dd.exitus.me Open in urlscan Pro
185.178.208.165 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dd.exitus.me/
Submission: On January 29 via manual (January 29th 2022, 1:15:59 pm UTC) from FR — Scanned from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 185.178.208.165, located in Russian Federation and belongs to DDOS-GUARD, RU. The main domain is dd.exitus.me.
TLS certificate: Issued by R3 on January 11th 2022. Valid for: 3 months.

This is the only time dd.exitus.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	185.178.208.165 185.178.208.165	57724 (DDOS-GUARD) (DDOS-GUARD)
2 10	2a00:13c8:f5:... 2a00:13c8:f5::f:4b3d:148	25291 (SYSELEVEN...) (SYSELEVEN SysEleven GmbH)
3	2a00:13c8:f5:... 2a00:13c8:f5::f:4b3d:181	25291 (SYSELEVEN...) (SYSELEVEN SysEleven GmbH)
1	2a00:13c8:f5:... 2a00:13c8:f5::f:4b3d:180	25291 (SYSELEVEN...) (SYSELEVEN SysEleven GmbH)
13	5

1 185.178.208.165 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

dd.exitus.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:13c8:f5::f:4b3d:148 (Germany) 2 redirects

ASN25291 (SYSELEVEN SysEleven GmbH, DE)

golem.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.golem.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:13c8:f5::f:4b3d:181 (Germany)

ASN25291 (SYSELEVEN SysEleven GmbH, DE)

cpxl.golem.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:13c8:f5::f:4b3d:180 (Germany)

ASN25291 (SYSELEVEN SysEleven GmbH, DE)

account.golem.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	golem.de 2 redirects golem.de — Cisco Umbrella Rank: 92924 www.golem.de — Cisco Umbrella Rank: 120082 cpxl.golem.de — Cisco Umbrella Rank: 311301 account.golem.de — Cisco Umbrella Rank: 215156	92 KB
1	exitus.me dd.exitus.me	651 B
13	2

	Domain	Requested by
9	www.golem.de	1 redirects dd.exitus.me www.golem.de
3	cpxl.golem.de	www.golem.de
1	account.golem.de	www.golem.de
1	golem.de	1 redirects
1	dd.exitus.me
13	5

This site contains no links.

Subject Issuer	Validity	Valid
dd.exitus.me R3	`2022-01-11` - `2022-04-11`	3 months	crt.sh
*.golem.de GeoTrust RSA CA 2018	`2021-10-20` - `2022-10-20`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://dd.exitus.me/
Frame ID: 98591574A26485EF7ED5656B71537C08
Requests: 1 HTTP requests in this frame

Frame: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Frame ID: D833A92450CDA279060D38502D868ABE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

13
Requests

100 %
HTTPS

75 %
IPv6

2
Domains

5
Subdomains

5
IPs

2
Countries

92 kB
Transfer

167 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://golem.de/?q=testing HTTP 301
https://www.golem.de/?q=testing?q=testing HTTP 302
https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
dd.exitus.me/ 793 B
651 B 372ms
337ms Document
text/html 185.178.208.165
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.exitus.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.165 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

54390bdce1a4f53b571769142827542977b7ff34bac8c0cdf25c8f2bc86f7d63

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9

Response headers

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 29 Jan 2022 13:15:55 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 21 Oct 2021 23:46:55 GMT
etag: W/"6171fbef-319"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding

GET
H/1.1

200
OK

auswahl.html Show response
www.golem.de/sonstiges/zustimmung/ Frame D833
Redirect Chain

https://golem.de/?q=testing
https://www.golem.de/?q=testing?q=testing
https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F

20 KB
9 KB

99ms
99ms

Document
text/html

2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Requested by: Host: dd.exitus.me
URL: https://dd.exitus.me/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 45fc93252f8cf7b61442c1aff651a3e5693bc84607515ed1828624f5b354c79d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-US,en;q=0.9
Referer: https://dd.exitus.me/

Response headers

Server: nginx
Date: Sat, 29 Jan 2022 13:15:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
Vary: Accept-Encoding
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 29 Jan 2022 13:15:56 GMT
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Pragma: no-cache
X-UPSTREAM: unix:/var/run/php-fpm-www.sock
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Sat, 29 Jan 2022 13:15:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
Location: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
X-UPSTREAM: unix:/var/run/php-fpm-www.sock

GET
H/1.1 200
OK DroidSans-Bold.woff2
www.golem.de/staticrl/fonts/droidsans/ Frame D833 22 KB
22 KB 99ms
99ms Font
application/octet-stream 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/staticrl/fonts/droidsans/DroidSans-Bold.woff2
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: e94712bd5679e91d66469fac2cbf6322a706e4e8f25fe37c762b8167391a7c2c

Request headers

Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Origin: https://www.golem.de
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Last-Modified: Tue, 25 Aug 2020 14:35:15 GMT
Server: nginx
ETag: "5f4521a3-57f4"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=3
Content-Length: 22516
Expires: Tue, 01 Mar 2022 13:15:56 GMT

GET
H/1.1 200
OK DroidSans.woff2
www.golem.de/staticrl/fonts/droidsans/ Frame D833 21 KB
21 KB 377ms
188ms Font
application/octet-stream 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/staticrl/fonts/droidsans/DroidSans.woff2
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: d5ea92e80113829e1cc60cb096ac79b4cf7c30c836991667ca7c6605f181bb13

Request headers

Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Origin: https://www.golem.de
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Last-Modified: Tue, 25 Aug 2020 14:35:15 GMT
Server: nginx
ETag: "5f4521a3-53c8"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=3
Content-Length: 21448
Expires: Tue, 01 Mar 2022 13:15:56 GMT

GET
H/1.1 200
OK golem_main-mob_174-min.css
www.golem.de/staticrl/styles/ Frame D833 79 KB
20 KB 284ms
96ms Stylesheet
text/css 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/staticrl/styles/golem_main-mob_174-min.css
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: 4c3640c055ca0b08f8a6fb9f0944379d705533f5571b2eaa6e52267ccea2ee0f

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 Aug 2021 15:54:52 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2678400
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
Expires: Tue, 01 Mar 2022 13:15:56 GMT

GET
H/1.1 200
OK logo-g.png
www.golem.de/staticrl/images/ Frame D833 4 KB
4 KB 293ms
98ms Image
image/png 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.golem.de/staticrl/images/logo-g.png
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: ec3943468e660a13879ad7ea484da73199fd5220d765a1163c045294fbc1c546

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Last-Modified: Tue, 25 Aug 2020 14:35:15 GMT
Server: nginx
ETag: "5f4521a3-e82"
Content-Type: image/png
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=3
Content-Length: 3714
Expires: Tue, 01 Mar 2022 13:15:56 GMT

GET
H/1.1 200
OK golem_consent_170-min.js Show response
www.golem.de/staticrl/scripts/ Frame D833 11 KB
4 KB 95ms
95ms Script
application/x-javascript 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: b00a7c283db7154acc981534bd867261ae5ef7bc89cb013ed7229066512c92ad

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 10:46:56 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=2678400
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
Expires: Tue, 01 Mar 2022 13:15:56 GMT

GET
H/1.1 200
OK golem-hp_bg-blur.jpg
www.golem.de/staticrl/images/ Frame D833 8 KB
9 KB 94ms
94ms Image
image/jpeg 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.golem.de/staticrl/images/golem-hp_bg-blur.jpg
Requested by: Host: www.golem.de
URL: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: f79964c3dc01b3b5250ffd3e64321698815aa7dc5e66b14185605a5fbae84cb1

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Last-Modified: Tue, 25 Aug 2020 14:35:15 GMT
Server: nginx
ETag: "5f4521a3-213e"
Content-Type: image/jpeg
Cache-Control: max-age=2678400
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=3
Content-Length: 8510
Expires: Tue, 01 Mar 2022 13:15:56 GMT

POST
H/1.1 204
No Content json
cpxl.golem.de/ Frame D833 0
356 B 583ms
95ms Ping
text/plain 2a00:13c8:f5::f:4b3d:181
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://cpxl.golem.de/json
Requested by: Host: www.golem.de
URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:181 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.golem.de/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 29 Jan 2022 13:15:57 GMT
X-Powered-By: Express
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: https://www.golem.de
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept

GET
H/1.1 404
Not Found ping Show response
account.golem.de/ Frame D833 0
284 B 555ms
107ms XHR
text/plain 2a00:13c8:f5::f:4b3d:180
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://account.golem.de/ping
Requested by: Host: www.golem.de
URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:180 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 29 Jan 2022 13:15:57 GMT
Vary: Origin
access-control-allow-origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK testcookie.php Show response
www.golem.de/abo/ Frame D833 0
413 B 95ms
95ms XHR
text/html 2a00:13c8:f5::f:4b3d:148
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.golem.de/abo/testcookie.php
Requested by: Host: www.golem.de
URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:148 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-US,en;q=0.9
Referer: https://www.golem.de/sonstiges/zustimmung/auswahl.html?from=https%3A%2F%2Fwww.golem.de%2F%3Fq%3Dtesting%3Fq%3Dtesting&referer=https%3A%2F%2Fdd.exitus.me%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 29 Jan 2022 13:15:56 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
X-UPSTREAM: unix:/var/run/php-fpm-www.sock
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3

GET
DATA 200
OK truncated
/ Frame D833 2 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65ea85cf4057d25cbb11d270139d0ccb55a63fb9552dd8d9db5858be243b2771

Request headers

Accept-Language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

POST
H/1.1 204
No Content json
cpxl.golem.de/ Frame D833 0
356 B 520ms
105ms Ping
text/plain 2a00:13c8:f5::f:4b3d:181
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://cpxl.golem.de/json
Requested by: Host: www.golem.de
URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:181 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.golem.de/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 29 Jan 2022 13:15:57 GMT
X-Powered-By: Express
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: https://www.golem.de
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept

POST
H/1.1 204
No Content json
cpxl.golem.de/ Frame D833 0
356 B 526ms
106ms Ping
text/plain 2a00:13c8:f5::f:4b3d:181
SYSELEVEN SysElev...

General

Check archive.org

Show headers Download Go to

Full URL: https://cpxl.golem.de/json
Requested by: Host: www.golem.de
URL: https://www.golem.de/staticrl/scripts/golem_consent_170-min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a00:13c8:f5::f:4b3d:181 , Germany, ASN25291 (SYSELEVEN SysEleven GmbH, DE),
Reverse DNS
Software: / Express
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.golem.de/
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 29 Jan 2022 13:15:57 GMT
X-Powered-By: Express
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Origin: https://www.golem.de
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.exitus.me/	1970-01-20 09:16:38	Name: __ddg1 Value: pbMouDAUdVustXpyCiKO

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://account.golem.de/ping Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.golem.de
cpxl.golem.de
dd.exitus.me
golem.de
www.golem.de
185.178.208.165
2a00:13c8:f5::f:4b3d:148
2a00:13c8:f5::f:4b3d:180
2a00:13c8:f5::f:4b3d:181
45fc93252f8cf7b61442c1aff651a3e5693bc84607515ed1828624f5b354c79d
4c3640c055ca0b08f8a6fb9f0944379d705533f5571b2eaa6e52267ccea2ee0f
54390bdce1a4f53b571769142827542977b7ff34bac8c0cdf25c8f2bc86f7d63
65ea85cf4057d25cbb11d270139d0ccb55a63fb9552dd8d9db5858be243b2771
b00a7c283db7154acc981534bd867261ae5ef7bc89cb013ed7229066512c92ad
d5ea92e80113829e1cc60cb096ac79b4cf7c30c836991667ca7c6605f181bb13
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e94712bd5679e91d66469fac2cbf6322a706e4e8f25fe37c762b8167391a7c2c
ec3943468e660a13879ad7ea484da73199fd5220d765a1163c045294fbc1c546
f79964c3dc01b3b5250ffd3e64321698815aa7dc5e66b14185605a5fbae84cb1

dd.exitus.me Open in urlscan Pro 185.178.208.165 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

13 Requests

100 %HTTPS

75 %IPv6

2 Domains

5 Subdomains

5 IPs

2 Countries

92 kBTransfer

167 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

dd.exitus.me Open in urlscan Pro
185.178.208.165 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

75 %
IPv6

2
Domains

5
Subdomains

5
IPs

2
Countries

92 kB
Transfer

167 kB
Size

1
Cookies

13 HTTP transactions
1 data transactions