urlscan.io logo urlscan.io
SecurityTrails logo

www.vwbank.de Open in urlscan Pro
78.137.98.143  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://vwbank.de/
Effective URL: https://www.vwbank.de/
Submission: On September 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 33 HTTP transactions. The main IP is 78.137.98.143, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is www.vwbank.de.
TLS certificate: Issued by DigiCert QV TLS ICA G1 on August 2nd 2024. Valid for: a year.
This is the only time www.vwbank.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Volkswagen Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 185.60.97.123 205505 (DE-VWFS-AS01)
20 78.137.98.143 8560 (IONOS-AS ...)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 108.138.26.88 16509 (AMAZON-02)
1 2001:1b40:e20... 20860 (IOMART-AS)
33 6
1    185.60.97.123 (Germany)

ASN205505 (DE-VWFS-AS01, DE)
vwbank.de
20    78.137.98.143 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ip78-137-98-143.pbiaas.com
www.vwbank.de
7    2a02:26f0:3500:c89::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
1    2606:4700:10::6816:275c (United States)

ASN13335 (CLOUDFLARENET, US)
cc.cdn.civiccomputing.com
3    108.138.26.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-88.fra56.r.cloudfront.net
cdn.bronson.vwfs.tools
cdn.bronson.vwfs.io
1    2001:1b40:e200::1b:243 (United Kingdom)

ASN20860 (IOMART-AS, GB)
apikeys.civiccomputing.com
Apex Domain
Subdomains		 Transfer
21 vwbank.de
vwbank.de
www.vwbank.de
smetrics.vwbank.de Failed
3 MB
7 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 521
443 KB
2 vwfs.tools
cdn.bronson.vwfs.tools — Cisco Umbrella Rank: 722709
3 KB
2 civiccomputing.com
cc.cdn.civiccomputing.com — Cisco Umbrella Rank: 33914
apikeys.civiccomputing.com — Cisco Umbrella Rank: 32279
93 KB
1 vwfs.io
cdn.bronson.vwfs.io — Cisco Umbrella Rank: 643351
104 KB
33 5
Domain Requested by
20 www.vwbank.de www.vwbank.de
7 assets.adobedtm.com www.vwbank.de
assets.adobedtm.com
2 cdn.bronson.vwfs.tools assets.adobedtm.com
1 cdn.bronson.vwfs.io cdn.bronson.vwfs.tools
1 apikeys.civiccomputing.com cc.cdn.civiccomputing.com
1 cc.cdn.civiccomputing.com assets.adobedtm.com
1 vwbank.de 1 redirects
0 smetrics.vwbank.de Failed assets.adobedtm.com
33 8

This site contains links to these domains. Also see Links.

Domain
www.vwfs.de
newsletter.vwfs.de
www.vwfs.com
www.volkswagenag.com
Subject Issuer Validity Valid
www.vwbank.de
DigiCert QV TLS ICA G1		 2024-08-02 -
2025-08-01		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
cc.cdn.civiccomputing.com
WE1		 2024-07-30 -
2024-10-28		 3 months crt.sh
bronson.vwfs.io
Amazon RSA 2048 M03		 2024-04-26 -
2025-05-25		 a year crt.sh
apikeys.civiccomputing.com
R11		 2024-08-12 -
2024-11-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.vwbank.de/
Frame ID: 715D04335D25612EE0480ECEAA5805C3
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Die Volkswagen Bank

Page URL History Show full URLs

  1. https://vwbank.de/ HTTP 301
    https://www.vwbank.de/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cc\.cdn\.civiccomputing\.com

