URL: https://vrbank-sww.helllicht.io/
Submission: On April 21 via automatic, source certstream-suspicious — Scanned from FR

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 17 HTTP transactions. The main IP is 178.77.103.40, located in Strasbourg, France and belongs to GD-EMEA-DC-SXB1, DE. The main domain is vrbank-sww.helllicht.io.
TLS certificate: Issued by R3 on April 21st 2022. Valid for: 3 months.
This is the only time vrbank-sww.helllicht.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 178.77.103.40 8972 (GD-EMEA-D...)
8 2600:9000:20e... 16509 (AMAZON-02)
6 35.156.73.187 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
17 5
Domain Requested by
8 d3sxntx3fivhk5.cloudfront.net vrbank-sww.helllicht.io
6 cms.meinebank-finder.de d3sxntx3fivhk5.cloudfront.net
1 d17xymo2tyyize.cloudfront.net
1 hello.myfonts.net client
1 vrbank-sww.helllicht.io
17 5

This site contains links to these domains. Also see Links.

Domain
www.vrbank-sww.de
Subject Issuer Validity Valid
vrbank-sww.helllicht.io
R3
2022-04-21 -
2022-07-20
3 months crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
cms.meinebank-finder.de
Amazon
2021-10-08 -
2022-11-06
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-10 -
2022-07-09
a year crt.sh

This page contains 1 frames:

Primary Page: https://vrbank-sww.helllicht.io/
Frame ID: 857484FCFDCBA720098095CD7AC4E293
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Hausbankfinder

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

17
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

768 kB
Transfer

1344 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
vrbank-sww.helllicht.io/
2 KB
1 KB
Document
General
Full URL
https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
178.77.103.40 Strasbourg, France, ASN8972 (GD-EMEA-DC-SXB1, DE),
Reverse DNS
server.helllicht.com
Software
nginx / PHP/7.4.28
Resource Hash
947184c703baf92d005f2dacc4e3fdcc0fd92c462d7ee069e80021b087e39b36
Security Headers
Name Value
Content-Security-Policy default-src https:; script-src 'self' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-length
805
content-security-policy
default-src https:; script-src 'self' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://*.cloudfront.net
content-type
text/html; charset=UTF-8
date
Thu, 21 Apr 2022 14:07:03 GMT
permissions-policy
geolocation=(), camera=(), microphone=()
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.4.28
chunk-vendors.428f2fde.css
d3sxntx3fivhk5.cloudfront.net/css/
54 KB
8 KB
Stylesheet
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/css/chunk-vendors.428f2fde.css
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a4ccf8f3a909b0bb64ad55cce7e17e5863ae09272db936ac3b877ce435e8350a

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
7730
x-amz-meta-etag
VHa6DjDvS+/YFxhmfPiflw==
access-control-allow-origin
*
last-modified
Mon, 18 Oct 2021 15:59:18 GMT
server
AmazonS3
etag
"5476ba0e30ef4befd81718667cf89f97"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
GMeeVGMhGTJ44mnTa3kesoHOBpyI9Pvt
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
text/css; charset=UTF-8
x-amz-cf-id
JtR0TDu1GKNlFjeyzlQmFw7wLgb6YlvBGiYeaZAeNjzxqrbP82rAFw==
app.febce877.css
d3sxntx3fivhk5.cloudfront.net/css/
147 KB
24 KB
Stylesheet
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/css/app.febce877.css
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
578b0b78c634529ad8ba6c50ba36ad719a71b37f25f14ee19e40eb2031bcc255

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
23511
x-amz-meta-etag
//+0PGxO/rGl9SNV6V7T+g==
access-control-allow-origin
*
last-modified
Mon, 14 Feb 2022 08:50:57 GMT
server
AmazonS3
etag
"7ab554adeef04ea1fdaed5a8ea1d8cf4"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
sKhS8TLQ8BGFEl.ezy3DpUT8__Is6ybs
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
text/css; charset=UTF-8
x-amz-cf-id
XgNhvcK-i6eEMI02rkJbVHPR8CXfYzyhwDVUAmdDZOA81Ij1xjGm1Q==
chunk-vendors.1ee8a0ea.js
d3sxntx3fivhk5.cloudfront.net/js/
560 KB
188 KB
Script
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/js/chunk-vendors.1ee8a0ea.js
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
df248d492151f9a39bebd9554f874563ec72dd1b454f4ceb1b1b055766c13da7

