login.vwgroup.com Open in urlscan Pro
194.114.33.147 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://1it.volkswagen.de/
Effective URL:
https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth
Submission: On January 19 via manual (January 19th 2024, 8:43:16 pm UTC) from DZ — Scanned from DE

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 194.114.33.147, located in Germany and belongs to VOLKSWAGEN Volkswagen AG, Wolfsburg, DE. The main domain is login.vwgroup.com.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on November 10th 2023. Valid for: a year.

This is the only time login.vwgroup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a01:4dc0:0:4... 2a01:4dc0:0:4f00::c272:2077	206618 (VOLKSWAGE...) (VOLKSWAGEN Volkswagen AG)
6	194.114.32.144 194.114.32.144	206618 (VOLKSWAGE...) (VOLKSWAGEN Volkswagen AG)
2 10	194.114.33.147 194.114.33.147	206618 (VOLKSWAGE...) (VOLKSWAGEN Volkswagen AG)
14	2

1 2a01:4dc0:0:4f00::c272:2077 (Germany) 1 redirects

ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE)

1it.volkswagen.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 194.114.32.144 (Germany)

ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE)

cocoa.volkswagen.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 194.114.33.147 (Germany) 2 redirects

ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE)

login.vwgroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	vwgroup.com 2 redirects login.vwgroup.com	442 KB
7	volkswagen.de 1 redirects 1it.volkswagen.de cocoa.volkswagen.de	143 KB
14	2

	Domain	Requested by
10	login.vwgroup.com	2 redirects login.vwgroup.com
6	cocoa.volkswagen.de	cocoa.volkswagen.de
1	1it.volkswagen.de	1 redirects
14	3

This site contains links to these domains. Also see Links.

Domain
www.volkswagenag.com

Subject Issuer	Validity	Valid
cocoa.volkswagen.de QuoVadis Global SSL ICA G3	`2023-02-02` - `2024-02-02`	a year	crt.sh
login.vwgroup.com QuoVadis Global SSL ICA G3	`2023-11-10` - `2024-11-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth
Frame ID: 4A7BFC831D76CF7CA20B194C12E49F36
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

GroupLogin

Page URL History Show full URLs

http://1it.volkswagen.de/ HTTP 302
https://cocoa.volkswagen.de/vconf/display/GITLC Page URL
https://cocoa.volkswagen.de/isam/sps/sp_cocoa_volkswagen_de/saml20/logininitial?RequestBinding=HTTPPost&... Page URL
https://login.vwgroup.com/isam/sps/idpextprodws/saml20/login HTTP 302
https://login.vwgroup.com/isam/sps/auth HTTP 302
https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth Page URL

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

584 kB
Transfer

914 kB
Size

9
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.volkswagenag.com/de/meta/provider-identification.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.volkswagenag.com/de/meta/data-protection-declaration.html
Title: Datenschutzerklärung

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://1it.volkswagen.de/ HTTP 302
https://cocoa.volkswagen.de/vconf/display/GITLC Page URL
https://cocoa.volkswagen.de/isam/sps/sp_cocoa_volkswagen_de/saml20/logininitial?RequestBinding=HTTPPost&Target=/..%2Fvconf%2Fdisplay%2FGITLC Page URL
https://login.vwgroup.com/isam/sps/idpextprodws/saml20/login HTTP 302
https://login.vwgroup.com/isam/sps/auth HTTP 302
https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://1it.volkswagen.de/ HTTP 302
https://cocoa.volkswagen.de/vconf/display/GITLC

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

GITLC Show response
cocoa.volkswagen.de/vconf/display/
Redirect Chain

http://1it.volkswagen.de/
https://cocoa.volkswagen.de/vconf/display/GITLC

5 KB
5 KB

126ms
37ms

Document
text/html

194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://cocoa.volkswagen.de/vconf/display/GITLC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

2afbb374da2c45bd2b8a5293206389f678e2b5d831b3a8656ae5369c1a2bbdfc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' script-src 'self' object-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-length: 4933
content-security-policy: frame-ancestors 'self' script-src 'self' object-src 'self'
content-type: text/html
date: Fri, 19 Jan 2024 20:43:10 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 19 Jan 2024 20:43:10 GMT
Keep-Alive: timeout=5, max=100
Location: https://cocoa.volkswagen.de/vconf/display/GITLC
Server: Apache
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.css
cocoa.volkswagen.de/localdocs/styles/themes/volkswagenag/ 127 KB
127 KB 26ms
25ms Stylesheet
text/css 194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://cocoa.volkswagen.de/localdocs/styles/themes/volkswagenag/main.css

