urlscan.io logo urlscan.io
SecurityTrails logo

karten.netbank.de Open in urlscan Pro
62.146.138.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://karten.netbank.de/
Effective URL: https://karten.netbank.de/login/show
Submission: On June 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 12 HTTP transactions. The main IP is 62.146.138.153, located in Germany and belongs to IPX-AS15598, DE. The main domain is karten.netbank.de.
TLS certificate: Issued by GeoTrust RSA CA 2018 on July 7th 2020. Valid for: 2 years.
This is the only time karten.netbank.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 62.146.138.153 15598 (IPX-AS15598)
7 80.190.137.5 15598 (IPX-AS15598)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
12 4
Apex Domain
Subdomains		 Transfer
7 petafuel.net
cdn.petafuel.net
175 KB
4 netbank.de
karten.netbank.de
23 KB
1 gstatic.com
fonts.gstatic.com
29 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 71
986 B
12 4
Domain Requested by
7 cdn.petafuel.net karten.netbank.de
4 karten.netbank.de 1 redirects karten.netbank.de
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com cdn.petafuel.net
12 4

This site contains links to these domains. Also see Links.

Domain
www.netbank.de
Subject Issuer Validity Valid
karten.netbank.de
GeoTrust RSA CA 2018		 2020-07-07 -
2022-07-12		 2 years crt.sh
*.petafuel.net
Sectigo RSA Domain Validation Secure Server CA		 2021-11-30 -
2022-12-31		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-06-06 -
2022-08-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://karten.netbank.de/login/show
Frame ID: 999AC5B6953D799AD708F5C63999E6BA
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://karten.netbank.de/ HTTP 302
    https://karten.netbank.de/login/show Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui[.-]([\d.]*\d)[^/]*\.js
  • jquery-ui.*\.js

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

226 kB
Transfer

795 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://karten.netbank.de/ HTTP 302
    https://karten.netbank.de/login/show Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request show
karten.netbank.de/login/
Redirect Chain
  • https://karten.netbank.de/
  • https://karten.netbank.de/login/show
6 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
62.146.138.153 , Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
karten.netbank.de
Software
openresty /
Resource Hash
8c6290e7c5f10140d4032b1db8381116f4870f5904d1f250a5820cbd183cdf60
Security Headers
Name Value
Content-Security-Policy default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-control
no-cache, no-store
Connection
keep-alive
Content-Language
de-DE
Content-Length
6303
Content-Security-Policy
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Jun 2022 12:30:32 GMT
Expires
-1
Pragma
no-cache
Server
openresty
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

Cache-control
no-cache, no-store
Connection
keep-alive
Content-Language
de-DE
Content-Length
0
Content-Security-Policy
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Date
Wed, 22 Jun 2022 12:30:32 GMT
Expires
-1
Location
https://karten.netbank.de/login/show
Pragma
no-cache
Server
openresty
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
netbank.css
cdn.petafuel.net/prepaidfrontends/style_res/netbank/ 		50 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/style_res/netbank/netbank.css
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
e73bdb37bc67cf834dd14fa9a3b14e4a063b54607d40a4d2091332e171593fbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:38 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
9053
X-XSS-Protection
1; mode=block
newStyles.css
cdn.petafuel.net/prepaidfrontends/style_res/_general/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/style_res/_general/newStyles.css
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
415a0b8d7b4879ec61e484611baff1637581e7e89155f268949ada2613e59820
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:36 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1193
X-XSS-Protection
1; mode=block
jquery-1.12.4.min.js
cdn.petafuel.net/prepaidfrontends/js/_general/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/js/_general/jquery-1.12.4.min.js
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:36 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33760
X-XSS-Protection
1; mode=block
jquery-ui-1.10.4.js
cdn.petafuel.net/prepaidfrontends/js/_general/ 		581 KB
113 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/js/_general/jquery-ui-1.10.4.js
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
21675056d57daf3906f8544c05c9159aeee6f3074a871bdff4b10a855f270c4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:36 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-XSS-Protection
1; mode=block
netbank.js
cdn.petafuel.net/prepaidfrontends/js/netbank/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/js/netbank/netbank.js
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
e29ed615528a822a2c0fe9a6f52f95ad003eee03bcd8933a0f0df06e0c0aef10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:36 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
886
X-XSS-Protection
1; mode=block
postIdentPDF.js
cdn.petafuel.net/prepaidfrontends/js/_general/ 		250 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.petafuel.net/prepaidfrontends/js/_general/postIdentPDF.js
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
8209b8ecc2713f067ebfa22feceaff7f80e40fd4b59c6245bd0a121550acf807
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:36 GMT
Server
Apache
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
188
X-XSS-Protection
1; mode=block
styles.css
karten.netbank.de/struts/css_xhtml/ 		1 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://karten.netbank.de/struts/css_xhtml/styles.css
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
62.146.138.153 , Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
karten.netbank.de
Software
openresty /
Resource Hash
a23bb0a81237fb843ac2802a95a07065d3d2fbf7396a4e46782ab35528cdf6f9
Security Headers
Name Value
Content-Security-Policy default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/login/show
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 21 Jun 2022 13:41:09 GMT
Server
openresty
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000
Content-Language
de-DE
Cache-Control
public
Transfer-Encoding
chunked
Content-Security-Policy
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Connection
keep-alive
Content-Type
text/css
X-XSS-Protection
1; mode=block
Retry-After
Thu, 23 Jun 2022 12:30:32 GMT
Expires
Thu, 23 Jun 2022 12:30:32 GMT
utils.js
karten.netbank.de/struts/ 		5 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://karten.netbank.de/struts/utils.js
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
62.146.138.153 , Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
karten.netbank.de
Software
openresty /
Resource Hash
309abee1bddd03fe16c196e2cc00b58318ff707764824d9b71a38f667736720d
Security Headers
Name Value
Content-Security-Policy default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/login/show
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 21 Jun 2022 13:41:09 GMT
Server
openresty
X-Frame-Options
DENY
Strict-Transport-Security
max-age=31536000
Content-Language
de-DE
Cache-Control
public
Transfer-Encoding
chunked
Content-Security-Policy
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Connection
keep-alive
Content-Type
text/javascript
X-XSS-Protection
1; mode=block
Retry-After
Thu, 23 Jun 2022 12:30:32 GMT
Expires
Thu, 23 Jun 2022 12:30:32 GMT
netbank-logo.svg
cdn.petafuel.net/prepaidfrontends/style_res/netbank/images/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.petafuel.net/prepaidfrontends/style_res/netbank/images/netbank-logo.svg
Requested by
Host: karten.netbank.de
URL: https://karten.netbank.de/login/show
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.190.137.5 Augsburg, Germany, ASN15598 (IPX-AS15598, DE),
Reverse DNS
cdnmuc2.petafuel.net
Software
Apache /
Resource Hash
6967b119f3c2372e76d27700aa15e4a0452e4be15be1b9951403476f31f1d155
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://karten.netbank.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Wed, 22 Jun 2022 12:30:32 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jun 2022 07:11:38 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
16218
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/ 		5 KB
986 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Dosis:300,400,500,600,700
Requested by
Host: cdn.petafuel.net
URL: https://cdn.petafuel.net/prepaidfrontends/style_res/netbank/netbank.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
14e2cff567f13b5b0c39065211fac09f1d4cec4db756d0a12bff6302240f7b26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.petafuel.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 22 Jun 2022 11:23:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 22 Jun 2022 12:30:32 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Jun 2022 12:30:32 GMT
HhyaU5sn9vOmLzloC_U.woff2
fonts.gstatic.com/s/dosis/v26/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dosis/v26/HhyaU5sn9vOmLzloC_U.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Dosis:300,400,500,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fab8753180b7dd4a5667cfe0d660630ccd52562d245fc6d4294113c37487b084
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://karten.netbank.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 21:02:57 GMT
x-content-type-options
nosniff
age
487655
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29440
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 16:43:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 16 Jun 2023 21:02:57 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| openPostIdentUrl function| openAdditionalUrl object| StrutsUtils object| jQuery11240726102204123372

1 Cookies

Domain/Path Name / Value
karten.netbank.de/ Name: JSESSIONID
Value: rusS8T6jsiAUh0_YdCEqpLNGnH5oY8Wf_dtgG0lS.nbgpbossfr02

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://translate.googleapis.com https://www.facebook.com/tr/ https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://matomo.petafuel.net https://matomo.wozutesten.de https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://staticxx.facebook.com https://tools.petafuel.de https://www.facebook.com https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://connect.facebook.net https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://matomo.petafuel.net https://matomo.wozutesten.de https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block