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
192102
x-amz-meta-etag
gp0vtvTCEmkVj6/L69ruDw==
access-control-allow-origin
*
last-modified
Tue, 22 Mar 2022 14:02:19 GMT
server
AmazonS3
etag
"829d2fb6f4c21269158fafcbebdaee0f"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
Dscv.0auXBiRjPZKEzCLTJUnr232.XwO
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=UTF-8
x-amz-cf-id
yGpky32aYABJhBHHmMpHrMRxb_lP_8TJvoR_OMHOd4KeeoBy-1OytQ==
app.aa62c149.js
d3sxntx3fivhk5.cloudfront.net/js/
99 KB
25 KB
Script
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/js/app.aa62c149.js
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7f703e555b659a909b69078dad0e72d227aa480a51da8a00bd454f471e19897d

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
25012
x-amz-meta-etag
3p0GtisvOYg5iyGkB4t5Cw==
access-control-allow-origin
*
last-modified
Tue, 12 Apr 2022 09:36:00 GMT
server
AmazonS3
etag
"866ee2e67dd714a8859cf8d7147f39c0"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
pHqYuGrXa3yb8MDCrofWcfxoXv6ATs_D
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=UTF-8
x-amz-cf-id
2i7gL3Ph3Fogp14YaTO7P76X8LqNSfZpHFYtjHEx8IrJO5iK79UqOg==
3tf9ahna.3f07898a.js
d3sxntx3fivhk5.cloudfront.net/js/
0
1 KB
Other
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/js/3tf9ahna.3f07898a.js
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
418
x-amz-meta-etag
F6sjzzLS37t77cEzHJcOUw==
access-control-allow-origin
*
last-modified
Tue, 15 Feb 2022 14:13:06 GMT
server
AmazonS3
etag
"483aa34aa7e0dc1a93b7a0dc6e7cde85"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
RpeQ9X9KeCgcLMeinWLhB.aus3nacbfV
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=UTF-8
x-amz-cf-id
4uy8d7GyuNRWo2ifiXfYrd2W280ki1glgyi0FLZyRsZdcKmfck3-fg==
main.56d0f461.js
d3sxntx3fivhk5.cloudfront.net/js/
0
33 KB
Other
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/js/main.56d0f461.js
Requested by
Host: vrbank-sww.helllicht.io
URL: https://vrbank-sww.helllicht.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:04 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
access-control-max-age
60
content-length
32990
x-amz-meta-etag
3p0GtisvOYg5iyGkB4t5Cw==
access-control-allow-origin
*
last-modified
Tue, 12 Apr 2022 09:36:00 GMT
server
AmazonS3
etag
"de9d06b62b2f3988398b21a4078b790b"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
x-amz-version-id
Nuuln4ybfn4Ksje5GkfGfWsLmwBjh3ml
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
application/javascript; charset=UTF-8
x-amz-cf-id
MER14MWjMW0SWgMkVO3d0GoOSwlmT9yhBXEDm0GR_r_IIMHKxnqZ0g==
icons
cms.meinebank-finder.de/api/
0
0
Preflight
General
Full URL
https://cms.meinebank-finder.de/api/icons
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
x-app-version,x-request-source
Access-Control-Request-Method
GET
Origin
https://vrbank-sww.helllicht.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
max-age=0, must-revalidate, private
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
content-type
text/html; charset=UTF-8
date
Thu, 21 Apr 2022 14:07:03 GMT
expires
Thu, 21 Apr 2022 14:07:03 GMT
permissions-policy
geolocation=(), camera=(), microphone=()
referrer-policy
same-origin
server
nginx/1.20.0
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
icons
cms.meinebank-finder.de/api/
409 KB
410 KB
XHR
General
Full URL
https://cms.meinebank-finder.de/api/icons
Requested by
Host: d3sxntx3fivhk5.cloudfront.net
URL: https://d3sxntx3fivhk5.cloudfront.net/js/chunk-vendors.1ee8a0ea.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
5bfc2cb4de121f59dc7558b96350dd83da95415612d8ba799eb34c509d41c30f
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
X-Request-Source
vrbank-sww.helllicht.io
X-App-Version
0.1
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:03 GMT
referrer-policy
same-origin
server
nginx/1.20.0
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
no-cache, private
access-control-allow-credentials
true
permissions-policy
geolocation=(), camera=(), microphone=()
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
x-content-type-options
nosniff
/