Requested by

Host: cocoa.volkswagen.de
URL: https://cocoa.volkswagen.de/vconf/display/GITLC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cocoa.volkswagen.de/vconf/display/GITLC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: text/css
date: Fri, 19 Jan 2024 20:43:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 03 Feb 2022 12:31:06 GMT
content-length: 130199
x-frame-options: SAMEORIGIN
p3p: CP="NON CUR OTPi OUR NOR UNI"

GET
H/1.1 200
OK samlsso.js
cocoa.volkswagen.de/localdocs/extra/ 805 B
1 KB 189ms
23ms Script
application/x-javascript 194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://cocoa.volkswagen.de/localdocs/extra/samlsso.js

Requested by

Host: cocoa.volkswagen.de
URL: https://cocoa.volkswagen.de/vconf/display/GITLC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cocoa.volkswagen.de/vconf/display/GITLC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: application/x-javascript
date: Fri, 19 Jan 2024 20:43:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 03 Feb 2022 12:31:06 GMT
content-length: 805
x-frame-options: SAMEORIGIN
p3p: CP="NON CUR OTPi OUR NOR UNI"

GET
H/1.1 200
OK brand.png
cocoa.volkswagen.de/localdocs/pics/volkswagenag/ 1 KB
2 KB 189ms
24ms Image
image/png 194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cocoa.volkswagen.de/localdocs/pics/volkswagenag/brand.png

Requested by

Host: cocoa.volkswagen.de
URL: https://cocoa.volkswagen.de/vconf/display/GITLC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cocoa.volkswagen.de/vconf/display/GITLC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/png
date: Fri, 19 Jan 2024 20:43:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 19 Oct 2017 08:31:20 GMT
content-length: 1513
x-frame-options: SAMEORIGIN
p3p: CP="NON CUR OTPi OUR NOR UNI"

GET
H/1.1 200
OK header-logo.png
cocoa.volkswagen.de/localdocs/pics/ 336 KB
0 192ms
27ms Image
image/png 194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cocoa.volkswagen.de/localdocs/pics/header-logo.png

Requested by

Host: cocoa.volkswagen.de
URL: https://cocoa.volkswagen.de/vconf/display/GITLC

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cocoa.volkswagen.de/vconf/display/GITLC
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-type: image/png
date: Fri, 19 Jan 2024 20:43:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 19 Oct 2017 08:31:20 GMT
content-length: 376080
x-frame-options: SAMEORIGIN
p3p: CP="NON CUR OTPi OUR NOR UNI"

GET
H/1.1 200
OK logininitial Show response
cocoa.volkswagen.de/isam/sps/sp_cocoa_volkswagen_de/saml20/ 6 KB
7 KB 94ms
94ms Document
text/html 194.114.32.144
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://cocoa.volkswagen.de/isam/sps/sp_cocoa_volkswagen_de/saml20/logininitial?RequestBinding=HTTPPost&Target=/..%2Fvconf%2Fdisplay%2FGITLC

Requested by

Host: cocoa.volkswagen.de
URL: https://cocoa.volkswagen.de/localdocs/extra/samlsso.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.32.144 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

80aec465104b00c5d1c58e1f2cabe9e2c812d1f24fa5542e402bed9b86af2606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://cocoa.volkswagen.de/vconf/display/GITLC
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-language: en-US
content-type: text/html;charset=UTF-8
date: Fri, 19 Jan 2024 20:43:11 GMT
expires: Thu, 01 Dec 1994 16:00:00 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
transfer-encoding: chunked
x-frame-options: SAMEORIGIN

GET
H/1.1

200
OK

Primary Request redirect.html Show response
login.vwgroup.com/
Redirect Chain

https://login.vwgroup.com/isam/sps/idpextprodws/saml20/login
https://login.vwgroup.com/isam/sps/auth
https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

25 KB
25 KB

27ms
27ms

Document
text/html

194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

af9894f7c4c590ebc2b14d5579d42af36e807a9cbc487e499a401a0e09b60051

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg
X-Xss-Protection	1; mode=block

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://cocoa.volkswagen.de
Referer: https://cocoa.volkswagen.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-length: 25325
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
content-type: text/html
date: Fri, 19 Jan 2024 20:43:11 GMT
p3p: CP="NON CUR OTPi OUR NOR UNI"
pragma: no-cache
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
x-xss-protection: 1; mode=block

Redirect headers

content-language: en-US
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
date: Fri, 19 Jan 2024 20:43:11 GMT
location: https://login.vwgroup.com/isam/../redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth
p3p: CP="NON CUR OTPi OUR NOR UNI"
strict-transport-security: max-age=31536000
transfer-encoding: chunked
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg

GET
H/1.1 200
OK style.min.css
login.vwgroup.com/localdocs/css/ 38 KB
39 KB 25ms
24ms Stylesheet
text/css 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/localdocs/css/style.min.css?v=1645640336767

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

9eeb700cf0a9feb748b018d951823ff1889328065fc1097b95aa7695358d25f0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Tue, 25 Jan 2022 11:00:32 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/css
content-length: 39073

GET
H/1.1 200
OK icons.svg
login.vwgroup.com/localdocs/svg/ 157 KB
158 KB 73ms
24ms Other
image/svg+xml 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/localdocs/svg/icons.svg

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

835ac33dc6f5b4775a0ebc71291c72e2cdfdda7a50c526955e7ac2b332364c88

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Tue, 22 Jun 2021 16:34:20 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/svg+xml
content-length: 161053

GET
H/1.1 200
OK vwag-logo.svg
login.vwgroup.com/localdocs/svg/brand/ 6 KB
6 KB 74ms
25ms Image
image/svg+xml 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.vwgroup.com/localdocs/svg/brand/vwag-logo.svg

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

6700043046fa7640823bfc7e10585c04dae183763e71715497c6ccf49050cc67

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Tue, 22 Jun 2021 16:34:20 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/svg+xml
content-length: 6135

GET
H/1.1 200
OK token.svg
login.vwgroup.com/localdocs/svg/images/ 2 KB
2 KB 72ms
23ms Image
image/svg+xml 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.vwgroup.com/localdocs/svg/images/token.svg

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

df2791677def9ff8ae6a7f9bb58af48782db357bd2f8d65fd79f3f789855245a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Tue, 22 Jun 2021 16:34:20 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: image/svg+xml
content-length: 2065

GET
H/1.1 200
OK main.min.js Show response
login.vwgroup.com/localdocs/js/ 8 KB
9 KB 47ms
23ms Script
application/x-javascript 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/localdocs/js/main.min.js?v=1645640336767

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/redirect.html?nonce=1705696991717&type=234s&Target=/../isam/sps/auth

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

77b632f0adf87620d98ce1c1cfca5b4b7705ab4387b7ed35ed5b84b807668f33

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

Referer
Origin: https://login.vwgroup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Mon, 07 Mar 2022 17:43:00 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: application/x-javascript
content-length: 8563

GET
H/1.1 200
OK VWAGTheSans-Regular.woff2
login.vwgroup.com/localdocs/fonts/ 104 KB
104 KB 40ms
23ms Font
application/octet-stream 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/localdocs/fonts/VWAGTheSans-Regular.woff2

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/localdocs/css/style.min.css?v=1645640336767

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

Referer: https://login.vwgroup.com/localdocs/css/style.min.css?v=1645640336767
Origin: https://login.vwgroup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Fri, 25 Jun 2021 09:50:06 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/plain
content-length: 106000

GET
H/1.1 200
OK VWAGTheSans-Bold.woff2
login.vwgroup.com/localdocs/fonts/ 97 KB
98 KB 42ms
24ms Font
application/octet-stream 194.114.33.147
VOLKSWAGEN Volksw...

General

Check archive.org

Show headers Download Go to

Full URL

https://login.vwgroup.com/localdocs/fonts/VWAGTheSans-Bold.woff2

Requested by

Host: login.vwgroup.com
URL: https://login.vwgroup.com/localdocs/css/style.min.css?v=1645640336767

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

194.114.33.147 , Germany, ASN206618 (VOLKSWAGEN Volkswagen AG, Wolfsburg, DE),

Reverse DNS

Software

Resource Hash

c87f8a22b4b823306a26f8db71756c802bdfe5e2ea6a666d5dbf507c9b09b283

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://selfservice.wob.vw.vwg

Request headers

Referer: https://login.vwgroup.com/localdocs/css/style.min.css?v=1645640336767
Origin: https://login.vwgroup.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 19 Jan 2024 20:43:11 GMT
content-security-policy: frame-ancestors https://selfservice.wob.vw.vwg https://www.volkswagen-net.de https://volkswagen-net.de
strict-transport-security: max-age=31536000
last-modified: Fri, 25 Jun 2021 09:50:06 GMT
x-frame-options: ALLOW-FROM https://selfservice.wob.vw.vwg
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/plain
content-length: 99784

