banking.postbank.de Open in urlscan Pro
34.149.53.217 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.free.fr/7XHFwbeL
Effective URL:
https://banking.postbank.de/
Submission: On December 23 via manual (December 23rd 2022, 10:07:08 am UTC) from DE — Scanned from FR

Summary HTTP 63 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 7 domains to perform 63 HTTP transactions. The main IP is 34.149.53.217, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is banking.postbank.de. The Cisco Umbrella rank of the primary domain is 392038.
TLS certificate: Issued by DigiCert EV RSA CA G2 on October 21st 2022. Valid for: a year.

This is the only time banking.postbank.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2a01:e0c:1:15... 2a01:e0c:1:1599::29	12322 (PROXAD) (PROXAD)
1 2	87.236.16.207 87.236.16.207	198610 (BEGET-AS) (BEGET-AS)
1	192.185.211.152 192.185.211.152	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
38	34.149.53.217 34.149.53.217	15169 (GOOGLE) (GOOGLE)
3	2600:9000:225... 2600:9000:2251:1800:13:46b5:7d80:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2600:1901:0:c... 2600:1901:0:c07c::	15169 (GOOGLE) (GOOGLE)
1 6	34.120.213.176 34.120.213.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	185.221.85.3 185.221.85.3	206998 (NEW-2) (NEW-2)
1	2600:1901:0:5... 2600:1901:0:5987::	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:2... 2600:1901:0:256b::	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:7... 2600:1901:0:7903::	15169 (GOOGLE) (GOOGLE)
1	34.95.108.180 34.95.108.180	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:214... 2600:9000:214f:2000:15:e39e:8900:93a1	16509 (AMAZON-02) (AMAZON-02)
63	12

2 2a01:e0c:1:1599::29 (France) 2 redirects

ASN12322 (PROXAD, FR)

s.free.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.236.16.207 (Russian Federation) 1 redirects

ASN198610 (BEGET-AS, RU)
PTR: ssl.picard.beget.com

mg-kadastr.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.185.211.152 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: br14-ip06.hostgator.com.br

videnteluiza.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 34.149.53.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.53.149.34.bc.googleusercontent.com

banking.postbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2251:1800:13:46b5:7d80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.deutsche-bank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1901:0:c07c:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.120.213.176 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.213.120.34.bc.googleusercontent.com

api.olb.postbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.221.85.3 (Ireland)

ASN206998 (NEW-2, IE)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:5987:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

app.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:256b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

aggregator.service.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7903:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

graphql.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.108.180 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 180.108.95.34.bc.googleusercontent.com

uct.service.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:2000:15:e39e:8900:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.postbank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	postbank.de 1 redirects banking.postbank.de — Cisco Umbrella Rank: 392038 api.olb.postbank.de — Cisco Umbrella Rank: 318839 www.postbank.de — Cisco Umbrella Rank: 265261	1 MB
12	usercentrics.eu api.usercentrics.eu — Cisco Umbrella Rank: 12544 app.usercentrics.eu — Cisco Umbrella Rank: 12495 aggregator.service.usercentrics.eu — Cisco Umbrella Rank: 14691 graphql.usercentrics.eu — Cisco Umbrella Rank: 15112 uct.service.usercentrics.eu — Cisco Umbrella Rank: 19506	21 KB
3	deutsche-bank.de www.deutsche-bank.de — Cisco Umbrella Rank: 175658	53 KB
2	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 8340	2 KB
2	mg-kadastr.ru 1 redirects mg-kadastr.ru	722 B
2	free.fr 2 redirects s.free.fr	424 B
1	videnteluiza.com.br videnteluiza.com.br	290 B
63	7

	Domain	Requested by
38	banking.postbank.de	banking.postbank.de
6	api.olb.postbank.de	1 redirects banking.postbank.de
6	api.usercentrics.eu	banking.postbank.de
3	www.deutsche-bank.de	client www.deutsche-bank.de
2	graphql.usercentrics.eu	banking.postbank.de
2	aggregator.service.usercentrics.eu	banking.postbank.de
2	bam.eu01.nr-data.net	banking.postbank.de
2	mg-kadastr.ru	1 redirects
2	s.free.fr	2 redirects
1	www.postbank.de
1	uct.service.usercentrics.eu
1	app.usercentrics.eu
1	videnteluiza.com.br
63	13

This site contains links to these domains. Also see Links.

Domain
www.postbank.de

Subject Issuer	Validity	Valid
maejadedoamor.com.br R3	`2022-11-23` - `2023-02-21`	3 months	crt.sh
banking.postbank.de DigiCert EV RSA CA G2	`2022-10-21` - `2023-10-24`	a year	crt.sh
www.deutsche-bank.de DigiCert EV RSA CA G2	`2022-11-15` - `2023-11-14`	a year	crt.sh
api.usercentrics.eu GTS CA 1D4	`2022-12-12` - `2023-03-12`	3 months	crt.sh
api.olb.postbank.de DigiCert EV RSA CA G2	`2022-06-02` - `2023-06-02`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-24` - `2023-02-09`	a year	crt.sh
app.usercentrics.eu GTS CA 1D4	`2022-12-14` - `2023-03-14`	3 months	crt.sh
aggregator.service.usercentrics.eu GTS CA 1D4	`2022-12-05` - `2023-03-05`	3 months	crt.sh
graphql.usercentrics.eu GTS CA 1D4	`2022-12-16` - `2023-03-16`	3 months	crt.sh
uct.service.usercentrics.eu GTS CA 1D4	`2022-12-03` - `2023-03-03`	3 months	crt.sh
postbank.de DigiCert EV RSA CA G2	`2022-09-15` - `2023-09-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://banking.postbank.de/
Frame ID: DDE53ACE725BFA94F39447CB6569F598
Requests: 54 HTTP requests in this frame

Frame: https://banking.postbank.de/assets/scripts/cross-domain-bridge.html
Frame ID: 67E79424B2D06ACA4C0AC8D49AD25C33
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Postbank Banking & Brokerage

Page URL History Show full URLs

https://s.free.fr/7XHFwbeL HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/ Page URL
https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/ Page URL
https://banking.postbank.de/ Page URL

Page Statistics

63
Requests

97 %
HTTPS

54 %
IPv6

7
Domains

13
Subdomains

12
IPs

4
Countries

1235 kB
Transfer

3802 kB
Size

7
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postbank.de/redirects/gutzuwissen-banking-login.html
Title: Informationen für Privatkunden

Search URL Search Domain Scan URL

URL: https://www.postbank.de/umzug-gk
Title: Informationen für Geschäftskunden

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/banking-und-brokerage/postbank-id.html
Title: Postbank ID einrichten

Search URL Search Domain Scan URL

URL: https://www.postbank.de/privatkunden/services/sicherheit/aktuelle-hinweise.html
Title: Zu den Sicherheitshinweisen

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_erste-schritte.html
Title: Erste Schritte

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_terminvereinbarung.html
Title: Terminvereinbarung

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_kontakt.html
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_impressum.html
Title: Impressum

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_rechtshinweise.html
Title: Rechtshinweise

Search URL Search Domain Scan URL

URL: https://www.postbank.de/redirects/redirect_banking_datenschutz.html
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.free.fr/7XHFwbeL HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/ Page URL
https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/ Page URL
https://banking.postbank.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://s.free.fr/7XHFwbeL HTTP 301
http://mg-kadastr.ru/zan HTTP 301
http://mg-kadastr.ru/zan/

Request Chain 1

https://s.free.fr/7gHzigMh HTTP 301
https://videnteluiza.com.br/work/apps/

Request Chain 20

https://api.olb.postbank.de/oneid/am/oauth2/realms/root/realms/consumer/authorize?client_id=163440-1_onlineBankingClient&redirect_uri=https%3A%2F%2Fapi.olb.postbank.de%2Foneid%2Fam%2FisAlive.jsp&response_type=code&scope=openid&state=NjExMjMxOTYxOTU2MDg2MzcxMjEyNDcxODYxODIyMDcxODEyMTM0NDcw&code_challenge=bjeVZk5C25SlhrT-_h0wy2koeVqSiUheeYljwi8En-s&code_challenge_method=S256 HTTP 302
https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer

63 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/
mg-kadastr.ru/zan/
Redirect Chain

https://s.free.fr/7XHFwbeL
http://mg-kadastr.ru/zan
http://mg-kadastr.ru/zan/

72 B
468 B

198ms
197ms

Document
text/html

87.236.16.207
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://mg-kadastr.ru/zan/
Protocol: HTTP/1.1
Server: 87.236.16.207 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.picard.beget.com
Software: nginx-reuseport/1.21.1 / PHP/7.4.33
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 72
Content-Type: text/html; charset=UTF-8
Date: Fri, 23 Dec 2022 10:07:02 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=30
Pragma: no-cache
Server: nginx-reuseport/1.21.1
X-Powered-By: PHP/7.4.33

Redirect headers

Connection: keep-alive
Content-Length: 310
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 23 Dec 2022 10:07:02 GMT
Keep-Alive: timeout=30
Location: http://mg-kadastr.ru/zan/
Server: nginx-reuseport/1.21.1

GET
H2

200

/ Show response
videnteluiza.com.br/work/apps/
Redirect Chain

https://s.free.fr/7gHzigMh
https://videnteluiza.com.br/work/apps/

74 B
290 B

1356ms
438ms

Document
text/html

192.185.211.152
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://videnteluiza.com.br/work/apps/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 192.185.211.152 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: br14-ip06.hostgator.com.br
Software: Apache /
Resource Hash: 40d1112aebbc8859f9083d0a35a2c4e9b9469631c3a547afd440021f9c036c4b

Request headers

Referer: http://mg-kadastr.ru/zan/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
accept-language: fr-FR,fr;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 89
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 10:07:04 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

Redirect headers

Connection: keep-alive
Content-Length: 64
Content-Type: application/json
Date: Fri, 23 Dec 2022 10:07:03 GMT
Location: https://videnteluiza.com.br/work/apps/
Server: nginx/1.10.3

GET
H2 200 Primary Request / Show response
banking.postbank.de/ 8 KB
3 KB 97ms
36ms Document
text/html 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

726d96c24743d594b58bfae32b516a63bd1504eb011e88c620c0a4bdc952d017

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://videnteluiza.com.br/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-encoding: gzip
content-length: 2613
content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
content-type: text/html
date: Fri, 23 Dec 2022 10:07:04 GMT
etag: "63a4b9f7-a35"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Thu, 22 Dec 2022 20:11:35 GMT
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
referrer-policy: strict-origin
server: Google Frontend
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-cloud-trace-context: fa91581c8d06c3e569c06f3cffdb1ba0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 newrelic-loader-1216.js Show response
banking.postbank.de/assets/ 31 KB
11 KB 38ms
32ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/newrelic-loader-1216.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

7140f31352daaa6f5ff736c28cd2420d213d03f975aac693075f480f7167badb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10955
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-2acb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 2aa83dcc5b30c64b515133c17dc170fa
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 usercentrics-loader-3.6.0-20221121.js Show response
banking.postbank.de/assets/ 602 B
494 B 70ms
66ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/usercentrics-loader-3.6.0-20221121.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

8e774cc0790fa0338b5a30dc3629c5a28df695a2b653cd6c6bf847cc6b810f5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 382
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-17e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: d93cbee90778257e1ceef1f529106c01
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 runtime.01f3f41549a6fa9b.js Show response
banking.postbank.de/ 5 KB
3 KB 44ms
40ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/runtime.01f3f41549a6fa9b.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

18c7396fb1d1ffdc0ba9e84edeaaabb79fde35bca3c27cdfac938df70e8ee422

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2946
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:43 GMT
server: Google Frontend
etag: "63a4a523-b82"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: bae0453f1763c1d12dd714c10475701d
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 polyfills.355997a7c40d2123.js Show response
banking.postbank.de/ 33 KB
12 KB 39ms
36ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/polyfills.355997a7c40d2123.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

b958adbf03969cdce156b0505777931d85b392495f586962d3549f6cd15f9995

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12016
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-2ef0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: ed10341a81981bc3261203ebb8ab0522
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 scripts.d056530755f64853.js Show response
banking.postbank.de/ 100 B
125 B 33ms
33ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/scripts.d056530755f64853.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

2ad09e58540e6948ba7966dc213ad1152344604e0dd88f6136ad870ec032eb80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:43 GMT
server: Google Frontend
etag: "63a4a523-61"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 6de7eabe92fcd9e32a47b3a4e2c07b6b
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.2000480bce865967.js Show response
banking.postbank.de/ 1 MB
337 KB 44ms
42ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/main.2000480bce865967.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

331d3b4195648bf9dd50856aae8afa57cc7a63e87c7accdc4696294b5f79ab80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344666
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-5425a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 2a5c27a16be46b3acf7ea2ce04ec1965
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fonts.css
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 1 KB
859 B 91ms
31ms Stylesheet
text/css 2600:9000:2251:1800:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1800:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 10:07:04 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
content-security-policy: frame-ancestors https://*.deutsche-bank.de
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 226
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMTlwSWc3eitGUlZqNkNQb0M4dDZNbzZSUy91ejAyc0gxdz0=
vary: Accept-Encoding,Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: rjQxKaW2sobk5OnEuKdt6SrI3yOBDmhMJGRN7jvjlqI2XEYbROz5VA==
expires: Sat, 23 Dec 2023 10:07:04 GMT

GET
H3 200 styles.7e951e037954eb40.css
banking.postbank.de/ 268 KB
40 KB 36ms
36ms Stylesheet
text/css 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/styles.7e951e037954eb40.css

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

40556cceb57bc41c7fd9bc43df0e46e546f9729e57589cb7548e9fd7f02cdbf3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41203
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:43 GMT
server: Google Frontend
etag: "63a4a523-a0f3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-cloud-trace-context: 07f0c3be4687256bde027006032d6124
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 usercentrics-3.6.0.js Show response
banking.postbank.de/assets/scripts/ 600 KB
168 KB 34ms
34ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/scripts/usercentrics-3.6.0.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

f4887682931c3805d1b837914ac30db2a54cee7a49074844339107f916930a03

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 171666
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-29e92"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 3d9a8ae6496f8987433fe931b279423d
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pb-logo-splash.cbbf15e67c60fec9.svg
banking.postbank.de/ 2 KB
764 B 33ms
33ms Image
image/svg+xml 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.postbank.de/pb-logo-splash.cbbf15e67c60fec9.svg

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

fdff80a70c9c788e4c93d02eff684aa381d0f26bf9565edfd1bfdb15c602b4e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 736
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-2e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cloud-trace-context: e9c0647d5e743f8356a29349cfc0972f
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:04 GMT

GET
H2 200 FrutigerLTW05-55Roman.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 25 KB
26 KB 83ms
36ms Font
font/woff2 2600:9000:2251:1800:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-55Roman.woff2

Requested by

Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1800:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 10:07:04 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.deutsche-bank.de
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 25764
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMTlVcHBiY0ZhTHd5Nk82VFlNYVllM1FZblM5THJtRDdrUT0=
vary: Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 9KQGGSbrWDzWultkLjy2-RViYAOs379gpc6_NALz_4eIkDI93sAaRw==
expires: Sat, 23 Dec 2023 10:07:04 GMT

GET
H3 200 config.json Show response
banking.postbank.de/assets/ 6 KB
2 KB 36ms
35ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/config.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

98fdb75aade88f762769eb61c5d0b14431c2604abde98cea84d0d4c774e613f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
tracestate: 2988442@nr=0-1-3497424-433704598-e0fafaaff970fb3a----1671790024906
traceparent: 00-7af6c51e19daacadacb0ff9e0c8fc515-e0fafaaff970fb3a-01
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiZTBmYWZhYWZmOTcwZmIzYSIsInRyIjoiN2FmNmM1MWUxOWRhYWNhZGFjYjBmZjllMGM4ZmM1MTUiLCJ0aSI6MTY3MTc5MDAyNDkwNiwidGsiOiIyOTg4NDQyIn19

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1560
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-618"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 7af6c51e19daacadacb0ff9e0c8fc515;o=1
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:04 GMT

GET
H3 200 version.json Show response
banking.postbank.de/assets/ 75 B
117 B 32ms
32ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/version.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

f2c2d17654339026935b8499f09924a99004b0896bf90984e2044e9316ce6359

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
tracestate: 2988442@nr=0-1-3497424-433704598-070678cd76624390----1671790024907
traceparent: 00-0a1c2b2d73f1d554b1b8416814ec7e26-070678cd76624390-01
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiMDcwNjc4Y2Q3NjYyNDM5MCIsInRyIjoiMGExYzJiMmQ3M2YxZDU1NGIxYjg0MTY4MTRlYzdlMjYiLCJ0aSI6MTY3MTc5MDAyNDkwNywidGsiOiIyOTg4NDQyIn19