cms.meinebank-finder.de/api/
10 KB
11 KB
XHR
General
Full URL
https://cms.meinebank-finder.de/api/
Requested by
Host: d3sxntx3fivhk5.cloudfront.net
URL: https://d3sxntx3fivhk5.cloudfront.net/js/chunk-vendors.1ee8a0ea.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
d3dce6ef6ec1dc7dee494bbc154eeefdd8d553479bda0725fc9c91121fc95f5e
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
X-Request-Source
vrbank-sww.helllicht.io
X-App-Version
0.1
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:03 GMT
referrer-policy
same-origin
server
nginx/1.20.0
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
no-cache, private
access-control-allow-credentials
true
permissions-policy
geolocation=(), camera=(), microphone=()
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
x-content-type-options
nosniff
/
cms.meinebank-finder.de/api/
0
0
Preflight
General
Full URL
https://cms.meinebank-finder.de/api/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
x-app-version,x-request-source
Access-Control-Request-Method
GET
Origin
https://vrbank-sww.helllicht.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
max-age=0, must-revalidate, private
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
content-type
text/html; charset=UTF-8
date
Thu, 21 Apr 2022 14:07:03 GMT
expires
Thu, 21 Apr 2022 14:07:03 GMT
permissions-policy
geolocation=(), camera=(), microphone=()
referrer-policy
same-origin
server
nginx/1.20.0
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
error
cms.meinebank-finder.de/api/report/
0
0
Preflight
General
Full URL
https://cms.meinebank-finder.de/api/report/error
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-app-version,x-request-source
Access-Control-Request-Method
POST
Origin
https://vrbank-sww.helllicht.io
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
max-age=0, must-revalidate, private
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
content-type
text/html; charset=UTF-8
date
Thu, 21 Apr 2022 14:07:03 GMT
expires
Thu, 21 Apr 2022 14:07:03 GMT
permissions-policy
geolocation=(), camera=(), microphone=()
referrer-policy
same-origin
server
nginx/1.20.0
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
39e5f3
hello.myfonts.net/count/
0
351 B
Stylesheet
General
Full URL
https://hello.myfonts.net/count/39e5f3
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:f449 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:03 GMT
server
cloudflare
age
1
expect-ct
null
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
cf-ray
6ff6af11794e99d9-CDG
content-length
0
expires
Fri, 21 Apr 2023 14:07:03 GMT
error
cms.meinebank-finder.de/api/report/
0
675 B
XHR
General
Full URL
https://cms.meinebank-finder.de/api/report/error
Requested by
Host: d3sxntx3fivhk5.cloudfront.net
URL: https://d3sxntx3fivhk5.cloudfront.net/js/chunk-vendors.1ee8a0ea.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.73.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-73-187.eu-central-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
X-Request-Source
vrbank-sww.helllicht.io
X-App-Version
0.1
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 21 Apr 2022 14:07:03 GMT
referrer-policy
same-origin
server
nginx/1.20.0
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://vrbank-sww.helllicht.io
cache-control
max-age=0, must-revalidate, private
access-control-allow-credentials
true
permissions-policy
geolocation=(), camera=(), microphone=()
content-security-policy
default-src https:; img-src 'self' 'unsafe-inline' data: https://*.amazonaws.com; script-src 'self' 'unsafe-inline' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
X-App-Version, X-Request-Source, Content-Type
x-content-type-options
nosniff
expires
Thu, 21 Apr 2022 14:07:03 GMT
logo_vrbank_sww.png
d17xymo2tyyize.cloudfront.net/vrbank_sww/config/
7 KB
8 KB
Image
General
Full URL
https://d17xymo2tyyize.cloudfront.net/vrbank_sww/config/logo_vrbank_sww.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:7c00:1a:a1aa:a680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ea9c866fff6488832c21832b904e4d3a7e17c295197301e96f872ec34e29127d

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Thu, 21 Apr 2022 14:02:53 GMT
via
1.1 1d67a4c00b06651cb6daa95ec3f21f9a.cloudfront.net (CloudFront)
last-modified
Thu, 21 Apr 2022 13:06:03 GMT
server
AmazonS3
age
252
etag
"f1a47170a5bf1e4ddca9d9eb4851bcd8"
x-cache
Hit from cloudfront
x-amz-version-id
null
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-type
image/png
content-length
7452
x-amz-cf-id
tjig4EwceBFj4-ZvsnCOrxJZ1O7KRCxou79ch-NDjbqwCi1m_mWGRw==
39E5F3_0_0.woff2
d3sxntx3fivhk5.cloudfront.net/fonts/frutiger/
39 KB
39 KB
Font
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/fonts/frutiger/39E5F3_0_0.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c9fe2359622514130fbf026a80af0fbd93d109f3ae5f86e63efdc6b335f2996f

Request headers

Referer
https://vrbank-sww.helllicht.io/
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:05 GMT
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
39687
x-amz-meta-etag
fFmEVwFZfAEidf4suQefAw==
last-modified
Tue, 28 Sep 2021 10:14:21 GMT
server
AmazonS3
etag
"d08a89e3ae51eb103e6817c22c53ab06"
access-control-max-age
60
access-control-allow-methods
GET
x-amz-version-id
gARhQUHA97HJeKol.WyDeIjYpNHwkFce
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
font/woff2
x-amz-cf-id
dmgCWJqwFfKnZglqLYWuL7oCvwipA0LqYknw-l-ISNbfQCwiFgG31A==
39E5F3_2_0.woff2
d3sxntx3fivhk5.cloudfront.net/fonts/frutiger/
18 KB
18 KB
Font
General
Full URL
https://d3sxntx3fivhk5.cloudfront.net/fonts/frutiger/39E5F3_2_0.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:2e00:7:5ff2:2940:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
438aac5bcde894be4479b99047b24757e5e3554eaba8fc92874c7f7db03aa80f

Request headers

Referer
https://vrbank-sww.helllicht.io/
Origin
https://vrbank-sww.helllicht.io
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 14:07:05 GMT
via
1.1 cb33a7a4640adbb55df3e0d143601558.cloudfront.net (CloudFront)
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-length
18082
x-amz-meta-etag
fFmEVwFZfAEidf4suQefAw==
last-modified
Tue, 28 Sep 2021 10:14:21 GMT
server
AmazonS3
etag
"cc154b4b5257aa6c86a69bca8d2096ed"
access-control-max-age
60
access-control-allow-methods
GET
x-amz-version-id
Ec.2Hu92Slg6JUk49ZzmlRwexf_QzuwK
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
content-type
font/woff2
x-amz-cf-id
26RifCOsmIzv0MF010Ycn8VkbE4EG5ywrlJjHdzBf0uZ6Ld8UyD3mw==

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webpackJsonp object| core object| regeneratorRuntime function| _ function| HowlerGlobal object| Howler function| Howl function| Sound

1 Cookies

Domain/Path Name / Value
.myfonts.net/ Name: __cf_bm
Value: oXGSX8uQepYi2M5Bk5y1UOQ4H8HujK5ZNQyyenX9aU0-1650550023-0-AdcXAI05mIp64O2kJTvsigeD0hcCQgRKIQnM5cxogS3w9OLt7ZVi1iQYPQ7wWlf6thSifD7FNxbhb+WXSGuKcxo=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https:; script-src 'self' https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https:; font-src 'self' https://*.googleapis.com https://*.cloudfront.net
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN