urlscan.io logo urlscan.io
SecurityTrails logo

bronzoperasso.paytweak.com Open in urlscan Pro
51.75.249.154  Public Scan

Go To Rescan Add Verdict Report
URL: https://bronzoperasso.paytweak.com/
Submission: On July 24 via automatic, source certstream-suspicious — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 6 domains to perform 16 HTTP transactions. The main IP is 51.75.249.154, located in United Kingdom and belongs to OVH, FR. The main domain is bronzoperasso.paytweak.com.
TLS certificate: Issued by R11 on July 23rd 2024. Valid for: 3 months.
This is the only time bronzoperasso.paytweak.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 51.75.249.154 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
16 3
Apex Domain
Subdomains		 Transfer
11 paytweak.com
bronzoperasso.paytweak.com
293 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
0 hostcg.com Failed
gl.hostcg.com Failed
0 facebook.net Failed
connect.facebook.net Failed
0 googletagmanager.com Failed
www.googletagmanager.com Failed
0 google-analytics.com Failed
www.google-analytics.com Failed
16 6
Domain Requested by
11 bronzoperasso.paytweak.com bronzoperasso.paytweak.com
1 fonts.googleapis.com bronzoperasso.paytweak.com
0 gl.hostcg.com Failed bronzoperasso.paytweak.com
0 connect.facebook.net Failed bronzoperasso.paytweak.com
0 www.googletagmanager.com Failed bronzoperasso.paytweak.com
0 www.google-analytics.com Failed bronzoperasso.paytweak.com
16 6

This site contains no links.

Subject Issuer Validity Valid
bronzoperasso.paytweak.com
R11		 2024-07-23 -
2024-10-21		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bronzoperasso.paytweak.com/
Frame ID: EAB2365FEED0BD3B13D702056CE2C399
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Paytweak - Paiement par email et SMS, lien sécurisé