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-59"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 0a1c2b2d73f1d554b1b8416814ec7e26;o=1
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:04 GMT

GET
H3 200 feature-flags.json Show response
banking.postbank.de/assets/ 222 B
195 B 33ms
33ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/feature-flags.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

13438f644656febe76455874eb31508edd48c7bcb36d44e16dc0123f79ea9955

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
tracestate: 2988442@nr=0-1-3497424-433704598-9b83955f68ad70f1----1671790024908
traceparent: 00-2be01613a30287ac0dfd708935c52937-9b83955f68ad70f1-01
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiOWI4Mzk1NWY2OGFkNzBmMSIsInRyIjoiMmJlMDE2MTNhMzAyODdhYzBkZmQ3MDg5MzVjNTI5MzciLCJ0aSI6MTY3MTc5MDAyNDkwOCwidGsiOiIyOTg4NDQyIn19

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 167
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-a7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 2be01613a30287ac0dfd708935c52937
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:04 GMT

OPTIONS
H2 200 languages.json
api.usercentrics.eu/settings/xSrVHkQp_/latest/ Frame 0
0 75ms
34ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/xSrVHkQp_/latest/languages.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 10:07:04 GMT
expires: Fri, 23 Dec 2022 10:07:04 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: FR,
x-guploader-uploadid: ADPycdsK6-s9UULu4EL6Xc3_qXUtBDvlXPo9aQ9TbRPrsb85VEuxldkB3g3NTtZw8OT6-63tB0c4Eo9GriuAtJIGcio4h2YTvJ04

GET
H3 200 languages.json Show response
api.usercentrics.eu/settings/xSrVHkQp_/latest/ 66 B
104 B 91ms
51ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/xSrVHkQp_/latest/languages.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

eb3f4cf387fca0337770c0919834536dca1fc6c95ec5d142c46537a0f20ec14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: application/json

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 0
x-client-geo-location: FR,
x-guploader-uploadid: ADPycdvMdB7gD9HKoFpOw3Hhzj1EVQvGxDG0nExaq0vVFL9ZgYCsfw0EaCDFjkRuMJrHX3QbMpbr7dbsFQzK_YT_HsrVRxIKNM8T
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71
last-modified: Thu, 08 Dec 2022 17:03:21 GMT
server: UploadServer
etag: "645afc9e7aa2c884f8a470fd78671460"
vary: Accept-Encoding
x-goog-generation: 1670519001429292
x-goog-hash: crc32c=VEQXGw==, md5=ZFr8nnqiyIT4pHD9eGcUYA==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=1800, s-maxage=10
x-goog-stored-content-length: 71
accept-ranges: bytes
content-type: application/json
expires: Fri, 23 Dec 2022 10:07:15 GMT

GET
H3 200 newrelic-agent-1216.js Show response
banking.postbank.de/assets/scripts/ 49 KB
18 KB 33ms
32ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/scripts/newrelic-agent-1216.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

b1537e2e3b6b20b2e1e5a07cfcb747c7792751445a72c0d3c2fb4ac7660ad0c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:04 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18186
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-470a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 1503889359840dca57a6349639807b46
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

OPTIONS
H2 200 authorize
api.olb.postbank.de/oneid/am/oauth2/realms/root/realms/consumer/ Frame 0
0 89ms
34ms Preflight 34.120.213.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.olb.postbank.de/oneid/am/oauth2/realms/root/realms/consumer/authorize?client_id=163440-1_onlineBankingClient&redirect_uri=https%3A%2F%2Fapi.olb.postbank.de%2Foneid%2Fam%2FisAlive.jsp&response_type=code&scope=openid&state=NjExMjMxOTYxOTU2MDg2MzcxMjEyNDcxODYxODIyMDcxODEyMTM0NDcw&code_challenge=bjeVZk5C25SlhrT-_h0wy2koeVqSiUheeYljwi8En-s&code_challenge_method=S256

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.213.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.213.120.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.postbank.de
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

accept: */*
accept-encoding: gzip, deflate, br
access-control-allow-credentials: true
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
access-control-allow-origin: https://banking.postbank.de
access-control-max-age: 3628800
access-control-request-headers: apikey,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate
access-control-request-method: GET
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
content-security-policy: frame-ancestors https://*.postbank.de
date: Fri, 23 Dec 2022 10:07:05 GMT
grpc-trace-bin: AABpAMzuiyo3D2voTuR4vMBVAT254W9Y93lAAgA
origin: https://banking.postbank.de
pragma: no-cache
referer: https://banking.postbank.de/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-6900ccee8b2a370f6be84ee478bcc055-3db9e16f58f77940-00
user-agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
via: 1.1 google, 1.1 google
x-b3-sampled: 0
x-b3-spanid: 3db9e16f58f77940
x-b3-traceid: 6900ccee8b2a370f6be84ee478bcc055
x-client-geo-location: , FR,,
x-cloud-trace-context: 6900ccee8b2a370f6be84ee478bcc055/4447833975355308352;o=0
x-forwarded-for: 92.222.212.18, 34.120.213.176,100.80.224.117
x-forwarded-proto: https
x-frame-options: DENY
x-request-id: deca6261-e862-4e77-968d-7119cfe553b9
x-sf-cors: true

GET
H3

404

/
api.olb.postbank.de/oneid/am/XUI/
Redirect Chain

https://api.olb.postbank.de/oneid/am/oauth2/realms/root/realms/consumer/authorize?client_id=163440-1_onlineBankingClient&redirect_uri=https%3A%2F%2Fapi.olb.postbank.de%2Foneid%2Fam%2FisAlive.jsp&re...
https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer

0
0

52ms
51ms

Fetch

34.120.213.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer

Protocol

Server

34.120.213.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.213.120.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
via: 1.1 google
strict-transport-security: max-age=31536000; includeSubDomains
x-sf-cors: true
access-control-max-age: 3628800
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
access-control-allow-origin: https://banking.postbank.de
x-frame-options: DENY
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt
content-length: 0
x-request-id: 51cfab19-6e4b-43b4-8ea3-6ce9eded2751

Redirect headers

date: Fri, 23 Dec 2022 10:07:04 GMT
content-security-policy: frame-ancestors https://*.postbank.de
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google
x-sf-cors: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: ca9835f1-3bd6-426d-a1ee-090073612102
pragma: no-cache
access-control-max-age: 3628800
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
location: https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer
access-control-allow-origin: https://banking.postbank.de
cache-control: no-store
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN,DENY
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt

GET
H/1.1 200
OK NRJS-7200c241d4b12b5d9b7 Show response
bam.eu01.nr-data.net/1/ 49 B
985 B 210ms
103ms Script
text/javascript 185.221.85.3
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-7200c241d4b12b5d9b7?a=433704598&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=485&ck=1&ref=https://banking.postbank.de/&be=158&fe=444&dc=401&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1671790024508,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:23,%22c%22:23,%22s%22:41,%22ce%22:63,%22rq%22:63,%22rp%22:98,%22rpe%22:101,%22dl%22:108,%22di%22:172,%22ds%22:401,%22de%22:401,%22dc%22:444,%22l%22:444,%22le%22:445%7D,%22navigation%22:%7B%7D%7D&fp=269&fcp=415&jsonp=NREUM.setToken
Requested by: Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.85.3 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

Date: Fri, 23 Dec 2022 10:07:05 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 5
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V83LAlYUMrpKjV4SaHAwyT%2FvoGazgmACFmmoUViHxuOfkCiyVQpY8nWOwewaYbCBBAnGAiFs9qlOOwtVixyeyCTAKKBpHppXyBpaaIfMNZjGCSYwfOqhyimHm1cZ6WImRd0N3kxz"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
CF-Ray: 77e049c8ed9ad682-CDG

GET
H3 200 de.json Show response
api.usercentrics.eu/settings/xSrVHkQp_/latest/ 27 KB
8 KB 74ms
73ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/xSrVHkQp_/latest/de.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0c5322b13117ccec730622f7b4e1485fdc12705f0416445247f132c0675964a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: application/json

