urlscan.io logo urlscan.io
SecurityTrails logo

d1fa.sormevip.com Open in urlscan Pro
159.69.26.17  Public Scan

Go To Rescan Add Verdict Report
URL: https://d1fa.sormevip.com/
Submission: On June 07 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 159.69.26.17, located in Nuremberg, Germany and belongs to HETZNER-AS, DE. The main domain is d1fa.sormevip.com.
TLS certificate: Issued by R3 on May 21st 2024. Valid for: 3 months.
This is the only time d1fa.sormevip.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 159.69.26.17 24940 (HETZNER-AS)
2 18.173.187.57 16509 (AMAZON-02)
5 18.173.154.83 16509 (AMAZON-02)
3 18.216.17.111 16509 (AMAZON-02)
4 18.173.154.26 16509 (AMAZON-02)
21 6
4    159.69.26.17 (Nuremberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.17.26.69.159.clients.your-server.de
d1fa.sormevip.com
2    18.173.187.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-57.muc50.r.cloudfront.net
assets.presearch.com
5    18.173.154.83 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-83.muc50.r.cloudfront.net
eu-de-1.presearch.com
3    18.216.17.111 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-216-17-111.us-east-2.compute.amazonaws.com
account.presearch.com
4    18.173.154.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-26.muc50.r.cloudfront.net
img.presearch.com
Apex Domain
Subdomains		 Transfer
14 presearch.com
assets.presearch.com — Cisco Umbrella Rank: 786825
eu-de-1.presearch.com
account.presearch.com — Cisco Umbrella Rank: 424889
img.presearch.com — Cisco Umbrella Rank: 357095
269 KB
4 sormevip.com
d1fa.sormevip.com
321 KB
21 2
Domain Requested by
5 eu-de-1.presearch.com d1fa.sormevip.com
eu-de-1.presearch.com
4 img.presearch.com
4 d1fa.sormevip.com d1fa.sormevip.com
3 account.presearch.com d1fa.sormevip.com
2 assets.presearch.com d1fa.sormevip.com
21 5
Subject Issuer Validity Valid
d1fa.sormevip.com
R3		 2024-05-21 -
2024-08-19		 3 months crt.sh
presearch.com
Amazon RSA 2048 M02		 2023-11-28 -
2024-12-27		 a year crt.sh
eu-de-1.presearch.com
Amazon RSA 2048 M03		 2024-03-15 -
2025-04-13		 a year crt.sh
img.presearch.com
Amazon RSA 2048 M02		 2024-03-26 -
2025-04-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://d1fa.sormevip.com/
Frame ID: 6E5ABC65DE044CA654DABCA934ED351F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Presearch

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

21
Requests

86 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

6
IPs

2
Countries

590 kB
Transfer

1532 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
d1fa.sormevip.com/ 		164 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.69.26.17 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.17.26.69.159.clients.your-server.de
Software
nginx/1.24.0 / Express
Resource Hash
01d0c947cb6028de1da31dacaf0216b839316e99c29c641ea06c078da32385e8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 07 Jun 2024 00:51:05 GMT
etag
W/"28e47-mKvrqi54w71aHgYtzDlMGfogQ/M"
server
nginx/1.24.0
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-powered-by
Express
893efec4a5542ed7b846d698ef3950d0.jpg
assets.presearch.com/backgrounds/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.presearch.com/backgrounds/893efec4a5542ed7b846d698ef3950d0.jpg
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-57.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
995e83eb14d02e8af0641b2d9a42414fec1ca6576b214a7b336b410c2650afea

