zmfnrgiu.sidbrowser.com Open in urlscan Pro
91.216.248.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://zmfnrgiu.sidbrowser.com/
Submission: On April 30 via api (April 30th 2024, 3:15:04 pm UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 91.216.248.21, located in Germany and belongs to TTM, DE. The main domain is zmfnrgiu.sidbrowser.com.
TLS certificate: Issued by R3 on April 30th 2024. Valid for: 3 months.

This is the only time zmfnrgiu.sidbrowser.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	91.216.248.21 91.216.248.21	47447 (TTM) (TTM)
1 1	151.101.129.21 151.101.129.21	54113 (FASTLY) (FASTLY)
1	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
6	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:810::2001	15169 (GOOGLE) (GOOGLE)
19	6

7 91.216.248.21 (Germany)

ASN47447 (TTM, DE)
PTR: frontend.lima-city.de

zmfnrgiu.sidbrowser.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.21 (San Francisco, United States) 1 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	208 KB
7	sidbrowser.com zmfnrgiu.sidbrowser.com	28 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 97
1	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2623	2 KB
1	paypal.com 1 redirects www.paypal.com — Cisco Umbrella Rank: 2924	980 B
0	goweb.de Failed webcounter.goweb.de Failed
19	6

	Domain	Requested by
7	zmfnrgiu.sidbrowser.com	zmfnrgiu.sidbrowser.com
6	pagead2.googlesyndication.com	zmfnrgiu.sidbrowser.com pagead2.googlesyndication.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
1	www.facebook.com	zmfnrgiu.sidbrowser.com
1	www.paypalobjects.com	zmfnrgiu.sidbrowser.com
1	www.paypal.com	1 redirects
0	webcounter.goweb.de Failed	zmfnrgiu.sidbrowser.com
19	7

This site contains links to these domains. Also see Links.

Domain
www.mathesoft.de
www.hvsc.de
upx.sourceforge.net
upo.mathesoft.de
sbwv.mathesoft.de
www.marderabwehr.com

Subject Issuer	Validity	Valid
zmfnrgiu.sidbrowser.com R3	`2024-04-30` - `2024-07-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-02-09` - `2024-05-07`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://zmfnrgiu.sidbrowser.com/
Frame ID: A6A4A625EE7C446E2E07B49E7D00C675
Requests: 14 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.sidbrowser.com&layout=button_count&show_faces=false&width=200&action=like&font=verdana&colorscheme=light
Frame ID: 3DA404FD24200B464A708F458C065958
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240425/r20110914/zrt_lookup_fy2021.html
Frame ID: 495591E34EECB226C212B3B8D2EB65EA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2996667320775849&output=html&h=90&slotname=5108168414&adk=3998976602&adf=1336118064&pi=t.ma~as.5108168414&w=728&lmt=1714490100&format=728x90&url=https%3A%2F%2Fzmfnrgiu.sidbrowser.com%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNzgiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3Ljc4Il0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny43OCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1714490100596&bpp=2&bdt=200&idt=170&shv=r20240425&mjsv=m202404290101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=6766047895834&frm=20&pv=2&ga_vid=2094482152.1714490101&ga_sid=1714490101&ga_hid=49144889&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=814&ady=903&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31083066%2C44795921%2C95329717%2C31083215%2C31082143%2C95331043%2C95331555&oid=2&pvsid=2341325837100344&tmod=1329712632&uas=0&nvt=1&fc=896&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1&ifi=1&uci=a!1&fsb=1&dtd=181
Frame ID: 122321897653CA1E2C9F907713FA16C7
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2996667320775849&output=html&adk=1812271804&adf=3025194257&lmt=1714490100&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fzmfnrgiu.sidbrowser.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNzgiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3Ljc4Il0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny43OCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1714490100598&bpp=1&bdt=201&idt=189&shv=r20240425&mjsv=m202404290101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90&nras=1&correlator=6766047895834&frm=20&pv=1&ga_vid=2094482152.1714490101&ga_sid=1714490101&ga_hid=49144889&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31083066%2C44795921%2C95329717%2C31083215%2C31082143%2C95331043%2C95331555&oid=2&pvsid=2341325837100344&tmod=1329712632&uas=0&nvt=1&fsapi=1&fc=896&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&ifi=2&uci=a!2&fsb=1&dtd=195
Frame ID: 4EC75D596434E1B9252176E3ECF0CBB4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5A2227C2D7BD1FE4102481B9A91CEAFE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SIDBrowser by MATHEsoft!