Page Statistics

33
Requests

97 %
HTTPS

50 %
IPv6

5
Domains

8
Subdomains

6
IPs

3
Countries

3908 kB
Transfer

6655 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://vwbank.de/ HTTP 301
    https://www.vwbank.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.vwbank.de/
Redirect Chain
  • https://vwbank.de/
  • https://www.vwbank.de/
27 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
95389a885886b856a8c8954a2aaa31e1ce6a4cd399595a81173fb430091a9a24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
5813
content-type
text/html
date
Thu, 12 Sep 2024 14:39:51 GMT
last-modified
Fri, 23 Aug 2024 10:46:40 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://www.vwbank.de/
Strict-Transport-Security
max-age=31536000
vwfs-sans-regular.woff2
www.vwbank.de/fonts/fonts/ 		104 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/fonts/fonts/vwfs-sans-regular.woff2
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:51 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
106000
x-xss-protection
1; mode=block
vwfs-sans-bold.woff2
www.vwbank.de/fonts/fonts/ 		97 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/fonts/fonts/vwfs-sans-bold.woff2
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
c87f8a22b4b823306a26f8db71756c802bdfe5e2ea6a666d5dbf507c9b09b283
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:51 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
99784
x-xss-protection
1; mode=block
bronson-bluelabel.woff2
www.vwbank.de/fonts/icon-fonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/fonts/icon-fonts/bronson-bluelabel.woff2
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
bba8c2700928a53268dcd1eb784497971929d41ac6fdb3494275e27c9df49915
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:51 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
74372
x-xss-protection
1; mode=block
main.css
www.vwbank.de/styles/ 		611 KB
76 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/styles/main.css
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
554b52312005b6e813008e20d77bc686c25203aa2076ae0ae8007d0652354e68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:49 GMT
server
Apache
date
Thu, 12 Sep 2024 14:39:51 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
x-xss-protection
1; mode=block
launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
assets.adobedtm.com/e623380c0b69/a45ff0e69867/ 		2 MB
426 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
cbcdc4c07f26cb5025c758aa46cf4ba942e7b0985c5359f982f4f62429a78afb

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:52 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 13:09:32 GMT
server
AkamaiNetStorage
etag
"49a68dbf8d645884c9c561945a997611:1726146572.185256"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
436165
expires
Thu, 12 Sep 2024 15:39:52 GMT
logo.svg
www.vwbank.de/images/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/logo/logo.svg
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
8440846bdc9f4de1c3c56183aead934a7d80dfb7299b15c4b06b2248ad6a0e9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:51 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
accept-ranges
bytes
content-length
5232
x-xss-protection
1; mode=block
headerx1920w.webp
www.vwbank.de/images/content/ 		374 KB
374 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/headerx1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
64d8869d3484e49c79547d1e7d6a04419d015fd54859feeb03c158bb2e73c8ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:51 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
382670
x-xss-protection
1; mode=block
bronson.js
www.vwbank.de/vendor/ 		100 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/vendor/bronson.js
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
cd4e7304792df7683741190941ea31b995c11b2f59c83c7ad6ff8411e4c5c55d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
date
Thu, 12 Sep 2024 14:39:51 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
25877
x-xss-protection
1; mode=block
main.js
www.vwbank.de/scripts/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/scripts/main.js
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
8f36c65fdfcc989afe3d8150c876f819d7dcc2e14d8dea714adbcadf911e2ea0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:49 GMT
server
Apache
date
Thu, 12 Sep 2024 14:39:51 GMT
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
1063
x-xss-protection
1; mode=block
logo.svg
www.vwbank.de/img/ 		196 B
196 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/img/logo.svg