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 09:08:12 GMT
via
1.1 be531aac2dc594e7dcbc7bf54e3b6504.cloudfront.net (CloudFront)
last-modified
Sun, 05 May 2024 22:13:58 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
56574
x-amz-server-side-encryption
AES256
etag
"893efec4a5542ed7b846d698ef3950d0"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
164234
x-amz-cf-id
kTwYl9XW9dxiSJcn_74XZEbSsFFcyGHcfpKdUjL6Ixitzj9vf5EQ2Q==
app.css
d1fa.sormevip.com/assets/ 		36 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1fa.sormevip.com/assets/app.css?t=51
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.69.26.17 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.17.26.69.159.clients.your-server.de
Software
nginx/1.24.0 / Express
Resource Hash
939238d22f5f01c1833393d3c6f33594c3fb5cc9e457d9b5878ea2f780ab3434
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 07 Jun 2024 00:51:05 GMT
content-encoding
gzip
last-modified
Fri, 07 Jun 2024 00:47:25 GMT
server
nginx/1.24.0
x-powered-by
Express
etag
W/"91a2-18ff02a2548"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=604800
accept-ranges
bytes
font-awesome.min.css
eu-de-1.presearch.com/styles/font-awesome-4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://eu-de-1.presearch.com/styles/font-awesome-4.7.0/css/font-awesome.min.css
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-83.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Origin
https://d1fa.sormevip.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:00:17 GMT
content-encoding
gzip
via
1.1 55965767fb32678a90a721ccc878aa86.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
208248
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Fri, 31 May 2024 12:44:27 GMT
etag
W/"7918-18fceae17f8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800
accept-ranges
bytes
x-amz-cf-id
5BS9dwBIFfJ1WuA79e36kPDcr_CbdeaJFkT74mlKvW7n3tvMK5I3vg==
app.js
d1fa.sormevip.com/assets/ 		868 KB
268 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1fa.sormevip.com/assets/app.js?t=51
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.69.26.17 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.17.26.69.159.clients.your-server.de
Software
nginx/1.24.0 / Express
Resource Hash
e72a53e3e8cd2eb843b50bba5d426af0dc4b5f270434e6612f4f855b8e3e522e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 07 Jun 2024 00:51:05 GMT
content-encoding
gzip
last-modified
Fri, 07 Jun 2024 00:47:25 GMT
server
nginx/1.24.0
x-powered-by
Express
etag
W/"d8ebe-18ff02a2548"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=604800
accept-ranges
bytes
pregpt-logo.svg
eu-de-1.presearch.com/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-de-1.presearch.com/assets/images/pregpt-logo.svg
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-83.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
e3fca632c01704096b00c3dc183766c11453966c1de6b9d3a93978a33288564c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 10:22:32 GMT
content-encoding
gzip
via
1.1 67b5b59d34e71a36a3955bf957ea9ed2.cloudfront.net (CloudFront)
last-modified
Thu, 06 Jun 2024 00:35:03 GMT
x-amz-cf-pop
MUC50-P3
age
52113
x-powered-by
Express
etag
W/"9c8-18feaf876d8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-cache
Hit from cloudfront
cache-control
public, max-age=604800
accept-ranges
bytes
x-amz-cf-id
wd3CAAUTIg25F7YkXlQ0KJ8qfqXCNNogFFAnIlfhAB3Ch64ql46xGg==
pregpt-logo.svg
eu-de-1.presearch.com/assets/images/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-de-1.presearch.com/assets/images/pregpt-logo.svg
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-83.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
e3fca632c01704096b00c3dc183766c11453966c1de6b9d3a93978a33288564c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 10:22:32 GMT
content-encoding
gzip
via
1.1 67b5b59d34e71a36a3955bf957ea9ed2.cloudfront.net (CloudFront)
last-modified
Thu, 06 Jun 2024 00:35:03 GMT
x-amz-cf-pop
MUC50-P3
age
52113
x-powered-by
Express
etag
W/"9c8-18feaf876d8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-cache
Hit from cloudfront
cache-control
public, max-age=604800
accept-ranges
bytes
x-amz-cf-id
wd3CAAUTIg25F7YkXlQ0KJ8qfqXCNNogFFAnIlfhAB3Ch64ql46xGg==
user-info
account.presearch.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://account.presearch.com/user-info?v=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.216.17.111 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-216-17-111.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://d1fa.sormevip.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
date
Fri, 07 Jun 2024 00:51:06 GMT
server
awselb/2.0
vary
Origin, Access-Control-Request-Method
tiles
d1fa.sormevip.com/ 		11 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://d1fa.sormevip.com/tiles
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/assets/app.js?t=51
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
159.69.26.17 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.17.26.69.159.clients.your-server.de
Software
nginx/1.24.0 / Express
Resource Hash
f44c8647fd6c0af7575111bbaed5a0c32685addd34a0a7fd97f1e3cd7d66f9ef
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 07 Jun 2024 00:51:06 GMT
content-encoding
gzip
server
nginx/1.24.0
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA
x-powered-by
Express
etag
W/"2c62-JDxn7Oum2r19rycc2ACxs7fiXjQ"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
user-info
account.presearch.com/ 		0
0
fontawesome-webfont.woff2
eu-de-1.presearch.com/styles/font-awesome-4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://eu-de-1.presearch.com/styles/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: eu-de-1.presearch.com
URL: https://eu-de-1.presearch.com/styles/font-awesome-4.7.0/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-83.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://eu-de-1.presearch.com/styles/font-awesome-4.7.0/css/font-awesome.min.css
Origin
https://d1fa.sormevip.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 11:29:22 GMT
via
1.1 55965767fb32678a90a721ccc878aa86.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
307303
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
77160
last-modified
Fri, 31 May 2024 12:44:11 GMT
etag
W/"12d68-18fceadd978"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800
accept-ranges
bytes
x-amz-cf-id
udlFt8YhtHpPAsNzvgDJo3ZfQWlIiOcoj5wGGvpKGGTn7QAsZ9aDfA==
893efec4a5542ed7b846d698ef3950d0.jpg
assets.presearch.com/backgrounds/ 		160 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.presearch.com/backgrounds/893efec4a5542ed7b846d698ef3950d0.jpg
Requested by
Host: d1fa.sormevip.com
URL: https://d1fa.sormevip.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-57.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
995e83eb14d02e8af0641b2d9a42414fec1ca6576b214a7b336b410c2650afea

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 09:08:12 GMT
via
1.1 be531aac2dc594e7dcbc7bf54e3b6504.cloudfront.net (CloudFront)
last-modified
Sun, 05 May 2024 22:13:58 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
56574
x-amz-server-side-encryption
AES256
etag
"893efec4a5542ed7b846d698ef3950d0"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
164234
x-amz-cf-id
kTwYl9XW9dxiSJcn_74XZEbSsFFcyGHcfpKdUjL6Ixitzj9vf5EQ2Q==
icon.svg
eu-de-1.presearch.com/images/ 		975 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://eu-de-1.presearch.com/images/icon.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-83.muc50.r.cloudfront.net
Software
/ Express
Resource Hash
467ef2a72fbe22b7e4ac4ab9373c59c41718cc2ac3461f8b0999118075020e8e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 15:43:33 GMT
via
1.1 67b5b59d34e71a36a3955bf957ea9ed2.cloudfront.net (CloudFront)
last-modified
Fri, 31 May 2024 12:38:34 GMT
x-amz-cf-pop
MUC50-P3
age
205652
x-powered-by
Express
etag
W/"3cf-18fcea8b510"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-cache
Hit from cloudfront
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
975
x-amz-cf-id
WTX7MWnKPAkbIG53JwzxWgraJiLmsnCWQBj7EMm2KW5LUZWRPw2g2w==
26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95facdf12cd878f9f84bf18a3823a80229fcd8dc73cba8dd6002af128866202373ad
img.presearch.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.presearch.com/26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95facdf12cd878f9f84bf18a3823a80229fcd8dc73cba8dd6002af128866202373ad
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-26.muc50.r.cloudfront.net
Software
nginx/1.20.0 / Express
Resource Hash
4267af35bda8465522f2324e9dcf2b120d4eb653f02f22e7d27bd0784b69b5d4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 05 Jun 2024 07:30:08 GMT
via
1.1 08cfbbb6f1b1bf4bc1e8ab1a071b4154.cloudfront.net (CloudFront)
server
nginx/1.20.0
x-amz-cf-pop
MUC50-P3
age
148857
x-powered-by
Express
x-cache
Hit from cloudfront
content-type
image/png
content-length
3666
x-amz-cf-id
90sMDshBtiB0ZYQIXaM8bj6mADNMeg7XfN69FpvvN7wCXVjN-od70Q==
26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa1bdead2c866cf288149d4199c18d2ecaefd8491c789ab4f9ff4dab8cf9b52ef5
img.presearch.com/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.presearch.com/26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa1bdead2c866cf288149d4199c18d2ecaefd8491c789ab4f9ff4dab8cf9b52ef5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-26.muc50.r.cloudfront.net
Software
nginx/1.20.0 / Express
Resource Hash
5634bd1669af6e593e0edb313b728280784a622b6e84269a51aed7662ff2b0c4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 00:05:17 GMT
via
1.1 08cfbbb6f1b1bf4bc1e8ab1a071b4154.cloudfront.net (CloudFront)
server
nginx/1.20.0
x-amz-cf-pop
MUC50-P3
age
434749
x-powered-by
Express
x-cache
Hit from cloudfront
content-type
image/png
content-length
4145
x-amz-cf-id
u8Z7ICckda-OSsNcm3bl9FrabxnqPEjufiEVnJg3uqdlaUY6wtgc7A==
26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa9bfaecce3bc2134ef602b5323b9f2a880e5e2552f67ccde2f8c33bf547102084
img.presearch.com/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.presearch.com/26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa9bfaecce3bc2134ef602b5323b9f2a880e5e2552f67ccde2f8c33bf547102084
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-26.muc50.r.cloudfront.net
Software
nginx/1.20.0 / Express
Resource Hash
99dc110f924d254b8ab2a932c5b97b437ddf0b1770f5fe1ebf2ea49a7c6c555a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:10:18 GMT
via
1.1 08cfbbb6f1b1bf4bc1e8ab1a071b4154.cloudfront.net (CloudFront)
server
nginx/1.20.0
x-amz-cf-pop
MUC50-P3
age
560448
x-powered-by
Express
x-cache
Hit from cloudfront
content-type
image/png
content-length
4608
x-amz-cf-id
0X4R5x4m8TjffCJRQ11tLFX37VuCkHxDvkKgfnsx4nonbOBr-053Yg==
26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa33bb35e49abdc09b0d304cc3825b67f5d31ac47d9804d0737ce3e530ede139e0
img.presearch.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.presearch.com/26da8b19b905548217221a75b9fd63849d4fef208821ee65b79649b94c668d09aa10ee5d7f905f0d39b7e32e392b95fa33bb35e49abdc09b0d304cc3825b67f5d31ac47d9804d0737ce3e530ede139e0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-26.muc50.r.cloudfront.net
Software
nginx/1.20.0 / Express
Resource Hash
285ebd6fd68d794061f5a7b2e09dc9e31705004dc5b1c6292fa53b675cb3a2b7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://d1fa.sormevip.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 21:19:34 GMT
via
1.1 08cfbbb6f1b1bf4bc1e8ab1a071b4154.cloudfront.net (CloudFront)
server
nginx/1.20.0
x-amz-cf-pop
MUC50-P3
age
531092
x-powered-by
Express
x-cache
Hit from cloudfront
content-type
image/png
content-length
9198
x-amz-cf-id
khnN8FYVvl6LiW5yY1_pibIHSvhozNYcBo5cC3UyP4Rb5HSAc8Ejmg==
search-providers
account.presearch.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://account.presearch.com/search-providers
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.216.17.111 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-216-17-111.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://d1fa.sormevip.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
date
Fri, 07 Jun 2024 00:51:06 GMT
server
awselb/2.0
vary
Origin, Access-Control-Request-Method
search-providers
account.presearch.com/ 		0
0
global-settings
account.presearch.com/ 		0
0
global-settings
account.presearch.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://account.presearch.com/global-settings
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.216.17.111 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-216-17-111.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://d1fa.sormevip.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
date
Fri, 07 Jun 2024 00:51:06 GMT
server
awselb/2.0
vary
Origin, Access-Control-Request-Method

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
account.presearch.com
URL
https://account.presearch.com/user-info?v=2
Domain
account.presearch.com
URL
https://account.presearch.com/search-providers
Domain
account.presearch.com
URL
https://account.presearch.com/global-settings

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| searchId string| page string| requestQuery object| localSettings string| PRESEARCH_DOMAIN string| PRESEARCH_ACCOUNT_DOMAIN string| OLD_PRESEARCH_DOMAIN boolean| openAiTokenBasedAuth boolean| coinzillaBannerAdsEnabled string| coinzillaBannerAdsList string| coinzillaBannerAdsZonesList object| defaultProviders boolean| presearchPartnersList boolean| autocompleteEnabled string| autocompletePublisherId boolean| searchexpanderShoppingWidgetEnabled boolean| shoppingResultsTabEnabled boolean| autoInjectingAffiliateLinksEnabled boolean| autoInjectingCouponsEnabled object| homepageBackgroundCategories string| defaultBackgroundCategories boolean| isMobileDevice string| externalBackgroundDataId boolean| _isMobile string| _browser boolean| blockDarkModeRefresh object| regeneratorRuntime boolean| localStorageEnabled function| userInfo function| gallery function| settings function| homepageLink function| homepageProvidersHandler function| verifyCaptcha function| onRewardsCaptchaCompleted function| onSuspiciousActivityCaptchaCompleted function| onCaptchaCompleted function| captchaLoading function| searchResults function| shoppingResults function| searchForm function| searchLocation function| searchAutocomplete function| timeFilters function| extensionNotice function| mobileAppNotice function| homepageBackgrounds function| ptaBannerMobile object| Alpine function| adClick function| externalAdClick function| isHomepage function| parcelRequire

6 Cookies

Domain/Path Name / Value
d1fa.sormevip.com/ Name: homepage_background_id
Value: 9bf93a18-dce2-4b09-8dbd-eef6207c7ddf
d1fa.sormevip.com/ Name: pta_background_id
Value: 9bf93a18-dce2-4b09-8dbd-eef6207c7ddf
d1fa.sormevip.com/ Name: b
Value: 0
d1fa.sormevip.com/ Name: ad_session
Value: 06e430f7dc8f642f4a862ca8955a54d4
d1fa.sormevip.com/ Name: AWSALB
Value: JeaDRFwrVC1JLObc9EaNw45QhArStx0nwNzn6684YxNcvwqhtt0qWmn+CSb8YAqykXySSpqaF+sCQqVYvA47AQ6dFVhxi/+h7LrmXsQOFq2NQefsYfQmKiw+SIFd
d1fa.sormevip.com/ Name: AWSALBCORS
Value: JeaDRFwrVC1JLObc9EaNw45QhArStx0nwNzn6684YxNcvwqhtt0qWmn+CSb8YAqykXySSpqaF+sCQqVYvA47AQ6dFVhxi/+h7LrmXsQOFq2NQefsYfQmKiw+SIFd

6 Console Messages

Source Level URL
Text
javascript error URL: https://d1fa.sormevip.com/
Message:
Access to XMLHttpRequest at 'https://account.presearch.com/user-info?v=2' from origin 'https://d1fa.sormevip.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://account.presearch.com/user-info?v=2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://d1fa.sormevip.com/
Message:
Access to XMLHttpRequest at 'https://account.presearch.com/search-providers' from origin 'https://d1fa.sormevip.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://account.presearch.com/search-providers
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://d1fa.sormevip.com/
Message:
Access to XMLHttpRequest at 'https://account.presearch.com/global-settings' from origin 'https://d1fa.sormevip.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://account.presearch.com/global-settings
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN