urlscan.io logo urlscan.io
SecurityTrails logo

www.daa.net Open in urlscan Pro
78.47.141.225  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Effective URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Submission: On October 06 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 78.47.141.225, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.daa.net.
TLS certificate: Issued by Starfield Secure Certificate Authorit... on December 4th 2021. Valid for: a year.
This is the only time www.daa.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 78.47.141.225 24940 (HETZNER-AS)
9 49.12.209.230 24940 (HETZNER-AS)
16 3
Apex Domain
Subdomains		 Transfer
17 daa.net
www.daa.net
consent.daa.net
175 KB
16 1
Domain Requested by
9 consent.daa.net www.daa.net
consent.daa.net
8 www.daa.net 1 redirects www.daa.net
16 2

This site contains links to these domains. Also see Links.

Domain
www.ccm19.de
Subject Issuer Validity Valid
*.daa.net
Starfield Secure Certificate Authority - G2		 2021-12-04 -
2023-01-03		 a year crt.sh
consent.daa.net
R3		 2022-09-25 -
2022-12-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Frame ID: A020D895AD66B6629700B8A21043B158
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DAA

Page URL History Show full URLs

  1. http://www.daa.net/lead/kQ1AlmlFdOfG/callback_request HTTP 301
    https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

174 kB
Transfer

615 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.daa.net/lead/kQ1AlmlFdOfG/callback_request HTTP 301
    https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request callback_request
www.daa.net/lead/kQ1AlmlFdOfG/
Redirect Chain
  • http://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
  • https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
714a2d83c6e2c3c682bf03be136923b85952a1a9ea0897676632b1a66fadba19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate max-age=0, must-revalidate, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 06 Oct 2022 16:25:37 GMT
expires
Thu, 06 Oct 2022 16:25:37 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1

Redirect headers

Connection
keep-alive
Content-Length
162
Content-Type
text/html
Date
Thu, 06 Oct 2022 16:25:37 GMT
Location
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Server
nginx
fonts.css
www.daa.net/client/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/client/fonts.css?633ee82a49f45
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
9b558101326de9adc0d065fa46572bf2120088b763ad62df840a1359bbe1b6b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-76a8"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
x-xss-protection
1
expires
Sat, 05 Nov 2022 16:25:37 GMT
public-pages.css
www.daa.net/client/ 		218 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/client/public-pages.css?633ee82a49f45
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
68dc41602f255aba3fa09bfd3db8fd716ce92f2d27d17f6daffdc72d32f8c903
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-368ef"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
x-xss-protection
1
expires
Sat, 05 Nov 2022 16:25:37 GMT
app.js
consent.daa.net/ 		98 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/app.js?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&lang=de
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
738f4828eb66d1c20e30f83deefaecdda4af0f63436cdc4fbb0c4fdd894df526
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
content-security-policy
default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
server
nginx
x-frame-options
sameorigin
vary
Accept-Encoding
access-control-allow-methods
GET,POST,PUT
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
true
permissions-policy
interest-cohort=(), geolocation=(), encrypted-media=(), camera=(), microphone=()
access-control-max-age
3600
x-robots-tag
noindex, nofollow
link
<https://consent.daa.net/app.css?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd&v=1662668476>;rel="preload";as="style";nopush
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
expires
Sat, 05 Nov 2022 16:25:37 GMT
daa_white.svg
www.daa.net/client/client-commons/assets/logo/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.daa.net/client/client-commons/assets/logo/daa_white.svg
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
9bbcf9f7df93faeaf7711d82b72114533e67576924979474969956c254d31bb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-f27"
vary
Accept-Encoding, Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=7776000
x-xss-protection
1
expires
Wed, 04 Jan 2023 16:25:37 GMT
public-pages.js
www.daa.net/client/ 		211 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/client/public-pages.js?633ee82a49f45
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
bbc68d07c27381ef16906ed046b743bc377a1c51da52fcfbc09ac95a42ebbe99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-34c18"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
x-xss-protection
1
expires
Sat, 05 Nov 2022 16:25:37 GMT
roboto.css
www.daa.net/client/client-commons/fonts/roboto/ 		5 KB
867 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/client/client-commons/fonts/roboto/roboto.css
Requested by
Host: www.daa.net
URL: https://www.daa.net/client/public-pages.css?633ee82a49f45
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
0fba97c787f7ea15745e57c5ce1a1ce3e37d2111e1eb8ea3f0fe5085f633b557
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/client/public-pages.css?633ee82a49f45
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-148b"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
x-xss-protection
1
expires
Sat, 05 Nov 2022 16:25:37 GMT
roboto-slab.css
www.daa.net/client/client-commons/fonts/roboto-slab/ 		3 KB
706 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.daa.net/client/client-commons/fonts/roboto-slab/roboto-slab.css
Requested by
Host: www.daa.net
URL: https://www.daa.net/client/public-pages.css?633ee82a49f45
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.47.141.225 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
cluster.daasrv.net
Software
nginx /
Resource Hash
2f575f343c7d81d7b997cf1e4bcb5f771890173bbd823a0a182ca7154e99b6ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/client/public-pages.css?633ee82a49f45
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:37 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
last-modified
Thu, 06 Oct 2022 14:35:15 GMT
server
nginx
content-encoding
gzip
etag
W/"633ee7a3-a89"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
x-xss-protection
1
expires
Sat, 05 Nov 2022 16:25:37 GMT
app.css
consent.daa.net/ 		35 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/app.css?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd&v=1662668476
Requested by
Host: www.daa.net
URL: https://www.daa.net/lead/kQ1AlmlFdOfG/callback_request
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
f78b7f5baac3a9e8bd6b7c69fce28a2f5d09554ee575b997759fefe31ea08e21
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; script-src 'none'; connect-src 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.daa.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:38 GMT
content-security-policy
default-src 'self' ; script-src 'none'; connect-src 'none'; form-action 'none'
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains;
server
nginx
etag
"c7ddcaa7d4bd1f527adf11c7632e1799-gzip"
access-control-max-age
3600
access-control-allow-methods
GET,POST,PUT
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
immutable, max-age=31536000, public
access-control-allow-credentials
true
vary
Accept-Encoding
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
content-length
6512
cron
consent.daa.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/cron?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.daa.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
access-control-allow-methods
GET,POST,PUT
access-control-allow-origin
*
access-control-max-age
3600
content-security-policy
default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
date
Thu, 06 Oct 2022 16:25:38 GMT
permissions-policy
interest-cohort=(), geolocation=(), encrypted-media=(), camera=(), microphone=()
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
x-frame-options
sameorigin
cron
consent.daa.net/ 		0
646 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/cron?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2
Requested by
Host: consent.daa.net
URL: https://consent.daa.net/app.js?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&lang=de
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.daa.net/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 06 Oct 2022 16:25:38 GMT
content-security-policy
default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains;
server
nginx
access-control-max-age
3600
access-control-allow-methods
GET,POST,PUT
access-control-allow-origin
*
cache-control
max-age=0, must-revalidate, private
access-control-allow-credentials
true
permissions-policy
interest-cohort=(), geolocation=(), encrypted-media=(), camera=(), microphone=()
x-status
done
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
x-frame-options
sameorigin
expires
Thu, 06 Oct 2022 16:25:38 GMT
widget
consent.daa.net/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/widget?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd&lang=de_DE&v=1662668483
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://www.daa.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
access-control-allow-methods
GET,POST,PUT
access-control-allow-origin
*
access-control-max-age
3600
cache-control
immutable, max-age=31536000, public
content-encoding
gzip
content-language
de-DE
content-length
2040
content-type
text/x-html-fragment; charset=utf-8
date
Thu, 06 Oct 2022 16:25:38 GMT
etag
"c42c90ad07ede185570663ea632e1812-gzip"
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-robots-tag
noindex
details
consent.daa.net/widget/ 		0
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/widget/details?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd&lang=de_DE&v=1662668483
Requested by
Host: consent.daa.net
URL: https://consent.daa.net/app.js?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&lang=de
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://www.daa.net/
Origin
https://www.daa.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:38 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains;
content-length
7770
server
nginx
etag
"64c71576fd25cb0ebbc15678632e1811-gzip"
access-control-max-age
3600
access-control-allow-methods
GET,POST,PUT
content-language
de-DE
access-control-allow-origin
*
content-type
text/x-html-fragment; charset=utf-8
cache-control
immutable, max-age=31536000, public
access-control-allow-credentials
true
vary
Accept-Encoding
x-robots-tag
noindex
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
widget
consent.daa.net/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/widget?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd&lang=de_DE&v=1662668483
Requested by
Host: consent.daa.net
URL: https://consent.daa.net/app.js?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&lang=de
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
b2938310ab5ecf0fd126d7d6817185f170cb3b80deeae05b704e92de110ea1ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

