www.hypovereinsbank.de Open in urlscan Pro
23.37.43.97 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://my.hypovereinsbank.de/
Effective URL:
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
Submission: On March 16 via manual (March 16th 2022, 1:49:25 pm UTC) from DE — Scanned from DE

Summary HTTP 11 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 11 HTTP transactions. The main IP is 23.37.43.97, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.hypovereinsbank.de. The Cisco Umbrella rank of the primary domain is 429797.
TLS certificate: Issued by Actalis Organization Validated Server... on June 27th 2021. Valid for: a year.

This is the only time www.hypovereinsbank.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	217.148.99.32 217.148.99.32	16379 (UNICREDIT...) (UNICREDIT-AS-MUC-DE UniCredit S.p.A.)
1 11	23.37.43.97 23.37.43.97	16625 (AKAMAI-AS) (AKAMAI-AS)
11	3

3 217.148.99.32 (Italy) 2 redirects

ASN16379 (UNICREDIT-AS-MUC-DE UniCredit S.p.A., IT)
PTR: my.hypovereinsbank.de

my.hypovereinsbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.37.43.97 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-43-97.deploy.static.akamaitechnologies.com

www.hypovereinsbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	hypovereinsbank.de 3 redirects my.hypovereinsbank.de — Cisco Umbrella Rank: 526152 www.hypovereinsbank.de — Cisco Umbrella Rank: 429797	326 KB
11	1

	Domain	Requested by
11	www.hypovereinsbank.de	1 redirects my.hypovereinsbank.de www.hypovereinsbank.de
3	my.hypovereinsbank.de	2 redirects
11	2

This site contains links to these domains. Also see Links.

Domain
my.hypovereinsbank.de

Subject Issuer	Validity	Valid
my.hypovereinsbank.de Actalis Extended Validation Server CA G3	`2021-08-31` - `2022-08-31`	a year	crt.sh
www.hypovereinsbank.de Actalis Organization Validated Server CA G3	`2021-06-27` - `2022-06-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
Frame ID: 011871751E81CE6C6227AF167C064203
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Kein Login | HypoVereinsbank (HVB)

Page URL History Show full URLs

https://my.hypovereinsbank.de/ Page URL
https://my.hypovereinsbank.de/portal?view=/de/privatkunden.jsp HTTP 302
https://my.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp HTTP 302
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp HTTP 302
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

2
Countries

384 kB
Transfer

842 kB
Size

15
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://my.hypovereinsbank.de/login?view=/de/login.jsp&tr_sid=202203161449203123536940565542656193
Title: Banking Login

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://my.hypovereinsbank.de/ Page URL
https://my.hypovereinsbank.de/portal?view=/de/privatkunden.jsp HTTP 302
https://my.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp HTTP 302
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp HTTP 302
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
my.hypovereinsbank.de/ 2 KB
2 KB 306ms
36ms Document
text/html 217.148.99.32
UNICREDIT-AS-MUC-...

General

Check archive.org

Show headers Download Go to

Full URL

https://my.hypovereinsbank.de/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

217.148.99.32 , Italy, ASN16379 (UNICREDIT-AS-MUC-DE UniCredit S.p.A., IT),

Reverse DNS

my.hypovereinsbank.de

Software

Resource Hash

a89a44f5f9a9ae200fd6a3e9a98c45e1edabfc694065eacf890ac57cacd70a21

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 16 Mar 2022 13:49:19 GMT
Last-Modified: Mon, 12 Nov 2018 09:36:50 GMT
Accept-Ranges: none
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
X-OneAgent-JS-Injection: true
X-ruxit-JS-Agent: true
Strict-Transport-Security: max-age=15768000; includeSubDomains
Content-Security-Policy: default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
X-Content-Security-Policy: default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Cache-Control: max-age=0
ETag: "1542015411:dtagent10219210719121502lPs6"
Server-Timing: dtRpid;desc="253902879"
Content-Length: 829
Keep-Alive: timeout=15, max=5000
Connection: Keep-Alive
Content-Type: text/html

GET
H2

200

Primary Request portal Show response
www.hypovereinsbank.de/
Redirect Chain

https://my.hypovereinsbank.de/portal?view=/de/privatkunden.jsp
https://my.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

21 KB
9 KB

41ms
40ms

Document
text/html

23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Requested by

Host: my.hypovereinsbank.de
URL: https://my.hypovereinsbank.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

d75f8187b3f24c737242b1cb380e2a11608cec1609ba86cd7aa06e0df6575bc2

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
X-Content-Type-Options	nosniff
X-Frame-Options	allow-from https://my.hypovereinsbank.de
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://my.hypovereinsbank.de/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
x-content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
cache-control: no-store
pragma: no-cache
expires: 0
content-language: de-DE
x-oneagent-js-injection: true
accept-ranges: none
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-frame-options: allow-from https://my.hypovereinsbank.de
server-timing: dtRpid;desc="-2010477662"
content-type: text/html; charset=UTF-8
content-length: 7897
date: Wed, 16 Mar 2022 13:49:20 GMT

Redirect headers

strict-transport-security: max-age=15768000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
x-content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
location: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
content-length: 333
x-oneagent-js-injection: true
vary: User-Agent
x-frame-options: allow-from https://my.hypovereinsbank.de
server-timing: dtRpid;desc="819424427"
content-type: text/html; charset=UTF-8
date: Wed, 16 Mar 2022 13:49:20 GMT

GET
H2 200 ruxitagentjs_ICA27Vfjqrux_10219210719121502.js Show response
www.hypovereinsbank.de/ 214 KB
82 KB 129ms
128ms Script
text/javascript 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/ruxitagentjs_ICA27Vfjqrux_10219210719121502.js

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

d663806afc8c4cfbf607eda7b73f2fe18f023d21ddc480298297a4ba923b2c58

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=31536000
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
accept-ranges: none
vary: User-Agent, Accept-Encoding
content-length: 83081
x-xss-protection: 1; mode=block
expires: Thu, 16 Mar 2023 13:49:20 GMT

GET
H2 200 public.min.css
www.hypovereinsbank.de/etc/designs/hypovereinsbank/css/ 146 KB
50 KB 81ms
80ms Stylesheet
text/css 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/css/public.min.css

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

f9ba90e2e8ecf0673e7909946ded6a36a3cfe69b5a71668df95ac287b29d66e0

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 17 Dec 2021 19:24:01 GMT
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="1659781725"
accept-ranges: none
vary: Accept-Encoding,User-Agent
content-length: 50226
x-xss-protection: 1; mode=block

GET
H2 200 public.min.js Show response
www.hypovereinsbank.de/etc/designs/hypovereinsbank/js/ 297 KB
98 KB 59ms
59ms Script
application/javascript 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/js/public.min.js

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f4b124c6010b0da92e1fe28b9370a860d1de30a51a9fce4e5313bd579353d2b

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 Dec 2021 14:21:02 GMT
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="1562612373"
accept-ranges: none
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block

GET
H2 200 uccb-main.eab3413959c3c36af24e.js Show response
www.hypovereinsbank.de/etc/designs/hypovereinsbank/js/cookie/ 14 KB
6 KB 105ms
105ms Script
application/javascript 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/js/cookie/uccb-main.eab3413959c3c36af24e.js

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

fc66d22a4c26f5802d508ce6b5a175a83122e0212276a5f1df5fae7734c07c3d

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Apr 2021 13:45:01 GMT
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31536000
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="-561032596"
accept-ranges: none
vary: Accept-Encoding,User-Agent
content-length: 5342
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 22 KB
22 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfb37b3e8ecb808d78405c79e237fac16183b79c0c84d5cbbd5f3df23d926cac

Request headers

Referer
Origin: https://www.hypovereinsbank.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af5b3f58be54bd023ee49f857e084ded9503cbd3ea9bedd40138e50d241fcf64

Request headers

Referer
Origin: https://www.hypovereinsbank.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 gimbMainMenuComplete.show Show response
www.hypovereinsbank.de/portal/navigation/ 33 KB
33 KB 41ms
41ms XHR
text/plain 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/portal/navigation/gimbMainMenuComplete.show?1647438560557

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/ruxitagentjs_ICA27Vfjqrux_10219210719121502.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

e21bf9d8b754aee46a70e76a961488d59d630526fecbb164da696ae36b22df30

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
X-Content-Type-Options	nosniff
X-Frame-Options	allow-from https://my.hypovereinsbank.de
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
x-dtpc: 6$438560505_70h2vUFRAQPPMASCNRHVANEFSFEWPGUAIGTJM-0

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
x-content-type-options: nosniff
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: allow-from https://my.hypovereinsbank.de
content-language: de-DE
x-oneagent-js-injection: true
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;
server-timing: dtRpid;desc="-1925149867"
vary: User-Agent
content-length: 33600
x-xss-protection: 1; mode=block
x-content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:; frame-ancestors 'self' my.hypovereinsbank.de;

GET
DATA 200
OK truncated
/ 548 B
548 B Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6355605e3df681ae62b6e9186d7f2992b348366c48291401183e12e8a0ac1449

Request headers

Referer
Origin: https://www.hypovereinsbank.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: application/font-woff2

GET
H2 200 webfontswoff2.min.css
www.hypovereinsbank.de/etc/designs/hypovereinsbank/css/ 48 KB
37 KB 42ms
42ms Stylesheet
text/css 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/css/webfontswoff2.min.css

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

41ca31dd947986636a2a563531ea56f56c91261d476097310491b2241c6a027b

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 15 Nov 2021 13:54:01 GMT
date: Wed, 16 Mar 2022 13:49:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="-1820326"
accept-ranges: none
vary: Accept-Encoding,User-Agent
content-length: 37079
x-xss-protection: 1; mode=block

GET
H2 200 footer-fcb-hvb-logo.png
www.hypovereinsbank.de/etc/designs/hypovereinsbank/img/ 3 KB
4 KB 33ms
32ms Image
image/png 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/img/footer-fcb-hvb-logo.png

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

4e1a7dab89e842ae5a32005faec6e6c6df9fc64c0946ec07844c301948bf6dd5

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 29 Sep 2020 08:27:02 GMT
etag: "cad-5b06f8c1b2180"
x-frame-options: SAMEORIGIN
content-type: image/png
date: Wed, 16 Mar 2022 13:49:20 GMT
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="-1470552018"
accept-ranges: bytes
content-length: 3245
x-xss-protection: 1; mode=block

GET
H2 200 footer-unicredit-logo.png
www.hypovereinsbank.de/etc/designs/hypovereinsbank/img/ 1004 B
1 KB 57ms
57ms Image
image/png 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hypovereinsbank.de/etc/designs/hypovereinsbank/img/footer-unicredit-logo.png

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

68a1c9510194dcd753b97f1809bf716a9e7c51058b0cf30a2a84969ff1d9e718

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 29 Sep 2020 08:27:02 GMT
etag: "3ec-5b06f8c1b2180"
x-frame-options: SAMEORIGIN
content-type: image/png
date: Wed, 16 Mar 2022 13:49:20 GMT
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
server-timing: dtRpid;desc="-693849272"
accept-ranges: bytes
content-length: 1004
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 18 KB
18 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f68a05c59d916c97ae62fc47ad8b91c03ef550622d1ccc1ab38e7dbaa20352e

Request headers

Referer
Origin: https://www.hypovereinsbank.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
DATA 200
OK truncated
/ 18 KB
18 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 932ce05c3bc6ad7357e10ef379366cf173abb994fc2ea581697c139aafb42e3e

Request headers

Referer
Origin: https://www.hypovereinsbank.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

POST
H2 200 rb_61dd03e5-69cf-4451-b134-fb538d479a5a Show response
www.hypovereinsbank.de/ 144 B
696 B 47ms
46ms XHR
text/plain 23.37.43.97
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hypovereinsbank.de/rb_61dd03e5-69cf-4451-b134-fb538d479a5a?type=js&session=6%24CAA6530C3699E8AB18E6DB81F47BB751%7C5a79adb2a11eb909%7C1%7Cbe5528ed824f4ff6%7C0&svrid=6&flavor=post&visitID=UFRAQPPMASCNRHVANEFSFEWPGUAIGTJM-0&modifiedSince=1647429482249&referer=https%3A%2F%2Fwww.hypovereinsbank.de%2Fportal%3Fview%3D%2Fde%2Flogout%2Fkein-login.jsp&app=be5528ed824f4ff6&crc=321544192&end=1

Requested by

Host: www.hypovereinsbank.de
URL: https://www.hypovereinsbank.de/ruxitagentjs_ICA27Vfjqrux_10219210719121502.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.43.97 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-43-97.deploy.static.akamaitechnologies.com

Software

Resource Hash

6047c5ed3734c0e052874ca7ebf7d7ef83f3039bbc66fcfcc809db7a0d9c35f0

Security Headers

Name	Value
Content-Security-Policy	default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.hypovereinsbank.de/portal?view=/de/logout/kein-login.jsp
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 16 Mar 2022 13:49:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
content-security-policy: default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * data:
accept-ranges: none
vary: Accept-Encoding,User-Agent
content-length: 147
x-xss-protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
my.hypovereinsbank.de/	1969-12-31 23:59:59	Name: TS013412b2 Value: 01ea7e53bf73d593ab8b2950db06df91f97928102db89ee1076266f757ad6b2a0913602602549e410d9b3142823548b80e1f888c1d
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: TS01a21db0 Value: 01ea7e53bf73d593ab8b2950db06df91f97928102db89ee1076266f757ad6b2a0913602602549e410d9b3142823548b80e1f888c1d
my.hypovereinsbank.de/	1969-12-31 23:59:59	Name: RLSESSIONID_HVB2 Value: m4SS_XtB1xHZjyRcwTQcBSbKgUmbYuiN3In-atWoPTxRQvabggDY!1568770877
www.hypovereinsbank.de/	1969-12-31 23:59:59	Name: RLSESSIONID_HVB1 Value: rHOS_XwQNHRrrH-QfMbdhExBuw9mlmvkeRM91j6pc18FDD90CpmW!-1636572434
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: dtCookie Value: 6$CAA6530C3699E8AB18E6DB81F47BB751\|5a79adb2a11eb909\|1\|be5528ed824f4ff6\|0
www.hypovereinsbank.de/	1969-12-31 23:59:59	Name: TS0158b0ab Value: 01ea7e53bfe849b628022dec6e2deb912de0e94b2337df88ec5fa94e8ab9539d3fc6f7c29000a0f8a6a0cc8c31db3a5f3ecdaff67d
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: TS01cebfa9 Value: 01ea7e53bfe849b628022dec6e2deb912de0e94b2337df88ec5fa94e8ab9539d3fc6f7c29000a0f8a6a0cc8c31db3a5f3ecdaff67d
.hypovereinsbank.de/	1970-01-20 01:37:25	Name: ak_bmsc Value: 06E6C3F680F156B8A3C219F5BE4B5E80~000000000000000000000000000000~YAAQiV5swQxZgI1/AQAAF3z9kg+oXQYb/gmAiCM6SkZK9VysZhInPQi/nEJ9u+ruSI91Kw+PjzRnHmrLMmYdrGSSAoHpwer+JzE26EzJnqu4WfH56RPmr6Mn+XK916qQTHvtNVJuDyPVEeiz9AP6Pxa9mW51tS8AD5o1O1yKW6blrVMEMnk/WbzXH8uhlV1eI86sTGvYVrhUBGIaXEaXX2viIpbiZJwOWekaI7jAqx5B6icEeggAYQYhVRKUAQLBlom3d/Q5OENgtRjZOR24sIwFJonjk8JtLXCC8dTZcKVIzwxxZWUKUbBjhLaHHv2n8GRwD5T+JZO8c+zPZxGZpJ0TjZM6xq0S7dQ1y9L3hUjVM/x+GTqkLyXNmilQ2MQSzaxwenEmgEIwpn9HJ61kClY=
www.hypovereinsbank.de/	1969-12-31 23:59:59	Name: oam.Flash.RENDERMAP.TOKEN Value: -zuxsbprkh
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: rxVisitor Value: 1647438560508FG62UNEQ3GERQEMQK7GQ3BHRBUGQ9NLV
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: dtSa Value: -
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: dtLatC Value: 127
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: rxvt Value: 1647440360682\|1647438560510
.hypovereinsbank.de/	1969-12-31 23:59:59	Name: dtPC Value: 6$438560505_70h-vUFRAQPPMASCNRHVANEFSFEWPGUAIGTJM-0
.hypovereinsbank.de/	1970-01-20 01:37:25	Name: bm_sv Value: DAD1BCFFDAE584D1C0E6D069C0DBEC92~z5HSUy33D30UuYMNTjk2W/68TlrHhMr2yQhu2svO7nSqaEuZGTQPVbR5WRFQbiTH8+hpccm6PgFgaHePl/cywdelvhaUtvw/oB2LkKm9/0vaCqV+Mu+v6F6ijv3nQqEf5t9Kp8zjmwITo7WlYw+/49Zi3VJ3BUb1d67IdglON4c=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Content-Security-Policy	default-src 'self' https://ihrfeedback.hypovereinsbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:;img-src 'self' data:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

my.hypovereinsbank.de
www.hypovereinsbank.de
217.148.99.32
23.37.43.97
3f68a05c59d916c97ae62fc47ad8b91c03ef550622d1ccc1ab38e7dbaa20352e
41ca31dd947986636a2a563531ea56f56c91261d476097310491b2241c6a027b
4e1a7dab89e842ae5a32005faec6e6c6df9fc64c0946ec07844c301948bf6dd5
6047c5ed3734c0e052874ca7ebf7d7ef83f3039bbc66fcfcc809db7a0d9c35f0
6355605e3df681ae62b6e9186d7f2992b348366c48291401183e12e8a0ac1449
68a1c9510194dcd753b97f1809bf716a9e7c51058b0cf30a2a84969ff1d9e718
6f4b124c6010b0da92e1fe28b9370a860d1de30a51a9fce4e5313bd579353d2b
932ce05c3bc6ad7357e10ef379366cf173abb994fc2ea581697c139aafb42e3e
a89a44f5f9a9ae200fd6a3e9a98c45e1edabfc694065eacf890ac57cacd70a21
af5b3f58be54bd023ee49f857e084ded9503cbd3ea9bedd40138e50d241fcf64
d663806afc8c4cfbf607eda7b73f2fe18f023d21ddc480298297a4ba923b2c58
d75f8187b3f24c737242b1cb380e2a11608cec1609ba86cd7aa06e0df6575bc2
dfb37b3e8ecb808d78405c79e237fac16183b79c0c84d5cbbd5f3df23d926cac
e21bf9d8b754aee46a70e76a961488d59d630526fecbb164da696ae36b22df30
f9ba90e2e8ecf0673e7909946ded6a36a3cfe69b5a71668df95ac287b29d66e0
fc66d22a4c26f5802d508ce6b5a175a83122e0212276a5f1df5fae7734c07c3d

www.hypovereinsbank.de Open in urlscan Pro 23.37.43.97 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

3 IPs

2 Countries

384 kBTransfer

842 kBSize

15 Cookies

1 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

15 Cookies

Security Headers

Indicators

www.hypovereinsbank.de Open in urlscan Pro
23.37.43.97 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

2
Countries

384 kB
Transfer

842 kB
Size

15
Cookies

11 HTTP transactions
5 data transactions