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 0
x-client-geo-location: FR,
x-guploader-uploadid: ADPycdtSFbwStHDfm4y9OXPgB0WIr7CX1oWVsXL7ZEjdfQtuPVYthqvYbAlTDfUK4cJE3EruUuEOveYLDl1j7wQ_Q_gVNbC8ncP_
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8580
last-modified: Thu, 08 Dec 2022 17:03:21 GMT
server: UploadServer
etag: "7b15a65692e7e5800e122ed639613398"
vary: Accept-Encoding
x-goog-generation: 1670519001419794
x-goog-hash: crc32c=3HCy4w==, md5=exWmVpLn5YAOEi7WOWEzmA==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=1800, s-maxage=10
x-goog-stored-content-length: 8580
accept-ranges: bytes
content-type: application/json
expires: Fri, 23 Dec 2022 10:07:15 GMT

OPTIONS
H3 200 de.json
api.usercentrics.eu/settings/xSrVHkQp_/latest/ Frame 0
0 40ms
39ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/xSrVHkQp_/latest/de.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 10:07:05 GMT
expires: Fri, 23 Dec 2022 10:07:05 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: FR,
x-guploader-uploadid: ADPycdv_s0kh5Pfr_YgWEufVMr3su6ujeaKCng134HIHbSixBOwWYXZDmp5sVGsIuahc52SAEpjcalFuFZC1aVvY3CKIfVeJpfWf

OPTIONS
H3 200 /
api.olb.postbank.de/oneid/am/XUI/ Frame 0
0 59ms
36ms Preflight 34.120.213.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.213.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.213.120.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.postbank.de
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: apikey,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

accept: */*
accept-encoding: gzip, deflate, br
access-control-allow-credentials: true
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
access-control-allow-origin: https://banking.postbank.de
access-control-max-age: 3628800
access-control-request-headers: apikey,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate
access-control-request-method: GET
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
content-security-policy: frame-ancestors https://*.postbank.de
date: Fri, 23 Dec 2022 10:07:05 GMT
grpc-trace-bin: AABLyznjYuw8d+mlJUqFWJrrAbkdVNfZ8MAKAgA
origin: https://banking.postbank.de
pragma: no-cache
referer: https://banking.postbank.de/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-4bcb39e362ec3c77e9a5254a85589aeb-b91d54d7d9f0c00a-00
user-agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
via: 1.1 google, 1.1 google
x-b3-sampled: 0
x-b3-spanid: b91d54d7d9f0c00a
x-b3-traceid: 4bcb39e362ec3c77e9a5254a85589aeb
x-client-geo-location: , FR,,
x-cloud-trace-context: 4bcb39e362ec3c77e9a5254a85589aeb/13338910957392412682;o=0
x-forwarded-for: 92.222.212.18, 34.120.213.176,100.80.224.118
x-forwarded-proto: https
x-frame-options: DENY
x-request-id: 7383d0cd-1591-44c1-94ae-64dca6c7fcb6
x-sf-cors: true

GET
H3 200 cross-domain-bridge.html Show response
banking.postbank.de/assets/scripts/ Frame 67E7 5 KB
1 KB 32ms
32ms Document
text/html 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/scripts/cross-domain-bridge.html

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-encoding: gzip
content-length: 1117
content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
content-type: text/html
date: Fri, 23 Dec 2022 10:07:05 GMT
etag: "63a4a521-45d"
expires: Thu, 01 Jan 1970 00:00:01 GMT
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
referrer-policy: strict-origin
server: Google Frontend
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 google
x-cloud-trace-context: f5be6bb19a4e4ac51fd4e2992cf35c4d
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 unity-icons-pb.svg Show response
banking.postbank.de/assets/icons/ 474 KB
103 KB 35ms
35ms XHR
image/svg+xml 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/icons/unity-icons-pb.svg

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

d8eb29b019b56d4329222868197d6872582414d6fafb8bbeeb19df066220a036

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

tracestate: 2988442@nr=0-1-3497424-433704598-f4f0115ba8c18bab----1671790025262
traceparent: 00-de31039ff6827817a1e7a25ac384bb90-f4f0115ba8c18bab-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiZjRmMDExNWJhOGMxOGJhYiIsInRyIjoiZGUzMTAzOWZmNjgyNzgxN2ExZTdhMjVhYzM4NGJiOTAiLCJ0aSI6MTY3MTc5MDAyNTI2MiwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: image/svg+xml
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 105332
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-19b74"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cloud-trace-context: de31039ff6827817a1e7a25ac384bb90;o=1
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:05 GMT

GET
H3 200 db-icons.svg Show response
banking.postbank.de/assets/icons/ 202 KB
56 KB 32ms
32ms XHR
image/svg+xml 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/icons/db-icons.svg

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

6c98d103cf805e408fb4ade0e1d9d3d8d028ac388ec6b505613c110cc235b657

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

tracestate: 2988442@nr=0-1-3497424-433704598-4b0c27c239a4643e----1671790025263
traceparent: 00-8db4b26d4ce2b3ef72ce24463d71f9e2-4b0c27c239a4643e-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiNGIwYzI3YzIzOWE0NjQzZSIsInRyIjoiOGRiNGIyNmQ0Y2UyYjNlZjcyY2UyNDQ2M2Q3MWY5ZTIiLCJ0aSI6MTY3MTc5MDAyNTI2MywidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: image/svg+xml
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57497
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-e099"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cloud-trace-context: 8db4b26d4ce2b3ef72ce24463d71f9e2;o=1
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:05 GMT

GET
H3 200 de.json Show response
banking.postbank.de/assets/i18n/ 4 KB
2 KB 38ms
38ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/i18n/de.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

13ef1b93b8487ada89656524c92368cca282fd8883a92de3a017eb959ea3af0b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

tracestate: 2988442@nr=0-1-3497424-433704598-a748de4f58edd813----1671790025268
traceparent: 00-3b2c276451bc55f4d466634cef30c8ad-a748de4f58edd813-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiYTc0OGRlNGY1OGVkZDgxMyIsInRyIjoiM2IyYzI3NjQ1MWJjNTVmNGQ0NjY2MzRjZWYzMGM4YWQiLCJ0aSI6MTY3MTc5MDAyNTI2OCwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1556
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-614"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 3b2c276451bc55f4d466634cef30c8ad
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 de-pb.json Show response
banking.postbank.de/assets/i18n/ 262 B
222 B 39ms
38ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/i18n/de-pb.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

c6abd802dd894e993a2b595181e66da2523e63968a5df1b515214a7050e8824c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

tracestate: 2988442@nr=0-1-3497424-433704598-8ede0a48d5bd5544----1671790025269
traceparent: 00-39cbc65a87dd16ffc4ecf02bd4d8e846-8ede0a48d5bd5544-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiOGVkZTBhNDhkNWJkNTU0NCIsInRyIjoiMzljYmM2NWE4N2RkMTZmZmM0ZWNmMDJiZDRkOGU4NDYiLCJ0aSI6MTY3MTc5MDAyNTI2OSwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 193
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-c1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 39cbc65a87dd16ffc4ecf02bd4d8e846
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 5583.c547d850eb416227.js Show response
banking.postbank.de/ 12 KB
3 KB 36ms
35ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/5583.c547d850eb416227.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

82c3224e44c022d3636c74a17519d712b990bf90a95ee8ccf481bb1b6a9ce277

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3461
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-d85"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 81508d93c4c83d5b8544cb01c776fc87
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 6081.82fff9810dfcdee2.js Show response
banking.postbank.de/ 32 KB
8 KB 34ms
34ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/6081.82fff9810dfcdee2.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

70c9e0dc148ebddca6529f517e8aacfe87992d4c82432f83666bce17e04a6121

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7973
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-1f25"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: b61cf80625b71f967a1bfef07aebd8d2
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 translations-de.json Show response
api.usercentrics.eu/translations/ 7 KB
3 KB 22ms
21ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-de.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

28d967ee9f4817230c9e4684f4e7831848e20ff45afb7432d57c25f7a32cf1aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: application/json

Response headers

date: Thu, 22 Dec 2022 12:10:47 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 78978
x-client-geo-location: FR,
x-guploader-uploadid: ADPycdsIdFF_gaX3okljYZXOd0PUcztaFB7ebUZ8V_PjteNdbMFtAcu04Z0RkLT6YZX88uNCffyYebJqy9PltKHjDRiZYoBC4fBH
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2617
last-modified: Wed, 14 Dec 2022 10:42:59 GMT
server: UploadServer
etag: "1e6c18ba1562fb68d61f476e99b573d0"
vary: Accept-Encoding
x-goog-generation: 1671014579678260
x-goog-hash: crc32c=En4/eg==, md5=HmwYuhVi+2jWH0dumbVz0A==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400, s-maxage=86400
x-goog-stored-content-length: 2617
accept-ranges: bytes
content-type: application/json
expires: Fri, 23 Dec 2022 12:10:47 GMT

GET
H2 200 1px.png
app.usercentrics.eu/session/ 489 B
1 KB 61ms
20ms Image
image/png 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.usercentrics.eu/session/1px.png?settingsId=xSrVHkQp_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 09:54:41 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 744
x-guploader-uploadid: ADPycdser5VLV-qulW_krI3ijXJEYmIDfYlJuefhGfnZIn7h0gcDWtjFMH_F0Sc_AcDz7FV7BWfeEnbiESFpeUBYAKL_DjGxXopt
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 522
last-modified: Fri, 08 May 2020 09:06:13 GMT
server: UploadServer
etag: "3702ada73b8951017b8451cbd6a96523"
x-goog-generation: 1588928773413784
x-goog-hash: crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
content-type: image/png
cache-control: public,max-age=1800,no-transform
x-goog-stored-content-length: 522
accept-ranges: bytes
expires: Fri, 23 Dec 2022 10:24:41 GMT

OPTIONS
H3 200 translations-de.json
api.usercentrics.eu/translations/ Frame 0
0 32ms
32ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-de.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 23 Dec 2022 10:07:05 GMT
expires: Fri, 23 Dec 2022 10:07:05 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: FR,
x-guploader-uploadid: ADPycds8Qpm2VWi5_ea_sHoJ_QEoTo2noudFOPWpO37U_3khiePy5ptjWbwmVATC6M15c3fdT9exaXkf5lZaQMf3ZJByDZ7KInG2

GET
H3 200 4469.a9c17daa294cc86e.js Show response
banking.postbank.de/ 14 KB
4 KB 31ms
31ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/4469.a9c17daa294cc86e.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

9743413064bd2a917008f150ecc7c4b22aeea102f079fc9b78daefe9c919ed02

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4441
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-1159"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 969a4e833c8e3b4b806159c2907bf2e8
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 common.ee8dbcf5384299c5.js Show response
banking.postbank.de/ 36 KB
10 KB 35ms
34ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/common.ee8dbcf5384299c5.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

95e2b9ce21a0f18646f678d0132e229e8513238e0102d1b2412cea280c2800f3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9755
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:35 GMT
server: Google Frontend
etag: "63a4b9f7-261b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 3df2a7eecd919e8d88aa30844852fe4b
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 4709.5ee78c882435d35c.js Show response
banking.postbank.de/ 42 KB
9 KB 33ms
33ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/4709.5ee78c882435d35c.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

297b94c863bb2210dbc9d742bd8d97730392fe5ce3be478076170a9350d20460

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8982
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-2316"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 8c9d561c2b703291142e1b4456b82414
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

OPTIONS
H3 200 authenticate
api.olb.postbank.de/oneid/am/json/realms/root/realms/consumer/ Frame 0
0 34ms
34ms Preflight 34.120.213.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.olb.postbank.de/oneid/am/json/realms/root/realms/consumer/authenticate?ForceAuth=true&authIndexType=service&authIndexValue=onlineBanking

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.213.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.213.120.34.bc.googleusercontent.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.postbank.de
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: accept-api-version,apikey,content-type,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate,x-requested-with
Access-Control-Request-Method: POST
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

accept: */*
accept-encoding: gzip, deflate, br
access-control-allow-credentials: true
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
access-control-allow-origin: https://banking.postbank.de
access-control-max-age: 3628800
access-control-request-headers: accept-api-version,apikey,content-type,deuba-client-brand,deuba-client-id,deuba-client-os,deuba-client-os-version,deuba-client-version,deuba-correlation-id,newrelic,traceparent,tracestate,x-requested-with
access-control-request-method: POST
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
content-length: 0
content-security-policy: frame-ancestors https://*.postbank.de
date: Fri, 23 Dec 2022 10:07:05 GMT
grpc-trace-bin: AACZRot2312Un5AtaiN0G0lmAejhXl895VSzAgA
origin: https://banking.postbank.de
pragma: no-cache
referer: https://banking.postbank.de/
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
strict-transport-security: max-age=31536000; includeSubDomains
traceparent: 00-99468b76df5d949f902d6a23741b4966-e8e15e5f3de554b3-00
user-agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
via: 1.1 google, 1.1 google
x-b3-sampled: 0
x-b3-spanid: e8e15e5f3de554b3
x-b3-traceid: 99468b76df5d949f902d6a23741b4966
x-client-geo-location: , FR,,
x-cloud-trace-context: 99468b76df5d949f902d6a23741b4966/16780797449712522419;o=0
x-forwarded-for: 92.222.212.18, 34.120.213.176,100.80.224.114
x-forwarded-proto: https
x-frame-options: DENY
x-request-id: d316eb0e-137b-43a3-98a1-d3b251aca3a4
x-sf-cors: true

GET
H3 200 8931.97d9a897b45c1b36.js Show response
banking.postbank.de/ 6 KB
3 KB 32ms
32ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/8931.97d9a897b45c1b36.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

73dd708e5be3836d6dc50f66dff0f316b27359462e921439644d05446ca654e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2763
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-acb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 2e09b1a47d72efffb60cf321eae6c085
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 3806.58e8a07c2956933d.js Show response
banking.postbank.de/ 12 KB
3 KB 33ms
33ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/3806.58e8a07c2956933d.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

ac5f24cfada3169aaa9c8db87591aaae27b95141d2cbf70fed58518bea762e5e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3329
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-d01"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 5b47d2081fefc083135cd938c2c95b22
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 4752.130dd8b84e84a2fc.js Show response
banking.postbank.de/ 84 KB
19 KB 36ms
36ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/4752.130dd8b84e84a2fc.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

a492bdcde3612f1582bc47b59ac7749a87946b7126755ef98bc39a844335e75e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19005
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-4a3d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: cf4459eb42f161f6f49e2fe6121c09ad
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 5979.4a172f4c236c5d66.js Show response
banking.postbank.de/ 28 KB
5 KB 34ms
34ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/5979.4a172f4c236c5d66.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

93d0eea5287871c395613bf988f7c964ce5e200f83c0262c0cbaabbcdea81531

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5408
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-1520"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: b6c39778eb490d7f2622f729bb67d44c
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 5744.bb8c2b6065d72516.js Show response
banking.postbank.de/ 13 KB
2 KB 33ms
32ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/5744.bb8c2b6065d72516.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

5338c67bc5e33a9493ee41af624a6794a92d169301b99e9f2e9d61baab1fcd94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2324
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:40 GMT
server: Google Frontend
etag: "63a4a520-914"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: f56c593082866b24020632881b3c153d
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 9749.675405d8dc820b42.js Show response
banking.postbank.de/ 15 KB
4 KB 35ms
35ms Script
application/javascript 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/9749.675405d8dc820b42.js

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

45c703229b2183bef4a55049c405d11e7fbca1bad031b8adc789474f7cf4518c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://banking.postbank.de/
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4409
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-1139"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-cloud-trace-context: 936d295e02bde40b3a356db7e20e1d62
cache-control: max-age=315360000
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3 200 authenticate Show response
api.olb.postbank.de/oneid/am/json/realms/root/realms/consumer/ 3 KB
3 KB 74ms
73ms Fetch
application/json 34.120.213.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.olb.postbank.de/oneid/am/json/realms/root/realms/consumer/authenticate?ForceAuth=true&authIndexType=service&authIndexValue=onlineBanking

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.120.213.176 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.213.120.34.bc.googleusercontent.com

Software

Resource Hash

d4c2da0c7d693f81f6c2875f0fe27c002cd28f7cd2374bebd46bc8b8b4915961

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.postbank.de
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY

Request headers

accept-api-version: protocol=1.0,resource=2.1
tracestate: 2988442@nr=0-1-3497424-433704598-5c7259f834994cc5----1671790025429
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
accept-language: fr-FR,fr;q=0.9
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiNWM3MjU5ZjgzNDk5NGNjNSIsInRyIjoiZTJlODk0YWZjOTM4YjQ3MDY5MzMxODI1NDI4MzliMDMiLCJ0aSI6MTY3MTc5MDAyNTQyOSwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
x-requested-with: forgerock-sdk
deuba-client-brand: poba
traceparent: 00-e2e894afc938b4706933182542839b03-5c7259f834994cc5-01
deuba-client-os: Android 11
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: application/json
accept: application/json
Referer: https://banking.postbank.de/
deuba-correlation-id: c194b38c-7a09-42fc-85e8-a7ab8215ee48
apikey: yBm1A2l9Q8JYHx1TEc6hpuGBG69lypYtMUXX3oUuOl0tKGEr
deuba-client-id: poba-onlinebanking

Response headers

date: Fri, 23 Dec 2022 10:07:04 GMT
content-security-policy: frame-ancestors https://*.postbank.de
via: 1.1 google
strict-transport-security: max-age=31536000; includeSubDomains
x-sf-cors: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2709
x-request-id: d640e804-8985-45a4-8d5d-4ef8af250462
pragma: no-cache
access-control-max-age: 3628800
content-api-version: resource=2.1
content-type: application/json
access-control-allow-origin: https://banking.postbank.de
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-frame-options: DENY
access-control-allow-headers: origin, referer, x-requested-with, accept, content-type, authorization, newrelic, traceparent, tracestate, x-auth-cookie-path, deuba-client-id, deuba-client-version, deuba-client-os, deuba-client-os-version, x-jwt-authorization, x-deuba-gpp-ab-testing, deuba-ab-testing, deuba-client-brand, deuba-client-id, deuba-gvo, x-trx-signing-token, x-fe-request-id, x-request-id, x-fe-correlation-id, deuba-correlation-id, accept-api-version, x-openidm-username, x-openidm-nosession, x-openidm-password, x-openam-username, x-openam-nosession, x-openam-password, if-match, if-none-match, accept-version, x-deuba-subject, apikey, payment-type, deuba-ciam-context-id, deuba-ciam-session-id, deuba-ciam-subject, bvt
expires: 0

GET
H3 200 de.json Show response
banking.postbank.de/assets/i18n/security/ 39 KB
7 KB 34ms
34ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/i18n/security/de.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

ec4bd38f23d1e2b14caf96f6cbff5443b367361e8ddf67980c9dad9bcfb9f0c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

deuba-gvo: /login
tracestate: 2988442@nr=0-1-3497424-433704598-501661c97647714a----1671790025431
traceparent: 00-1996471fb8f0852408dc703c25c8f847-501661c97647714a-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiNTAxNjYxYzk3NjQ3NzE0YSIsInRyIjoiMTk5NjQ3MWZiOGYwODUyNDA4ZGM3MDNjMjVjOGY4NDciLCJ0aSI6MTY3MTc5MDAyNTQzMSwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7309
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-1c8d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 1996471fb8f0852408dc703c25c8f847;o=1
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 de-pb.json Show response
banking.postbank.de/assets/i18n/security/ 3 KB
1 KB 34ms
34ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/i18n/security/de-pb.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

7be909837abddf78862f71162d3281fa260a130bcda5c923068dd8eb64597d52

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

deuba-gvo: /login
tracestate: 2988442@nr=0-1-3497424-433704598-3c2d630f40d56688----1671790025433
traceparent: 00-d89b4ce7516b72152283621abe4f9020-3c2d630f40d56688-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiM2MyZDYzMGY0MGQ1NjY4OCIsInRyIjoiZDg5YjRjZTc1MTZiNzIxNTIyODM2MjFhYmU0ZjkwMjAiLCJ0aSI6MTY3MTc5MDAyNTQzMywidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1035
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-40b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: d89b4ce7516b72152283621abe4f9020
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 pbbg.94a99b13acbdc92b.jpg
banking.postbank.de/ 243 KB
240 KB 35ms
34ms Image
image/jpeg 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.postbank.de/pbbg.94a99b13acbdc92b.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 245282
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 18:42:41 GMT
server: Google Frontend
etag: "63a4a521-3be22"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-cloud-trace-context: 5a29d14490849b436bc58415767c5c3c
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:05 GMT

GET
H3 200 de Show response
aggregator.service.usercentrics.eu/aggregate/ 42 KB
8 KB 61ms
20ms Fetch
application/json 2600:1901:0:256b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aggregator.service.usercentrics.eu/aggregate/de?templates=8Tzrh5crUMnin5@3.1.0,AllulnW6mjNqvN@8.5.6,Dq850tJ1K@3.1.0,N6Zc9nerb@2.1.0,RUGHfUkfM@3.1.0,SYz5hNpZs@2.0.0,dbWehKPK5@5.2.0,djkBIJeZNtJ8dw@5.1.0,kHdPijPQ6@9.8.2,tAkVxzS4C@2.0.0
Requested by: Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: bafda0e6c1087996c84bfd17fda4fc312ccbe5b7f4798f38a968aba4aefd6eae

Request headers

Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: application/json

Response headers

date: Tue, 20 Dec 2022 07:48:05 GMT
content-encoding: br
via: 1.1 google
server: Google Frontend
age: 267540
etag: "4k0rly"
vary: Accept-Encoding, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8011

OPTIONS
H2 204 de
aggregator.service.usercentrics.eu/aggregate/ Frame 0
0 81ms
30ms Preflight
text/html 2600:1901:0:256b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aggregator.service.usercentrics.eu/aggregate/de?templates=8Tzrh5crUMnin5@3.1.0,AllulnW6mjNqvN@8.5.6,Dq850tJ1K@3.1.0,N6Zc9nerb@2.1.0,RUGHfUkfM@3.1.0,SYz5hNpZs@2.0.0,dbWehKPK5@5.2.0,djkBIJeZNtJ8dw@5.1.0,kHdPijPQ6@9.8.2,tAkVxzS4C@2.0.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 23 Dec 2022 10:07:05 GMT
server: Google Frontend
vary: Origin, Access-Control-Request-Headers
via: 1.1 google
x-cloud-trace-context: 6a2cc0d2cdedc0ce61787f314cefc803

GET
H3 200 sidebar.json Show response
banking.postbank.de/assets/aem-mock/links/pb/de/ 796 B
263 B 35ms
35ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/aem-mock/links/pb/de/sidebar.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

3597f536a1889401ecf6073709379b8e57bbbce85cbe1362a4848e95262b9a13

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

deuba-gvo: /login
tracestate: 2988442@nr=0-1-3497424-433704598-c2d5e678a380afa9----1671790025482
traceparent: 00-2f3e3579a6afcddb0edf73d65f8d7b16-c2d5e678a380afa9-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiYzJkNWU2NzhhMzgwYWZhOSIsInRyIjoiMmYzZTM1NzlhNmFmY2RkYjBlZGY3M2Q2NWY4ZDdiMTYiLCJ0aSI6MTY3MTc5MDAyNTQ4MiwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 223
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 2f3e3579a6afcddb0edf73d65f8d7b16
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 login-treatment.json Show response
banking.postbank.de/assets/aem-mock/treatments/de/ 72 B
113 B 34ms
34ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/aem-mock/treatments/de/login-treatment.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

1e65da6d70018f9d6e32bd4aa3a657ac5fb12129201aafd322c20acc9b592573

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

deuba-gvo: /login
tracestate: 2988442@nr=0-1-3497424-433704598-2da9f09060abffd4----1671790025483
traceparent: 00-5f8bbbab2b99a2659aa6e6a17db0ac2a-2da9f09060abffd4-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiMmRhOWYwOTA2MGFiZmZkNCIsInRyIjoiNWY4YmJiYWIyYjk5YTI2NTlhYTZlNmExN2RiMGFjMmEiLCJ0aSI6MTY3MTc5MDAyNTQ4MywidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-4a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 5f8bbbab2b99a2659aa6e6a17db0ac2a
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 login-teasers.json Show response
banking.postbank.de/assets/aem-mock/teasers/pb/de/ 1 KB
588 B 35ms
35ms XHR
application/json 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.postbank.de/assets/aem-mock/teasers/pb/de/login-teasers.json

Requested by

Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

8a7c499cfc8dd062c5c319cc91358723c0f8b36254cb8e78429807094c6d5b12

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

deuba-gvo: /login
tracestate: 2988442@nr=0-1-3497424-433704598-6435a70ea23ab096----1671790025484
traceparent: 00-5138c7f59db15e8957ed873cd6ce5761-6435a70ea23ab096-01
Accept-Language: fr-FR,fr;q=0.9
deuba-client-version: 1.0.0-onb-2022-pr50-hf-4
deuba-client-os: Android 11
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjM0OTc0MjQiLCJhcCI6IjQzMzcwNDU5OCIsImlkIjoiNjQzNWE3MGVhMjNhYjA5NiIsInRyIjoiNTEzOGM3ZjU5ZGIxNWU4OTU3ZWQ4NzNjZDZjZTU3NjEiLCJ0aSI6MTY3MTc5MDAyNTQ4NCwidGsiOiIyOTg4NDQyIn19
deuba-client-os-version: Mobile
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
Accept: application/json, text/plain, */*
Referer: https://banking.postbank.de/
deuba-client-id: poba-onlinebanking
deuba-client-brand: poba

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 548
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:34 GMT
server: Google Frontend
etag: "63a4b9f6-224"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
x-cloud-trace-context: 5138c7f59db15e8957ed873cd6ce5761
cache-control: max-age=300
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:12:05 GMT

GET
H3 200 pb-logo-with-title-no-subline.39cedf917cbb1afd.svg
banking.postbank.de/ 7 KB
2 KB 33ms
32ms Image
image/svg+xml 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.postbank.de/pb-logo-with-title-no-subline.39cedf917cbb1afd.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2477
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:35 GMT
server: Google Frontend
etag: "63a4b9f7-9ad"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-cloud-trace-context: 02584e7cb6ebe9a75f65b1e8729f0039
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:05 GMT

GET
H2 200 FrutigerLTW05-65Bold.woff2
www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/ 25 KB
26 KB 33ms
33ms Font
font/woff2 2600:9000:2251:1800:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/FrutigerLTW05-65Bold.woff2

Requested by

Host: www.deutsche-bank.de
URL: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:1800:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

Referer: https://www.deutsche-bank.de/cip-content/assets/pb-unity/fonts/fonts.css
Origin: https://banking.postbank.de
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.deutsche-bank.de
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-length: 26008
last-modified: Wed, 24 Feb 2021 08:20:14 GMT
server: Apache
db-nickname: VTJGc2RHVmtYMTh5RHd4UzV2M2VOOTlhS3lGeUNTZTJVRnZKZVFkRXkydz0=
vary: Origin
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: FsJsTB684vnB0Xep5DgocOYDSBfNbH3qCWUvWPylPI3GadnCiIN2Jg==
expires: Sat, 23 Dec 2023 10:07:05 GMT

GET
H3 200 teaser-image-pb.jpg
banking.postbank.de/assets/images/security/login/ 44 KB
44 KB 35ms
34ms Image
image/jpeg 34.149.53.217
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.postbank.de/assets/images/security/login/teaser-image-pb.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

34.149.53.217 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

217.53.149.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src blob: .postbank.de .fyrst.de .deutsche-bank.de .db.com .privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' .postbank.de .fyrst.de .deutsche-bank.de https://.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://.usercentrics.eu bam.eu01.nr-data.net .postbank.de .fyrst.de .deutsche-bank.de .privatevault.ch ; object-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

content-security-policy: default-src 'self'; frame-src blob: *.postbank.de *.fyrst.de *.deutsche-bank.de *.db.com *.privatevault.ch 'self'; font-src data: 'self' www.deutsche-bank.de www.postbank.de; img-src data: blob: 'self' *.postbank.de *.fyrst.de *.deutsche-bank.de https://*.usercentrics.eu; script-src 'unsafe-eval' 'unsafe-inline' 'self' bam.eu01.nr-data.net; worker-src data: blob:; style-src 'self' 'unsafe-inline' www.deutsche-bank.de www.postbank.de; connect-src 'self' https://*.usercentrics.eu bam.eu01.nr-data.net *.postbank.de *.fyrst.de *.deutsche-bank.de *.privatevault.ch ; object-src 'none'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45069
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 22 Dec 2022 20:11:35 GMT
server: Google Frontend
etag: "63a4b9f7-b00d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-cloud-trace-context: 101523181104d3e1f5ed8db1ebfa220b
cache-control: max-age=900
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(),payment=()
expires: Fri, 23 Dec 2022 10:22:05 GMT

OPTIONS
H2 204 graphql
graphql.usercentrics.eu/ Frame 0
0 78ms
37ms Preflight 2600:1901:0:7903::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://graphql.usercentrics.eu/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method: POST
Origin: https://banking.postbank.de
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

access-control-allow-headers: access-control-allow-origin,content-type,x-request-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 23 Dec 2022 10:07:05 GMT
vary: Access-Control-Request-Headers
via: 1.1 google
x-powered-by: Express

POST
H3 200 graphql Show response
graphql.usercentrics.eu/ 847 B
477 B 270ms
231ms Fetch
application/json 2600:1901:0:7903::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://graphql.usercentrics.eu/graphql
Requested by: Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash: d1339b60fe067b5d38a4a348c3ef5778631527638de6856a862c6e3bf5647e12

Request headers

Access-Control-Allow-Origin: *
Accept: application/json
Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
X-Request-ID: 47ad80b9-d681-42d2-9cca-f4ec69ca4cdd
content-type: application/json

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: Express
etag: W/"34f-ObE634oxrUYI3FkNbR0oF1MzEww"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 uct
uct.service.usercentrics.eu/ 35 B
277 B 85ms
38ms Image
image/gif 34.95.108.180
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uct.service.usercentrics.eu/uct?v=1&sid=xSrVHkQp_&t=1&abv=&r=https%3A%2F%2Fbanking.postbank.de%2F%23%2Flogin&cb=1671790025614

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.95.108.180 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

180.108.95.34.bc.googleusercontent.com

Software

Google Frontend / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

date: Fri, 23 Dec 2022 10:07:05 GMT
via: 1.1 google
strict-transport-security: max-age=7776000
server: Google Frontend
x-powered-by: Express
content-type: image/gif
x-cloud-trace-context: 51bb41b99e9405c08e0b9bdf087f34df
cache-control: no-store
function-execution-id: 88zfs5pgj92m
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 PB_Zentrale_sRGB.png
www.postbank.de/dam/postbank/bilder/unternehmen/medien/ 33 KB
34 KB 113ms
32ms Image
image/png 2600:9000:214f:2000:15:e39e:8900:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.postbank.de/dam/postbank/bilder/unternehmen/medien/PB_Zentrale_sRGB.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:2000:15:e39e:8900:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

9dc5d3a050cd34154973c274bca9339e3eeec4992af909332fc93b6ce124a7b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://banking.postbank.de/
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0

Response headers

x-dispatcher: dispatcher1eucentral1
date: Fri, 23 Dec 2022 10:07:05 GMT
x-dispatcher-version: 1.4.25
x-content-type-options: nosniff
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-vhost: postbank
x-cache: Miss from cloudfront
content-disposition: inline
content-length: 33837
last-modified: Mon, 14 Sep 2020 18:49:01 GMT
server: Apache
etag: "842d-5af4a7cdf4140"
vary: Host
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-methods: GET,HEAD,OPTIONS,POST
access-control-allow-credentials: true
accept-ranges: bytes
x-amz-cf-id: iUdaAZifh8jLL2pB1kkgu6EhCZUmAZLeQBsjSeAyoBmCbWLr4ifllQ==

POST
H/1.1 200
OK NRJS-7200c241d4b12b5d9b7 Show response
bam.eu01.nr-data.net/events/1/ 24 B
771 B 58ms
58ms XHR
image/gif 185.221.85.3
NEW-2

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/events/1/NRJS-7200c241d4b12b5d9b7?a=433704598&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1450&ck=1&ref=https://banking.postbank.de/
Requested by: Host: banking.postbank.de
URL: https://banking.postbank.de/assets/newrelic-loader-1216.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.85.3 , Ireland, ASN206998 (NEW-2, IE),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://banking.postbank.de/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Android 11; Mobile; rv:68.0) Gecko/68.0 Firefox/90.0
content-type: text/plain

Response headers

Date: Fri, 23 Dec 2022 10:07:06 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://banking.postbank.de
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zdroPikHW4VXv1E%2BdIFDPoK%2BH5EraX%2BOYYMKqbOQC2a41zBiqX4i6TPVxkT9giLXydYXBHCMgTJRnGlwNEROobXXzTtx1VsRz81Bft653sXODhoMsyiLvDFsINLZRdg03kU33Wq4"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
Connection: keep-alive
CF-Ray: 77e049ce4d34d682-CDG
Content-Length: 24

Verdicts & Comments Add Verdict or Comment

172 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
api.olb.postbank.de/oneid/am/oauth2/realms/root/realms/consumer	1969-12-31 23:59:59	Name: oneid_lb Value: "f1ce6ab34bf8a5f6"
api.olb.postbank.de/oneid/am/json/realms/root/realms/consumer	1969-12-31 23:59:59	Name: oneid_lb Value: "f1ce6ab34bf8a5f6"
mg-kadastr.ru/	1969-12-31 23:59:59	Name: PHPSESSID Value: f61e5e0b3c1b533187370fe8f5deed02
videnteluiza.com.br/	1969-12-31 23:59:59	Name: PHPSESSID Value: e0842a35a0a57945f4a9bd8850214a92
api.olb.postbank.de/	1970-01-20 08:23:10	Name: OAUTH_REQUEST_ATTRIBUTES Value: eyJzY29wZSI6Im9wZW5pZCIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwicmVkaXJlY3RfdXJpIjoiaHR0cHM6Ly9hcGkub2xiLnBvc3RiYW5rLmRlL29uZWlkL2FtL2lzQWxpdmUuanNwIiwic3RhdGUiOiJOakV4TWpNeE9UWXhPVFUyTURnMk16Y3hNakV5TkRjeE9EWXhPREl5TURjeE9ERXlNVE0wTkRjdyIsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6IlMyNTYiLCJjbGllbnRfaWQiOiIxNjM0NDAtMV9vbmxpbmVCYW5raW5nQ2xpZW50IiwiY29kZV9jaGFsbGVuZ2UiOiJiamVWWms1QzI1U2xoclQtX2gwd3kya29lVnFTaVVoZWVZbGp3aThFbi1zIn0=
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: e7748f0f9872bd33
api.olb.postbank.de/	1969-12-31 23:59:59	Name: oneid_lb Value: 01

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.olb.postbank.de/oneid/am/XUI/?realm=/consumer Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aggregator.service.usercentrics.eu
api.olb.postbank.de
api.usercentrics.eu
app.usercentrics.eu
bam.eu01.nr-data.net
banking.postbank.de
graphql.usercentrics.eu
mg-kadastr.ru
s.free.fr
uct.service.usercentrics.eu
videnteluiza.com.br
www.deutsche-bank.de
www.postbank.de
185.221.85.3
192.185.211.152
2600:1901:0:256b::
2600:1901:0:5987::
2600:1901:0:7903::
2600:1901:0:c07c::
2600:9000:214f:2000:15:e39e:8900:93a1
2600:9000:2251:1800:13:46b5:7d80:93a1
2a01:e0c:1:1599::29
34.120.213.176
34.149.53.217
34.95.108.180
87.236.16.207
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
0c5322b13117ccec730622f7b4e1485fdc12705f0416445247f132c0675964a0
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
13438f644656febe76455874eb31508edd48c7bcb36d44e16dc0123f79ea9955
13ef1b93b8487ada89656524c92368cca282fd8883a92de3a017eb959ea3af0b
18c7396fb1d1ffdc0ba9e84edeaaabb79fde35bca3c27cdfac938df70e8ee422
1e65da6d70018f9d6e32bd4aa3a657ac5fb12129201aafd322c20acc9b592573
28d967ee9f4817230c9e4684f4e7831848e20ff45afb7432d57c25f7a32cf1aa
297b94c863bb2210dbc9d742bd8d97730392fe5ce3be478076170a9350d20460
2ad09e58540e6948ba7966dc213ad1152344604e0dd88f6136ad870ec032eb80
331d3b4195648bf9dd50856aae8afa57cc7a63e87c7accdc4696294b5f79ab80
3597f536a1889401ecf6073709379b8e57bbbce85cbe1362a4848e95262b9a13
40556cceb57bc41c7fd9bc43df0e46e546f9729e57589cb7548e9fd7f02cdbf3
40d1112aebbc8859f9083d0a35a2c4e9b9469631c3a547afd440021f9c036c4b
45c703229b2183bef4a55049c405d11e7fbca1bad031b8adc789474f7cf4518c
5338c67bc5e33a9493ee41af624a6794a92d169301b99e9f2e9d61baab1fcd94
55cb206a77ff71092c309352fcb5927a389382ae678bab55f85ab13ed6239d31
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c98d103cf805e408fb4ade0e1d9d3d8d028ac388ec6b505613c110cc235b657
70c9e0dc148ebddca6529f517e8aacfe87992d4c82432f83666bce17e04a6121
7140f31352daaa6f5ff736c28cd2420d213d03f975aac693075f480f7167badb
726d96c24743d594b58bfae32b516a63bd1504eb011e88c620c0a4bdc952d017
73dd708e5be3836d6dc50f66dff0f316b27359462e921439644d05446ca654e3
7be909837abddf78862f71162d3281fa260a130bcda5c923068dd8eb64597d52
82c3224e44c022d3636c74a17519d712b990bf90a95ee8ccf481bb1b6a9ce277
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
8a7c499cfc8dd062c5c319cc91358723c0f8b36254cb8e78429807094c6d5b12
8c477933a91763dd80d66840a72f9b25bee4250bc4adb2ec15932d5f6a473ecf
8e774cc0790fa0338b5a30dc3629c5a28df695a2b653cd6c6bf847cc6b810f5c
93d0eea5287871c395613bf988f7c964ce5e200f83c0262c0cbaabbcdea81531
95e2b9ce21a0f18646f678d0132e229e8513238e0102d1b2412cea280c2800f3
9743413064bd2a917008f150ecc7c4b22aeea102f079fc9b78daefe9c919ed02
97fe447ddc107dc8b5f84af5b559f36c71eb2da143a98ef3080014d1f17c994a
98fdb75aade88f762769eb61c5d0b14431c2604abde98cea84d0d4c774e613f0
9dc5d3a050cd34154973c274bca9339e3eeec4992af909332fc93b6ce124a7b2
a492bdcde3612f1582bc47b59ac7749a87946b7126755ef98bc39a844335e75e
ac5f24cfada3169aaa9c8db87591aaae27b95141d2cbf70fed58518bea762e5e
adc96b6efe5919552898681732312c97108a36e5d17d1bd20044c09f31b7e43b
b1537e2e3b6b20b2e1e5a07cfcb747c7792751445a72c0d3c2fb4ac7660ad0c8
b958adbf03969cdce156b0505777931d85b392495f586962d3549f6cd15f9995
bafda0e6c1087996c84bfd17fda4fc312ccbe5b7f4798f38a968aba4aefd6eae
be4beee7d867a4c4702b8ab281d1d11884a6b7ae9a5e74aac6b141000cb248de
c6abd802dd894e993a2b595181e66da2523e63968a5df1b515214a7050e8824c
d1339b60fe067b5d38a4a348c3ef5778631527638de6856a862c6e3bf5647e12
d4664dd3d67bd3bbe6653fe5273756db06a66ed9f6b2e3d317a28c5bd04ecb90
d4c2da0c7d693f81f6c2875f0fe27c002cd28f7cd2374bebd46bc8b8b4915961
d8eb29b019b56d4329222868197d6872582414d6fafb8bbeeb19df066220a036
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
eb3f4cf387fca0337770c0919834536dca1fc6c95ec5d142c46537a0f20ec14b
ec4bd38f23d1e2b14caf96f6cbff5443b367361e8ddf67980c9dad9bcfb9f0c6
f2c2d17654339026935b8499f09924a99004b0896bf90984e2044e9316ce6359
f4887682931c3805d1b837914ac30db2a54cee7a49074844339107f916930a03
fdff80a70c9c788e4c93d02eff684aa381d0f26bf9565edfd1bfdb15c602b4e4

banking.postbank.de Open in urlscan Pro 34.149.53.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

63 Requests

97 %HTTPS

54 %IPv6

7 Domains

13 Subdomains

12 IPs

4 Countries

1235 kBTransfer

3802 kBSize

7 Cookies

10 Outgoing links

Page URL History

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

banking.postbank.de Open in urlscan Pro
34.149.53.217 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

97 %
HTTPS

54 %
IPv6

7
Domains

13
Subdomains

12
IPs

4
Countries

1235 kB
Transfer

3802 kB
Size

7
Cookies

63 HTTP transactions
0 data transactions