Referer
https://www.daa.net/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

date
Thu, 06 Oct 2022 16:25:38 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubdomains;
content-length
2040
server
nginx
etag
"c42c90ad07ede185570663ea632e1812-gzip"
access-control-max-age
3600
access-control-allow-methods
GET,POST,PUT
content-language
de-DE
access-control-allow-origin
*
content-type
text/x-html-fragment; charset=utf-8
cache-control
immutable, max-age=31536000, public
access-control-allow-credentials
true
vary
Accept-Encoding
x-robots-tag
noindex
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
consent
consent.daa.net/statistics/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/statistics/consent?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-requested-with
Access-Control-Request-Method
POST
Origin
https://www.daa.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
access-control-allow-methods
GET,POST,PUT
access-control-allow-origin
*
access-control-max-age
3600
content-security-policy
default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
date
Thu, 06 Oct 2022 16:25:38 GMT
permissions-policy
interest-cohort=(), geolocation=(), encrypted-media=(), camera=(), microphone=()
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
x-frame-options
sameorigin
consent
consent.daa.net/statistics/ 		16 B
722 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.daa.net/statistics/consent?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&gen=2&theme=eafd6fd
Requested by
Host: consent.daa.net
URL: https://consent.daa.net/app.js?apiKey=23cf2265c56a04aeb099e74f72b396f5a9f24d32d43f157a&domain=ada19d5&lang=de
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
49.12.209.230 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.230.209.12.49.clients.your-server.de
Software
nginx /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://www.daa.net/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 06 Oct 2022 16:25:38 GMT
content-security-policy
default-src 'self'; connect-src 'self' https://update.ccm19.de; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.ccm19.de; frame-ancestors 'self'; form-action 'self' https:
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,POST,PUT
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, must-revalidate, private
access-control-allow-credentials
true
permissions-policy
interest-cohort=(), geolocation=(), encrypted-media=(), camera=(), microphone=()
access-control-max-age
3600
access-control-allow-headers
Content-Type,X-Requested-With,X-CCM19State
x-frame-options
sameorigin
expires
Thu, 06 Oct 2022 16:25:38 GMT
truncated
/ 		219 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3712c17c27414c5a3981a0c1946d831001f5ad4e45b62577c08928c37f6ec8d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| locale object| daaEnvironment object| Ccm19Plugins object| CCM function| setImmediate function| clearImmediate object| __SENTRY__ object| dataLayer

1 Cookies

Domain/Path Name / Value
.daa.net/ Name: fcbdc4c271c889825d8338d2d8f10b6e5e95c171
Value: jvf0421dg259bsnf6th7evipdg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1