 custom
yonhelioliskor.com/ 0
0 37ms
37ms Preflight
text/plain 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://yonhelioliskor.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paybyplatema.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://paybyplatema.site
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Jan 2024 20:02:29 GMT
server: nginx

POST
H2 200 custom Show response
yonhelioliskor.com/ 39 B
332 B 37ms
37ms Fetch
application/json 139.45.197.251
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://yonhelioliskor.com/custom

Requested by

Host: paybyplatema.site
URL: https://paybyplatema.site/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://paybyplatema.site/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: eaa72a6ea8036a965ed1f954208b4092
date: Wed, 03 Jan 2024 20:02:29 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
content-type: application/json; charset=utf-8
access-control-allow-origin: https://paybyplatema.site
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length: 39

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.paybyplatema.site/	1970-01-21 03:01:12	Name: _ga_BR9S49MX8J Value: GS1.1.1704312148.1.0.1704312148.0.0.0
.paybyplatema.site/	1970-01-21 03:01:12	Name: _ga Value: GA1.1.975271865.1704312148
my.rtmark.net/	1970-01-21 02:10:48	Name: ID Value: 7d3948ead34448919f835497f2dbd586

20 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://alterassumeaggravate.com/10/3f/87/103f872def2557028e4aca50c4daff0f.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 192) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 192) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 224) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 224) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 238) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 238) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 252) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 252) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 448) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 448) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	warning	URL: https://paybyplatema.site/(Line 508) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://paybyplatema.site/(Line 508) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	Message: The script does not have a MIME type.
network	error	URL: https://alterassumeaggravate.com/c66d4a55a2c58bb312b1ffebcda49b63/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acacdn.com
achcdn.com
alterassumeaggravate.com
my.rtmark.net
paybyplatema.site
pubtrky.com
region1.google-analytics.com
www.googletagmanager.com
yonhelioliskor.com
youradexchange.com
139.45.195.8
139.45.197.251
192.243.61.225
2001:4860:4802:34::36
2606:4700:3030::ac43:b3fd
2606:4700:3034::6815:86c
2606:4700:3037::6815:1fd7
2606:4700:3037::ac43:8977
2606:4700:e0::ac40:640b
2606:4700:e0::ac40:6718
2a00:1450:4001:827::2008
02dd35e7dc9403a0f06477825dfe7a1e6f6e79b4c66a5d4610565c0aea8f62c0
057b3beb14675e050e2889cb633620c57fea071497db942b9a14f350b650221b
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42
135d2cb4d2c2261a402b8f7175aa76df28721b6ac9bedd8baad3bfe87885c631
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
19027c6e918ae1343bc4f32253cc4c2e6145ea7ecb58b755f7e6ee6bb75659f6
1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28ab2fe4e7b064310c2cb1a47eeb5494502565c246e82642b8bcb8758a9f73e8
3a494cb8a3fc5345ca81844d27d3e0834aa754aeaa0056f1710a1df56acd983c
3fea20f71235ee7955f3fd0ca12ad15499e92e50a847527c41db626fec1ee0fd
440390e5a30b5e718a48364dfae7168bc15d36fcd8eaf70878f8be6be0fae6ac
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4c2360808ae25b9e2ffb1b02a31c9817510c595fc9feb42ea265a8aa914b6bf3
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5978d7eee4b0fb37c9409a3315f1ca722ebd7dfd476a42e9efa8cb016c076414
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
90b7b3d3cf24dcbeda9657513661418643887b6e4c46cf3a2d9eb78d98dc14db
92b01d003409992d5ab6ab714c69865b1441ec02184d933ed63f411f40d93a2c
97938fb31a119b15ddf96e9bc8f037523ee629599afab6d1f4202889959f04ec
995456f7211327129612b97dc0a2baa2288f1e3065d1d6ed1882a0eb89d6baac
ce03ca0ed0465f3aa91fb39b34cdd23454eab214117dd54fa467a4ec5c35028a
e192dd3a8ddc8dee416d79a680c86c929bb74c1eb689fd09cfac1c2c8f42c809
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eed5e77bb0b4ffaa4a4802ade9d4cae485660554e327e4f8d29d37629a03daae
f03812ab4b07645180df9f77ab2b163a971c9b04f2c08b3cfa002929b37b8031
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

paybyplatema.site Open in urlscan Pro 2606:4700:3030::ac43:b3fd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

98 %HTTPS

73 %IPv6

10 Domains

10 Subdomains

11 IPs

3 Countries

466 kBTransfer

1366 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

paybyplatema.site Open in urlscan Pro
2606:4700:3030::ac43:b3fd Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

98 %
HTTPS

73 %
IPv6

10
Domains

10
Subdomains

11
IPs

3
Countries

466 kB
Transfer

1366 kB
Size

3
Cookies

48 HTTP transactions
0 data transactions