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/styles/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.vwbank.de/styles/main.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache
content-length
196
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
bronson-bluelabel.woff2
www.vwbank.de/fonts/icon-fonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/fonts/icon-fonts/bronson-bluelabel.woff2?v=9MGtQ1QdCOWFUOQZbgg90seZWg0=
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/styles/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
bba8c2700928a53268dcd1eb784497971929d41ac6fdb3494275e27c9df49915
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/styles/main.css
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
74372
x-xss-protection
1; mode=block
iStock-1406993027x1920w.webp
www.vwbank.de/images/content/ 		528 KB
528 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/iStock-1406993027x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
ef7f58042f62c2b769161b09aee4e7a6cb816d1c9cc522110c2e8734ce787ecc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
540664
x-xss-protection
1; mode=block
RBF06148x1920w.webp
www.vwbank.de/images/content/ 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/RBF06148x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
33c188bfddafb0f6f563da20c3128400f10f53df38fbc6db95b5e4006c884910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
102480
x-xss-protection
1; mode=block
EBBF07480x1920w.webp
www.vwbank.de/images/content/ 		402 KB
402 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/EBBF07480x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
7fdc9580963462e21e1b98c0e358ef4ca2f38313cf07ffefcd094919646e8759
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
411896
x-xss-protection
1; mode=block
GettyImages-951534404x1920w.webp
www.vwbank.de/images/content/ 		428 KB
428 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/GettyImages-951534404x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
e9960ca7c977d8776f6836ae205a174439861e6fbda7cf918092607ee4901686
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
437830
x-xss-protection
1; mode=block
iStock-1397371655x1920w.webp
www.vwbank.de/images/content/ 		155 KB
155 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/iStock-1397371655x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
1da0d06a052b249feb1247f9075c5878377bc5867b4286582231efa8b4fd94d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
158298
x-xss-protection
1; mode=block
GettyImages-951533998x1920w.webp
www.vwbank.de/images/content/ 		295 KB
295 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/GettyImages-951533998x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
3be5004c63e667d21d0e7ea055638e27eaa80ca5670216dc796a155991525a6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
302168
x-xss-protection
1; mode=block
GettyImages-604577769x1920w.webp
www.vwbank.de/images/content/ 		198 KB
198 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/GettyImages-604577769x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
ed96f290d8c36cc3ad321b5d7fb8995f9ece38c0550a663aa58e877200c44bf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
202440
x-xss-protection
1; mode=block
iStock-1967535104x1920w.webp
www.vwbank.de/images/content/ 		307 KB
307 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vwbank.de/images/content/iStock-1967535104x1920w.webp
Requested by
Host: www.vwbank.de
URL: https://www.vwbank.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
3eaa0ea5e0b14902c9eb87d9f9e8d07b3833af4e3d30a969014b65476b69618d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:52 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/webp
accept-ranges
bytes
content-length
314582
x-xss-protection
1; mode=block
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:53 GMT
content-encoding
gzip
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
etag
"d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
13012
expires
Thu, 12 Sep 2024 15:39:53 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:53 GMT
content-encoding
gzip
last-modified
Thu, 01 Aug 2024 06:26:11 GMT
server
AkamaiNetStorage
etag
"bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Thu, 12 Sep 2024 15:39:53 GMT
RC87d98944388343f5a0014f176c454bb2-source.min.js
assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/ 		614 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/RC87d98944388343f5a0014f176c454bb2-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f38883d07d2e609dc7eb9b3846cd54fe2d5e774c9e05b8ee14ae5d4e0ad389a4