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+lightbox(?:\.min)?\.css

Page Statistics

16
Requests

75 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

3
IPs

2
Countries

295 kB
Transfer

318 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bronzoperasso.paytweak.com/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
d4fd05a20933c82d7ce0f49cd3250c30927c406ec6c9b976ca447a1c79b2348e
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=16070400; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1; mode=block 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-length
2492
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Wed, 24 Jul 2024 00:54:13 GMT
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=16070400; includeSubDomains max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-option
nosniff
x-content-type-options
nosniff
x-frame-options
sameorigin sameorigin
x-powered-by
PleskLin
x-xss-protection
1; mode=block 0
bootstrap.css
bronzoperasso.paytweak.com/cssX/ 		144 KB
145 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/bootstrap.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
ef9c554bca3ce5b9f978b626ff8c3a441c0468af2599bdb4e9b6b32f6743f058
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-23fe6"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
147430
x-xss-protection
0
themify-icons.css
bronzoperasso.paytweak.com/cssX/ 		16 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/themify-icons.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
509c08afe3b1d33b0d106297a99faba9acbafa4e2530e8fa0be1c312886349f0
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-401b"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
16411
x-xss-protection
0
flexslider.css
bronzoperasso.paytweak.com/cssX/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/flexslider.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
0fdc0b7df9096adbe23cd15e104fd7522786446b8e68b08a17e0d776945ab07e
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-189a"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
6298
x-xss-protection
0
lightbox.min.css
bronzoperasso.paytweak.com/cssX/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/lightbox.min.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
c3753a945d75745b72146f884c0b30652bc3ab6ea2b9097c28cdf1a247dcecf0
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-bb4"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
2996
x-xss-protection
0
ytplayer.css
bronzoperasso.paytweak.com/cssX/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/ytplayer.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
23338d81626c46ad943bfdbc34ace84ec49ea47f64a50362c4197ac749b22b1e
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-189e"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
6302
x-xss-protection
0
theme.css
bronzoperasso.paytweak.com/cssX/ 		105 KB
106 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/theme.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
e030490ff4993bf0bc83d4be5525f504bcf3353cfeeb69a345d2ecae65a2f9f3
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcefee-1a259"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
107097
x-xss-protection
0
custom.css
bronzoperasso.paytweak.com/cssX/ 		45 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/cssX/custom.css
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
b62cc1e5bc8c7de8bf04f21e936a3825d98be5dec71d20eda0ac84131f3180d3
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=16070400; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin, sameorigin
X-Xss-Protection 1; mode=block, 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=16070400; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
x-powered-by
PleskLin
x-content-type-option
nosniff
content-length
45
x-xss-protection
1; mode=block, 0
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 15:59:42 GMT
server
nginx
x-accel-version
0.01
etag
"2d-59a24c4182b87"
x-frame-options
sameorigin, sameorigin
content-type
text/css
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
css
fonts.googleapis.com/ 		28 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400%7CRaleway:100,400,300,500,600,700%7COpen+Sans:400,500,600
Requested by
Host: bronzoperasso.paytweak.com
URL: https://bronzoperasso.paytweak.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
08d13bb4b7106939085de4f8882fff82e421060fb910fa6aee425ea329a97096
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jul 2024 00:54:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 00:54:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jul 2024 00:54:14 GMT
analytics.js
www.google-analytics.com/ 		0
0
gtm.js
www.googletagmanager.com/ 		0
0
fbevents.js
connect.facebook.net/en_US/ 		0
0
genlead.js
gl.hostcg.com/js/ 		0
0
favicon.ico
bronzoperasso.paytweak.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
1c0783d8a0af6fdff3e3f6a13fde7d7db81e26ea35da0203f33434d0bb019cfe
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 16:02:21 GMT
server
nginx
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
etag
"5dfcf08d-47e"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/vnd.microsoft.icon
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
1150
x-xss-protection
0
favicon.ico
bronzoperasso.paytweak.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx / PleskLin
Resource Hash
1c0783d8a0af6fdff3e3f6a13fde7d7db81e26ea35da0203f33434d0bb019cfe
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
x-content-type-options
nosniff
referrer-policy
same-origin
last-modified
Fri, 20 Dec 2019 16:02:21 GMT
server
nginx
etag
"5dfcf08d-47e"
x-powered-by
PleskLin
x-frame-options
sameorigin
content-type
image/vnd.microsoft.icon
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
1150
x-xss-protection
0
favicon-32x32.png
bronzoperasso.paytweak.com/icons/ 		808 B
829 B 		Other
General
Check archive.org
Download Go to
Full URL
https://bronzoperasso.paytweak.com/icons/favicon-32x32.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.75.249.154 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
bronzoperasso.paytweak.com
Software
nginx /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block, 0

Request headers

Referer
https://bronzoperasso.paytweak.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 00:54:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16070400; includeSubDomains, max-age=31536000; includeSubDomains
last-modified
Mon, 16 Dec 2019 17:32:39 GMT
server
nginx
etag
"328-599d5991d4940-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
text/html
x-content-type-option
nosniff
accept-ranges
bytes
content-length
456
x-xss-protection
1; mode=block, 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/analytics.js
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtm.js?id=GTM-N9ZC8CB
Domain
connect.facebook.net
URL
https://connect.facebook.net/en_US/fbevents.js
Domain
gl.hostcg.com
URL
https://gl.hostcg.com/js/genlead.js

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| GoogleAnalyticsObject function| ga object| dataLayer function| fbq function| _fbq function| ltwAsyncInit

0 Cookies

5 Console Messages

Source Level URL
Text
security error URL: https://bronzoperasso.paytweak.com/(Line 103)
Message:
Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bronzoperasso.paytweak.com/(Line 116)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtm.js?id=GTM-N9ZC8CB' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bronzoperasso.paytweak.com/(Line 126)
Message:
Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bronzoperasso.paytweak.com/
Message:
Refused to load the script 'https://gl.hostcg.com/js/genlead.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://bronzoperasso.paytweak.com/icons/favicon-32x32.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
Strict-Transport-Security max-age=16070400; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1; mode=block 0