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

19
Requests

84 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

239 kB
Transfer

626 kB
Size

5
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: http://www.mathesoft.de/download.php?this=sidbrowser-setup.exe
Title: Download SIDBrowser

Search URL Search Domain Scan URL

URL: http://www.hvsc.de/
Title: High Voltage SID Collection (HVSC)

Search URL Search Domain Scan URL

URL: http://www.mathesoft.de/link.php?go=sidplay
Title: SIDplay

Search URL Search Domain Scan URL

URL: http://www.mathesoft.de/link.php?go=composers.c64.org
Title: Actual Photolist of musicians

Search URL Search Domain Scan URL

URL: http://www.mathesoft.de/download.php?this=sidplay2w.zip
Title: sidplay2w

Search URL Search Domain Scan URL

URL: http://upx.sourceforge.net/
Title: upx

Search URL Search Domain Scan URL

URL: http://upo.mathesoft.de/
Title: UPack

Search URL Search Domain Scan URL

URL: http://sbwv.mathesoft.de/
Title: workversion

Search URL Search Domain Scan URL

URL: http://www.marderabwehr.com/
Title: www.marderabwehr.com

Search URL Search Domain Scan URL

URL: http://www.mathesoft.de/
Title: MATHEsoft

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://www.paypal.com/en_US/i/btn/x-click-but04.gif HTTP 301
https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
zmfnrgiu.sidbrowser.com/ 10 KB
4 KB 138ms
49ms Document
text/html 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to

Full URL

https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty / PHP/8.1.27

Resource Hash

94d8f41321667e7a90b74f7afc69d75aefdbd6cdb14d9eafe9bca19ea409957d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 30 Apr 2024 15:15:00 GMT
server: openresty
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-lima-id: athHQeOmqinkn4vOzx
x-powered-by: PHP/8.1.27

GET
H2 200 t_l.png
zmfnrgiu.sidbrowser.com/gifs/ 2 KB
2 KB 55ms
54ms Image
image/png 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zmfnrgiu.sidbrowser.com/gifs/t_l.png

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

939009622f60caa9fd8d7ffa13e689074cbb5cfa559b10ae400a6af480683dfe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 16 May 2013 16:48:22 GMT
server: openresty
etag: "73e-4dcd8a25ea180"
content-type: image/png
x-lima-id: atHykaBTicmpgVl8Fc
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1854
expires: Thu, 30 May 2024 15:15:00 GMT

GET
H2 200 t_m.gif
zmfnrgiu.sidbrowser.com/gifs/ 145 B
512 B 53ms
53ms Image
image/gif 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zmfnrgiu.sidbrowser.com/gifs/t_m.gif

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

ca328e9717f31bae63c79d4a7d0d3c429121fb8bdcd7e0463d6a91dede591236

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Sat, 18 May 2013 16:21:51 GMT
server: openresty
etag: "91-4dd007f38a5c0"
content-type: image/gif
x-lima-id: at5GVxAcJhQEp1axQe
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 145
expires: Thu, 30 May 2024 15:15:00 GMT

GET
H2 200 t_r.png
zmfnrgiu.sidbrowser.com/gifs/ 2 KB
3 KB 70ms
65ms Image
image/png 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zmfnrgiu.sidbrowser.com/gifs/t_r.png

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

1ba613b5872758d7935ae03b458c285ea4e5536e7e901d688c0a957e7c03f3ea

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 16 May 2013 16:48:18 GMT
server: openresty
etag: "9ae-4dcd8a2219880"
content-type: image/png
x-lima-id: atg2gW6troDWpWJSsu
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2478
expires: Thu, 30 May 2024 15:15:00 GMT

GET
H2 200 splash06.jpg
zmfnrgiu.sidbrowser.com/gifs/ 14 KB
14 KB 69ms
64ms Image
image/jpeg 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zmfnrgiu.sidbrowser.com/gifs/splash06.jpg

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

021dbacc6bee88eb3bb616d7d19d29032bc11b773cc5a1e7231fbffb8d80e45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 16 May 2013 16:48:31 GMT
server: openresty
etag: "3636-4dcd8a2e7f5c0"
content-type: image/jpeg
x-lima-id: atksxmRca7EG5cEByW
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 13878
expires: Thu, 30 May 2024 15:15:00 GMT

GET
H2

200

x-click-but04.gif
www.paypalobjects.com/en_US/i/btn/
Redirect Chain

https://www.paypal.com/en_US/i/btn/x-click-but04.gif
https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

2 KB
2 KB

102ms
22ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CC7) /

Resource Hash

a8f36837d21e73e1a17fa2936ec161187b3d1e6b08c0335433aec8153cd41049

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://zmfnrgiu.sidbrowser.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: e3ed805e968c0
dc: ccg11-origin-www-1.paypal.com
content-length: 2127
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
server: ECAcc (frc/4CC7)
traceparent: 00-0000000000000000000e3ed805e968c0-a11c753bc76f3cdb-01
etag: "5d5637bd-84f"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Tue, 30 Apr 2024 16:15:00 GMT

Redirect headers

date: Tue, 30 Apr 2024 15:15:00 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: f7765165ac0e6
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-etou8220092-FRA, cache-fra-etou8220092-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f7765165ac0e6-1f9eee37ed80d4b2-01
x-timer: S1714490100.496274,VS0,VE142
location: https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 137ms
62ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

a7ae9175ef6940da045b0a468384c968fc0f9afddc06467f58c3873fd5876ee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51210
x-xss-protection: 0
server: cafe
etag: 17193503894349407690
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 30 Apr 2024 15:15:00 GMT

GET 96781
webcounter.goweb.de/ 0
0

GET
H2 200 like.php
www.facebook.com/plugins/ Frame 3DA4 0
0 204ms
134ms Document
text/html 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.sidbrowser.com&layout=button_count&show_faces=false&width=200&action=like&font=verdana&colorscheme=light

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html;charset=utf-8
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
date: Tue, 30 Apr 2024 15:15:00 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1294, tbw=2775, tp=-1, tpl=-1, uplat=107, ullat=0
x-fb-debug: DrR1EBsxdtvxKX5J7XCbsMtwv3UbBkpgZFf2ef59FmE71yeefb6COMH7p10We/w0E/fHYsjoD3DdiaoUc57cig==
x-xss-protection: 0

GET
H2 200 bg.gif
zmfnrgiu.sidbrowser.com/gifs/ 3 KB
4 KB 67ms
66ms Image
image/gif 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://zmfnrgiu.sidbrowser.com/gifs/bg.gif

Requested by

Host: zmfnrgiu.sidbrowser.com
URL: https://zmfnrgiu.sidbrowser.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

abebe37366e66e58b091ebf1dedc4172eb56d40ee8b73bdf71bdd1367af65cb3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 16 May 2013 16:49:11 GMT
server: openresty
etag: "d59-4dcd8a54a4fc0"
content-type: image/gif
x-lima-id: atmWPyOKdmYSS73tiW
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3417
expires: Thu, 30 May 2024 15:15:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404290101/ 411 KB
139 KB 83ms
83ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2996667320775849&plah=zmfnrgiu.sidbrowser.com&aplac=true&bust=31083215

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e258123d2a783b728b37e5db6cf9469f6ee32fba66c854908e8ab4f725edda51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142626
x-xss-protection: 0
server: cafe
etag: 5013742417493121374
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 30 Apr 2024 15:15:00 GMT

GET
H3 200 zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20240425/r20110914/ Frame 4955 0
0 61ms
21ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/html/r20240425/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202404290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2996667320775849&plah=zmfnrgiu.sidbrowser.com&aplac=true&bust=31083215

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://zmfnrgiu.sidbrowser.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 3700
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Apr 2024 14:13:20 GMT
etag: 5035419970550746386
expires: Tue, 14 May 2024 14:13:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame 1223 0
0 370ms
336ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2996667320775849&output=html&h=90&slotname=5108168414&adk=3998976602&adf=1336118064&pi=t.ma~as.5108168414&w=728&lmt=1714490100&format=728x90&url=https%3A%2F%2Fzmfnrgiu.sidbrowser.com%2F&wgl=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNzgiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3Ljc4Il0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny43OCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1714490100596&bpp=2&bdt=200&idt=170&shv=r20240425&mjsv=m202404290101&ptt=9&saldr=aa&abxe=1&eoidce=1&correlator=6766047895834&frm=20&pv=2&ga_vid=2094482152.1714490101&ga_sid=1714490101&ga_hid=49144889&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=814&ady=903&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31083066%2C44795921%2C95329717%2C31083215%2C31082143%2C95331043%2C95331555&oid=2&pvsid=2341325837100344&tmod=1329712632&uas=0&nvt=1&fc=896&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7Cn&abl=XS&pfx=0&fu=0&bc=31&bz=1&ifi=1&uci=a!1&fsb=1&dtd=181