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:53 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 13:09:34 GMT
server
AkamaiNetStorage
etag
"8b451ec1acd1c567e39c11ef0a429dc9:1726146574.606159"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
294
expires
Thu, 12 Sep 2024 15:39:53 GMT
cookieControl-9.9.2.min.js
cc.cdn.civiccomputing.com/9/ 		328 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.2.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:275c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a27761ece752747fc51cb8bb7664a45b4bb8b6bb83df735b9d5cf13e02dc0d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
179
alt-svc
h3=":443"; ma=86400
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 24 Nov 2023 14:01:10 GMT
server
cloudflare
etag
"51ee3-60ae662752181-gzip"
vary
X-Forwarded-Protocol,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
cache-control
max-age=604800
cf-ray
8c20a64b085665a3-FRA
access-control-allow-headers
origin, x-requested-with, content-type
expires
Thu, 19 Sep 2024 14:36:55 GMT
RC59d6a73b9b7441d08c06c96c809d52a3-source.min.js
assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/ 		395 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/RC59d6a73b9b7441d08c06c96c809d52a3-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3e2de0536c8359dabfac8c2494169dfca5d6ab061da1f6fdf15cb441370c639f

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:53 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 13:09:34 GMT
server
AkamaiNetStorage
etag
"8b451ec1acd1c567e39c11ef0a429dc9:1726146574.606159"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
231
expires
Thu, 12 Sep 2024 15:39:53 GMT
favicon.ico
www.vwbank.de/favicon/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.vwbank.de/favicon/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
78.137.98.143 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
ip78-137-98-143.pbiaas.com
Software
Apache /
Resource Hash
a1b27bb9a77494098c1930b3712ba4d9b8680e0b70cb996087e98ddeea692173
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 12 Sep 2024 14:39:54 GMT
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
last-modified
Wed, 31 Jul 2024 12:22:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
accept-ranges
bytes
content-length
15086
x-xss-protection
1; mode=block
/
smetrics.vwbank.de/ 		0
0
/
cdn.bronson.vwfs.tools/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.bronson.vwfs.tools/
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-88.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers
styles.css
cdn.bronson.vwfs.tools/3rd-party-ui-extensions/civic/latest/v9/bluelabel/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.bronson.vwfs.tools/3rd-party-ui-extensions/civic/latest/v9/bluelabel/styles.css
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3e3d90bbbbc6e8bcd23f8a03fc86985b539bf7d74f62b10a0071d98a1b21cfb6
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 10:07:55 GMT
content-encoding
br
via
1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-version-id
nQNWPz5qK63Sc5WA1nw55rOagse_I3no
x-content-type-options
nosniff
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; frame-ancestors 'self'
age
16320
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 07 Aug 2024 09:10:29 GMT
server
AmazonS3
etag
W/"6d1d1c00903ae740bbbc0a1468f33519"
vary
accept-encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=43200,s-max-age=604800,must-revalidate
x-amz-cf-id
bcvFd6dBTMtcFzsMprDPOACw_rDfQOKLYHDFHXeaEJqcj7jifPvy-g==
v
apikeys.civiccomputing.com/c/ 		433 B
817 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apikeys.civiccomputing.com/c/v?d=www.vwbank.de&p=CookieControl%20Multi-Site&v=9&k=b970c53c10e5ead35f3fc0a243aca733e4a3131d&format=json
Requested by
Host: cc.cdn.civiccomputing.com
URL: https://cc.cdn.civiccomputing.com/9/cookieControl-9.9.2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:1b40:e200::1b:243 , United Kingdom, ASN20860 (IOMART-AS, GB),
Reverse DNS
Software
Apache /
Resource Hash
5795b6ce2bd1257e63526b2256bdd9cefcbd2561d91a4fdd5fab315602cef8c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-apikeys
hit
date
Thu, 12 Sep 2024 14:39:54 GMT
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
Apache
vary
X-Forwarded-Protocol
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=7200, private
access-control-allow-headers
origin, x-requested-with, content-type
x-xss-protection
1
expires
Thu, 12 Sep 2024 15:36:17 GMT
vwfs-sans-regular.woff2
cdn.bronson.vwfs.io/bluelabel/v/12.4.0/fonts/fonts/ 		104 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.bronson.vwfs.io/bluelabel/v/12.4.0/fonts/fonts/vwfs-sans-regular.woff2
Requested by
Host: cdn.bronson.vwfs.tools
URL: https://cdn.bronson.vwfs.tools/3rd-party-ui-extensions/civic/latest/v9/bluelabel/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.26.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://www.vwbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 12:41:38 GMT
x-amz-version-id
UgYps_0iMVVzWI13zxt.AmxvQRcsHsj3
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
content-security-policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; frame-ancestors 'self'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
age
698297
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
106000
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 23 Feb 2023 14:58:55 GMT
server
AmazonS3
etag
"98215f45e1329d032dc84d3f069f58e3"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000,must-revalidate
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-frame-options
SAMEORIGIN
x-amz-cf-id
mnxlNu8d769ch2REFXWlch0VF4emEoPa7ip68cnv72U6fFQ2vnnHrg==
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6be41de4239dc63ec6db10e9a2c010f9ec7a4bd98ec66ee408880b13d6041d0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
RC27c4eee2c1644a78b8fe52f3df832d3a-source.min.js
assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/ 		325 B
463 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/RC27c4eee2c1644a78b8fe52f3df832d3a-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9a32c9a9c4efa8b57c204a969f81ac419f65772bd6a0cb9030288300eacd3e39

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:56 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 13:09:34 GMT
server
AkamaiNetStorage
etag
"8b451ec1acd1c567e39c11ef0a429dc9:1726146574.606159"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
209
expires
Thu, 12 Sep 2024 15:39:56 GMT
RC75e96636070e4c00be661b56c7c2f728-source.min.js
assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/ 		887 B
703 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/ad2c3e8e576f/RC75e96636070e4c00be661b56c7c2f728-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e623380c0b69/a45ff0e69867/launch-EN297f6069de8b4a75961ef39a0fb96373.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:c89::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0e3d21fe1329ca2d75ede176d52e11ea341e1fa630d81f3bf0e43e41ef532800

