steroide-medikamente.com

.com crawl

First seen 2026-05-03 · Last seen 2026-05-03 · ok HTTP/1.1 200 6055 ms crawled 2026-05-15

US · 172.67.202.238 · AS13335 Cloudflare, Inc.

Reputation 100/100

Classifying

HTML metadata

Title: Antibot-Schutz
Language: de

Technology

CDN: Cloudflare
CMS: Gatsby

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (4)

fonts.googleapis.com×2
fonts.gstatic.com×1
www.google.com×1
www.googletagmanager.com×1

Registration

Registrar

NICENIC INTERNATIONAL GROUP CO., LIMITED

Created

2023-08-31

Expires

2026-08-31 102 days left

Updated

2025-08-25

Name servers

veda.ns.cloudflare.com
yahir.ns.cloudflare.com

DNS records live

NS

veda.ns.cloudflare.com
yahir.ns.cloudflare.com

MX

10 mail.steroide-medikamente.com
20 mail.steroide-medikamente.com

Email authentication strong

SPF

v=spf1 mx include:mxsspf.sendpulse.com -all

strict (-all)

DMARC

v=DMARC1; p=quarantine; rua=mailto:098027fd12034d75b42141c958a27d91@dmarc-reports.cloudflare.net;

policy: quarantine

DKIM

dkim: v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0a99IaLnS1wagg1CLwZ+JwL9RZEFLPyzmv34EqjNUi/+0h6ZgdbHIc31NY…

selectors probed

Certificate (current)

WE1

from 2026-03-30 to 2026-06-28

Expires in 39 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 90/100 Checked live page: https://steroide-medikamente.com/

present

strict-transport-security
content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
x-content-type-options: nosniff
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.usefathom.com https://static.sppopups.com https://*.helpcrunch.com https://*.crunch.help https://steroidwiki.com https://antibot.cloud https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://google.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.clarity.ms https://static.wdgtsrc.com https://connect.facebook.net https://images.dmca.com; img-src 'self' data: blob: https://*.store24.services https://fm.sendpul.se https://cdn.usefathom.com https://ucarecdn.com https://steroidwiki.com https://www.webwiki.de https://*.rsc.cdn77.org https://pop-ups.sendpulse.com https://www.google.com https://*.gstatic.com https://images.dmca.com https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; connect-src 'self' https://ipdb.cloud https://steroidwiki.com https://*.crunch.help https://*.sppopups.com https://*.helpcrunch.co
strict-transport-security: max-age=15552000; includeSubDomains; preload

Linked from (1)

bvn-online.de×1