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://zmfnrgiu.sidbrowser.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 43259
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Apr 2024 15:15:01 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads
pagead2.googlesyndication.com/pagead/ Frame 4EC7 0
0 45ms
30ms Document
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-2996667320775849&output=html&adk=1812271804&adf=3025194257&lmt=1714490100&plat=3%3A16%2C4%3A16%2C8%3A4194304%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fzmfnrgiu.sidbrowser.com%2F&pra=7&wgl=1&easpi=0&aihb=0&asro=0&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNC4wLjYzNjcuNzgiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMjQuMC42MzY3Ljc4Il0sWyJHb29nbGUgQ2hyb21lIiwiMTI0LjAuNjM2Ny43OCJdLFsiTm90LUEuQnJhbmQiLCI5OS4wLjAuMCJdXSwwXQ..&dt=1714490100598&bpp=1&bdt=201&idt=189&shv=r20240425&mjsv=m202404290101&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=728x90&nras=1&correlator=6766047895834&frm=20&pv=1&ga_vid=2094482152.1714490101&ga_sid=1714490101&ga_hid=49144889&ga_fc=0&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31083066%2C44795921%2C95329717%2C31083215%2C31082143%2C95331043%2C95331555&oid=2&pvsid=2341325837100344&tmod=1329712632&uas=0&nvt=1&fsapi=1&fc=896&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&ifi=2&uci=a!2&fsb=1&dtd=195

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://zmfnrgiu.sidbrowser.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 30 Apr 2024 15:15:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 123ms
77ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240425&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

7d18475789d168f9aa67e19cb4f549e2d88a630ac5f547f13ca87fcf56515e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12665
x-xss-protection: 0

GET
H2 200 favicon.ico
zmfnrgiu.sidbrowser.com/ 766 B
701 B 38ms
37ms Other
image/vnd.microsoft.icon 91.216.248.21
TTM

General

Check archive.org

Show headers Download Go to

Full URL

https://zmfnrgiu.sidbrowser.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.216.248.21 , Germany, ASN47447 (TTM, DE),

Reverse DNS

frontend.lima-city.de

Software

openresty /

Resource Hash

eb341588a33b8d510be169b83ff68aaa9bc2fda17b66556ee577d316e7d59e09

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:01 GMT
content-security-policy: upgrade-insecure-requests
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 16 May 2013 16:50:06 GMT
server: openresty
etag: W/"2fe-4dcd8a8918b80"
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
x-lima-id: ataX1izGjep7IkDyiw

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 126ms
73ms Script
text/javascript 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://zmfnrgiu.sidbrowser.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 30 Apr 2024 15:15:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 30 Apr 2024 15:15:01 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5A22 0
0 73ms
23ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://zmfnrgiu.sidbrowser.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 11435
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Apr 2024 12:04:26 GMT
expires: Wed, 30 Apr 2025 12:04:26 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: webcounter.goweb.de
URL: https://webcounter.goweb.de/96781

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240425&jk=2341325837100344&bg=!PzylPHPNAAZvnppNT547ADQBe5WfON3ZiHzwz1AYQI_uNyrp7jJhk0tDGK9csY6beBEpvtCv6Bs1b9azS55IxHR29A70AgAAAC5SAAAAAmgBB34ANT3Lge7C8Ug60cUAhUf2wrl9PunroQbdvuY5NHrx8QBb4DiTEJWzcJNgi236oS_Zk3rZus5MCgCiE3Th6AQ18Cp4r3erAJ1IWnawwRv7DXUD09XBy_uvtEthKD4FNoGM1-QsPd-dP75Ckxe-LFFTKz59rNkEPUgWwCl8pV7FM_cLmfLkPHq_tkdOiGe2QBJQcdNb0EyyhJxWcd0K0FSy2HXj5ekAtautHRdJbRFhSmNDKes5F9lGLYvXbPtH-TkEikUgQv5LVyvG22qDVrjMhupI9L_349R7pVsHmQKf7xPfHLzkpoaUay5twR1l-FD0Vxv5aAG1rIbVA_3COqn2Rt9qQBybuBVQBly-DSYjgTa-G99H70ECYFezyVKEK_NBZDt120VdRVnEabwJm9KHnMpSuAwGMZOcf3WHr--YguoHsdt3oofxtsh-YoXwo7YTujJPS402ZK9C8pa0-BJfFtz0DQe2mojtiZ2XT8LF0rzixfM2cekdHxiYO1P3c_QBb51eZY9MIqkUR2NaU_cqJ_5gggJawfK7BwT-RzHX3ZQRf_leenPlu9DQ4gQQDRsxu1QUhfg_yxF3dptIjPNONjWo9rSzaLhJ4zB0yo4ZCaTdu3PTphFaS5HyPS5PLxq-FEbdj57EoZ_LuZpsqeOoZJpN9wt0SFphu6x-PdIL2IEwDOJ3okWlbxxGen4Wg6U_ZpzH7FZM8XwtOxnS9GMWD4rgUjuix2AWZmUThUoyURTKb438pwpsYo6ObHG9RCyAPtdb1oT9QTY6e-XE8fzXwQDsKr9usmjs6khH48FxTdS3_tQ7iJA7M1WshfjR7OwHE2_sY7X3RtZtDwo6EFNWRMq2GEhI4ov78Z60Gg__zfoh-eG0R52OxgPzVAzrOVLfsXRe0ixtRhPcOkJ8zP8ZS9440yjQ1x82qeMQPo41qAgNBdJ09gCIGGcSBrKPeqTPhoN6Rsc1vmfWK15PmHbjDK4X8rl9ObeqmMaoNB-Ye9356H-biaV7aH58rxurKVQMg3HfuEKrrjutUPSLaYpuxX2kuqfPFT9Lkbd8YUFNr8DXxF6-uF3-b4sujwta-3-3FNWZfHNE39Osp5j7Bl44UgfS4P1xp80MRCyVLcZoJuPhscCRSmBtkO9f9Hl0KWiSyOiBfjfCYWvlsddUqG5DV5y_4n26dS7rOFshSe0

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
zmfnrgiu.sidbrowser.com/	1970-01-21 05:50:50	Name: _lcp Value: a
zmfnrgiu.sidbrowser.com/	1970-01-21 05:50:50	Name: _lcp2 Value: a
.paypal.com/	1970-01-21 05:50:50	Name: ts Value: vreXpYrS%3D1809098100%26vteXpYrS%3D1714491900%26vr%3D2f92cb5a18f0ad103864ad06fb93031a%26vt%3D2f92cb5a18f0ad103864ad06fb930319%26vtyp%3Dnew
.paypal.com/	1970-01-21 05:50:50	Name: ts_c Value: vr%3D2f92cb5a18f0ad103864ad06fb93031a%26vt%3D2f92cb5a18f0ad103864ad06fb930319
.sidbrowser.com/	1970-01-21 00:34:02	Name: __eoi Value: ID=928b99e537d6cde6:T=1714490100:RT=1714490100:S=AA-AfjZ43T20FF2VTBdBgk04DHSK

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://webcounter.goweb.de/96781 Message: Failed to load resource: net::ERR_CONNECTION_REFUSED
other	warning	URL: https://zmfnrgiu.sidbrowser.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://zmfnrgiu.sidbrowser.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pagead2.googlesyndication.com
tpc.googlesyndication.com
webcounter.goweb.de
www.facebook.com
www.paypal.com
www.paypalobjects.com
zmfnrgiu.sidbrowser.com
pagead2.googlesyndication.com
webcounter.goweb.de
142.250.184.226
151.101.129.21
192.229.221.25
2a00:1450:4001:810::2001
2a03:2880:f177:83:face:b00c:0:25de
91.216.248.21
021dbacc6bee88eb3bb616d7d19d29032bc11b773cc5a1e7231fbffb8d80e45d
1ba613b5872758d7935ae03b458c285ea4e5536e7e901d688c0a957e7c03f3ea
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
7d18475789d168f9aa67e19cb4f549e2d88a630ac5f547f13ca87fcf56515e51
939009622f60caa9fd8d7ffa13e689074cbb5cfa559b10ae400a6af480683dfe
94d8f41321667e7a90b74f7afc69d75aefdbd6cdb14d9eafe9bca19ea409957d
a7ae9175ef6940da045b0a468384c968fc0f9afddc06467f58c3873fd5876ee9
a8f36837d21e73e1a17fa2936ec161187b3d1e6b08c0335433aec8153cd41049
abebe37366e66e58b091ebf1dedc4172eb56d40ee8b73bdf71bdd1367af65cb3
ca328e9717f31bae63c79d4a7d0d3c429121fb8bdcd7e0463d6a91dede591236
e258123d2a783b728b37e5db6cf9469f6ee32fba66c854908e8ab4f725edda51
eb341588a33b8d510be169b83ff68aaa9bc2fda17b66556ee577d316e7d59e09

zmfnrgiu.sidbrowser.com Open in urlscan Pro 91.216.248.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

84 %HTTPS

33 %IPv6

6 Domains

7 Subdomains

6 IPs

2 Countries

239 kBTransfer

626 kBSize

5 Cookies

10 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

5 Cookies

3 Console Messages

Security Headers

Indicators

zmfnrgiu.sidbrowser.com Open in urlscan Pro
91.216.248.21 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

84 %
HTTPS

33 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

239 kB
Transfer

626 kB
Size

5
Cookies

19 HTTP transactions
0 data transactions