Request headers

Referer
https://www.vwbank.de/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 14:39:56 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 13:09:34 GMT
server
AkamaiNetStorage
etag
"8b451ec1acd1c567e39c11ef0a429dc9:1726146574.606159"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.vwbank.de
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
448
expires
Thu, 12 Sep 2024 15:39:56 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
smetrics.vwbank.de
URL
https://smetrics.vwbank.de/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Volkswagen Bank (Banking)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| bronson object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| _Alerts object| VWFS function| _Alert function| _adbCheckDataLayerElement function| du_getQueryParam function| _removeProductInvalidChars function| NLP function| AutoAbo function| Rental function| setProductVariable function| setAnalyticVars function| readCookie function| cookieWrite function| canPixelBeDeployed function| gtag function| initGooglePixel function| trackGoogleConversion function| trackFacebookPixel function| initFacebookPixel function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s object| CONFIG_DATABUCKETS object| CONFIG_MAPPINGS object| _ADB_CFG_COMPLETE function| mockUpdate object| _TH_eventRouter number| startedAt number| productIndex number| vehicleIndex object| teile function| inList function| setImmediate function| clearImmediate object| regeneratorRuntime object| CookieControl

0 Cookies

3 Console Messages

Source Level URL
Text
network error URL: https://www.vwbank.de/img/logo.svg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://smetrics.vwbank.de/
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript warning URL: https://www.vwbank.de/
Message:
The resource https://www.vwbank.de/fonts/icon-fonts/bronson-bluelabel.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apikeys.civiccomputing.com
assets.adobedtm.com
cc.cdn.civiccomputing.com
cdn.bronson.vwfs.io
cdn.bronson.vwfs.tools
smetrics.vwbank.de
vwbank.de
www.vwbank.de
smetrics.vwbank.de
108.138.26.88
185.60.97.123
2001:1b40:e200::1b:243
2606:4700:10::6816:275c
2a02:26f0:3500:c89::1e80
78.137.98.143
0e3d21fe1329ca2d75ede176d52e11ea341e1fa630d81f3bf0e43e41ef532800
1da0d06a052b249feb1247f9075c5878377bc5867b4286582231efa8b4fd94d8
33c188bfddafb0f6f563da20c3128400f10f53df38fbc6db95b5e4006c884910
3be5004c63e667d21d0e7ea055638e27eaa80ca5670216dc796a155991525a6e
3e2de0536c8359dabfac8c2494169dfca5d6ab061da1f6fdf15cb441370c639f
3e3d90bbbbc6e8bcd23f8a03fc86985b539bf7d74f62b10a0071d98a1b21cfb6
3eaa0ea5e0b14902c9eb87d9f9e8d07b3833af4e3d30a969014b65476b69618d
4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd
554b52312005b6e813008e20d77bc686c25203aa2076ae0ae8007d0652354e68
5795b6ce2bd1257e63526b2256bdd9cefcbd2561d91a4fdd5fab315602cef8c1
5a27761ece752747fc51cb8bb7664a45b4bb8b6bb83df735b9d5cf13e02dc0d1
64d8869d3484e49c79547d1e7d6a04419d015fd54859feeb03c158bb2e73c8ee
7fdc9580963462e21e1b98c0e358ef4ca2f38313cf07ffefcd094919646e8759
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
8440846bdc9f4de1c3c56183aead934a7d80dfb7299b15c4b06b2248ad6a0e9e
8f36c65fdfcc989afe3d8150c876f819d7dcc2e14d8dea714adbcadf911e2ea0
95389a885886b856a8c8954a2aaa31e1ce6a4cd399595a81173fb430091a9a24
9a32c9a9c4efa8b57c204a969f81ac419f65772bd6a0cb9030288300eacd3e39
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
a1b27bb9a77494098c1930b3712ba4d9b8680e0b70cb996087e98ddeea692173
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
bba8c2700928a53268dcd1eb784497971929d41ac6fdb3494275e27c9df49915
c6be41de4239dc63ec6db10e9a2c010f9ec7a4bd98ec66ee408880b13d6041d0
c87f8a22b4b823306a26f8db71756c802bdfe5e2ea6a666d5dbf507c9b09b283
cbcdc4c07f26cb5025c758aa46cf4ba942e7b0985c5359f982f4f62429a78afb
cd4e7304792df7683741190941ea31b995c11b2f59c83c7ad6ff8411e4c5c55d
e9960ca7c977d8776f6836ae205a174439861e6fbda7cf918092607ee4901686
ed96f290d8c36cc3ad321b5d7fb8995f9ece38c0550a663aa58e877200c44bf8
ef7f58042f62c2b769161b09aee4e7a6cb816d1c9cc522110c2e8734ce787ecc
f38883d07d2e609dc7eb9b3846cd54fe2d5e774c9e05b8ee14ae5d4e0ad389a4