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cocoa.volkswagen.de/	1969-12-31 23:59:59	Name: PD-S-SESSION-ID Value: ABzRxfqmRE7Zkihs+/ZR/g==:1_2_0_ETDLey7X95vL0agv1k6krijEwt4ncARbuJySR7ugTgMk7Cs0\|
cocoa.volkswagen.de/	1969-12-31 23:59:59	Name: AMWEBJCT!%2Fisam!JSESSIONID Value: 0000h-pVpz4VyqU8nlHaAQY9Z_s:5fb1c8c2-00c0-41ea-8579-d651a981f0a5
cocoa.volkswagen.de/	1969-12-31 23:59:59	Name: AMWEBJCT!%2Fisam!https%3A%2F%2Fcocoa.volkswagen.de%2Fisam%2Fsps%2Fsp_cocoa_volkswagen_de%2Fsaml20FIMSAML20 Value: uuid4e0f7702-3da5-453c-8520-4bc3ca9a84cb
cocoa.volkswagen.de/	1969-12-31 23:59:59	Name: PD_STATEFUL_070da0a6-88d8-11ec-8a69-001a4acb023f Value: %2Fisam
cocoa.volkswagen.de/	1969-12-31 23:59:59	Name: IV_JCT Value: %2Fisam
login.vwgroup.com/	1969-12-31 23:59:59	Name: AMWEBJCT!%2Fisam!JSESSIONID Value: 0000Hi1MQ6eoe6pDMWgDluCOkxM:5fb1c8c2-00c0-41ea-8579-d651a981f0a5
login.vwgroup.com/	1969-12-31 23:59:59	Name: AMWEBJCT!%2Fisam!https%3A%2F%2Flogin.vwgroup.com%2Fisam%2Fsps%2Fidpextprodws%2Fsaml20FIMSAML20 Value: uuid5a4654b3-a8e2-41a1-8f5d-d72dbf088d74
login.vwgroup.com/	1969-12-31 23:59:59	Name: PD_STATEFUL_2045ac32-9f71-11ea-a8c3-001a4acb023f Value: %2Fisam
.login.vwgroup.com/	1969-12-31 23:59:59	Name: PD-S-SESSION-ID Value: /kkzm3iM7X0hsL0p6etfNQ==:1_2_0_JHCSiVV4XVqd31rX-B-m394na3LOjaxEfv2Hutur-a+5C3tR\|

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://cocoa.volkswagen.de/vconf/display/GITLC Message: The Content-Security-Policy directive 'frame-ancestors' contains 'script-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security	error	URL: https://cocoa.volkswagen.de/vconf/display/GITLC Message: The Content-Security-Policy directive 'frame-ancestors' contains 'object-src' as a source expression. Did you want to add it as a directive and forget a semicolon?

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' script-src 'self' object-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1it.volkswagen.de
cocoa.volkswagen.de
login.vwgroup.com
194.114.32.144
194.114.33.147
2a01:4dc0:0:4f00::c272:2077
2afbb374da2c45bd2b8a5293206389f678e2b5d831b3a8656ae5369c1a2bbdfc
4cd4a114c2a0c028c7d746a0235819aa90b75589cbdc149d52ab48183a4146dd
6700043046fa7640823bfc7e10585c04dae183763e71715497c6ccf49050cc67
77b632f0adf87620d98ce1c1cfca5b4b7705ab4387b7ed35ed5b84b807668f33
80aec465104b00c5d1c58e1f2cabe9e2c812d1f24fa5542e402bed9b86af2606
835ac33dc6f5b4775a0ebc71291c72e2cdfdda7a50c526955e7ac2b332364c88
9eeb700cf0a9feb748b018d951823ff1889328065fc1097b95aa7695358d25f0
af9894f7c4c590ebc2b14d5579d42af36e807a9cbc487e499a401a0e09b60051
c87f8a22b4b823306a26f8db71756c802bdfe5e2ea6a666d5dbf507c9b09b283
df2791677def9ff8ae6a7f9bb58af48782db357bd2f8d65fd79f3f789855245a

login.vwgroup.com Open in urlscan Pro 194.114.33.147 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

100 %HTTPS

33 %IPv6

2 Domains

3 Subdomains

2 IPs

1 Countries

584 kBTransfer

914 kBSize

9 Cookies

2 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

9 Cookies

2 Console Messages

Security Headers

Indicators

login.vwgroup.com Open in urlscan Pro
194.114.33.147 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

584 kB
Transfer

914 kB
Size

9
Cookies

14 HTTP transactions
0 data transactions