urlscan.io logo urlscan.io
SecurityTrails logo

onboarding.dzb-bank.de Open in urlscan Pro
185.145.196.105  Public Scan

Go To Rescan Add Verdict Report
URL: https://onboarding.dzb-bank.de/
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On October 27 via api from IT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 185.145.196.105, located in Germany and belongs to WIITCLOUDEDGE, DE. The main domain is onboarding.dzb-bank.de.
TLS certificate: Issued by E5 on October 27th 2024. Valid for: 3 months.
This is the only time onboarding.dzb-bank.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 15 185.145.196.105 42263 (WIITCLOUD...)
13 1
Apex Domain
Subdomains		 Transfer
15 dzb-bank.de
onboarding.dzb-bank.de
be.onboarding.dzb-bank.de
2 MB
13 1
Domain Requested by
10 onboarding.dzb-bank.de onboarding.dzb-bank.de
5 be.onboarding.dzb-bank.de 2 redirects onboarding.dzb-bank.de
13 2

This site contains links to these domains. Also see Links.

Domain
www.dzb-bank.de
Subject Issuer Validity Valid
onboarding.dzb-bank.de
E5		 2024-10-27 -
2025-01-25		 3 months crt.sh
be.onboarding.dzb-bank.de
E6		 2024-10-27 -
2025-01-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://onboarding.dzb-bank.de/
Frame ID: 062C3DBADD39FB2AF9D9AA5E0E304941
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Digitale Mitgliederaufnahme

Page Statistics

13
Requests

85 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

1737 kB
Transfer

6392 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • https://be.onboarding.dzb-bank.de/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJaWswWXpCaFpqY3hZUzB3WVdVMExUUXhZak10T1dZek5pMDNOek16WkdKbE9XSXlPV1lHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6ImJsb2JfaWQifX0=--fca6df90189ecea373428de8eb7ebd7a27a8ddfe/DZB-Bank-Logo.png HTTP 302
  • https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhOSFkxWlc0emRHODNOSE5xZWpGNWVEWnVaVFZpY3pGaFpHdHZOZ1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpVFdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SWtSYVFpMUNZVzVyTFV4dloyOHVjRzVuSWpzZ1ptbHNaVzVoYldVcVBWVlVSaTA0SnlkRVdrSXRRbUZ1YXkxTWIyZHZMbkJ1WndZN0JsUTZFV052Ym5SbGJuUmZkSGx3WlVraURtbHRZV2RsTDNCdVp3WTdCbFE2RVhObGNuWnBZMlZmYm1GdFpUb0tiRzlqWVd3PSIsImV4cCI6IjIwMjQtMTAtMjdUMTE6MDE6NTMuMDA4WiIsInB1ciI6ImJsb2Jfa2V5In19--101585ace5a0b6ab9352c8f3d033b19781375927/DZB-Bank-Logo.png
Request Chain 11
  • https://be.onboarding.dzb-bank.de/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJaWxrTlRrMk9UTmpOaTA1WkRaa0xUUmpNalV0T0dGbFlpMHhPVGN4WlRWbU16TmxPVFVHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6ImJsb2JfaWQifX0=--92bf75152b5acea698cd8879bc8e81336e74d5b0/favicon.ico HTTP 302
  • https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNak0zWTJ4d2F6ZHhNbkozT0dWdGJuVjVjVzR4YXpCemEyUjBPUVk2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpUVdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SW1aaGRtbGpiMjR1YVdOdklqc2dabWxzWlc1aGJXVXFQVlZVUmkwNEp5ZG1ZWFpwWTI5dUxtbGpid1k3QmxRNkVXTnZiblJsYm5SZmRIbHdaVWtpSFdsdFlXZGxMM1p1WkM1dGFXTnliM052Wm5RdWFXTnZiZ1k3QmxRNkVYTmxjblpwWTJWZmJtRnRaVG9LYkc5allXdz0iLCJleHAiOiIyMDI0LTEwLTI3VDExOjAxOjUzLjAyMFoiLCJwdXIiOiJibG9iX2tleSJ9fQ==--e8543f4466d673aa9e94969efc913c210fef5927/favicon.ico

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
onboarding.dzb-bank.de/ 		744 B
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
73e765b644c61e5e60775bf9d12dc3cc2b12009278dad014f272866fec74f98e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-length
744
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Sun, 27 Oct 2024 10:56:51 GMT
etag
"66042e50-2e8"
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
strict-transport-security
max-age=15724800; includeSubdomains
x-frame-options
deny
env.js
onboarding.dzb-bank.de/ 		623 B
870 B 		Script
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/env.js
Requested by
Host: onboarding.dzb-bank.de
URL: https://onboarding.dzb-bank.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
f33cdb9e1c7464c422fdc34a17a13d65126b236cb43b585e57fb86c0d532beb5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
etag
"6715cc34-26f"
accept-ranges
bytes
content-length
623
date
Sun, 27 Oct 2024 10:56:51 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 21 Oct 2024 03:36:20 GMT
server
nginx
x-frame-options
deny
main.d008adff.js
onboarding.dzb-bank.de/static/js/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/static/js/main.d008adff.js
Requested by
Host: onboarding.dzb-bank.de
URL: https://onboarding.dzb-bank.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
91bb27790ffd5981b8d566ef96337096f939c243963578fb109d14d96d666a63
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
content-encoding
gzip
etag
W/"66042e50-624bd2"
date
Sun, 27 Oct 2024 10:56:51 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
main.82335fce.css
onboarding.dzb-bank.de/static/css/ 		23 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/static/css/main.82335fce.css
Requested by
Host: onboarding.dzb-bank.de
URL: https://onboarding.dzb-bank.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
3587a417007ab6b8c56c15cce4f60f36cd98b35bba2b76baa8d992973514f726
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
content-encoding
gzip
etag
W/"66042e50-5ceb"
date
Sun, 27 Oct 2024 10:56:51 GMT
content-type
text/css
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
dzbnew
be.onboarding.dzb-bank.de/api/v1/partners/ 		10 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://be.onboarding.dzb-bank.de/api/v1/partners/dzbnew?url=onboarding.dzb-bank.de
Requested by
Host: onboarding.dzb-bank.de
URL: https://onboarding.dzb-bank.de/static/js/main.d008adff.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
9191fbbccc7070d37bd88ad3b70e928101e2f46ddf433e753d50eedde1448fa1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
Strict-Transport-Security max-age=631138519, max-age=15724800; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://onboarding.dzb-bank.de/

Response headers

access-control-max-age
7200
x-request-id
6558afe8-8a92-4260-ab88-504354e1c036
access-control-expose-headers
Temp-Access-Token, Temp-Refresh-Token, Temp-Expires-In, Temp-Created-At
etag
W/"9191fbbccc7070d37bd88ad3b70e9281"
x-permitted-cross-domain-policies
none
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options
nosniff
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
application/vnd.api+json
vary
Origin
x-runtime
0.045736
x-frame-options
DENY
strict-transport-security
max-age=631138519, max-age=15724800; includeSubdomains
content-security-policy
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
cache-control
max-age=0, private, must-revalidate
referrer-policy
no-referrer-when-downgrade
x-download-options
noopen
access-control-allow-origin
https://onboarding.dzb-bank.de
x-xss-protection
1; mode=block
server
nginx
favicon.ico
onboarding.dzb-bank.de/ 		744 B
983 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
73e765b644c61e5e60775bf9d12dc3cc2b12009278dad014f272866fec74f98e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
etag
"66042e50-2e8"
accept-ranges
bytes
content-length
744
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
DZB-Bank-Logo.png
be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhOSFkxWlc0emRHODNOSE5xZWpGNWVEWnVaVFZpY3pGaFpHdHZOZ1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpVFdsdWJHb...
Redirect Chain
  • https://be.onboarding.dzb-bank.de/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJaWswWXpCaFpqY3hZUzB3WVdVMExUUXhZak10T1dZek5pMDNOek16WkdKbE9XSXlPV1lHT2daRlZBPT0iLCJleHAiOm5...
  • https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhOSFkxWlc0emRHODNOSE5xZWpGNWVEWnVaVFZpY3pGaFpHdHZOZ1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpV...
3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhOSFkxWlc0emRHODNOSE5xZWpGNWVEWnVaVFZpY3pGaFpHdHZOZ1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpVFdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SWtSYVFpMUNZVzVyTFV4dloyOHVjRzVuSWpzZ1ptbHNaVzVoYldVcVBWVlVSaTA0SnlkRVdrSXRRbUZ1YXkxTWIyZHZMbkJ1WndZN0JsUTZFV052Ym5SbGJuUmZkSGx3WlVraURtbHRZV2RsTDNCdVp3WTdCbFE2RVhObGNuWnBZMlZmYm1GdFpUb0tiRzlqWVd3PSIsImV4cCI6IjIwMjQtMTAtMjdUMTE6MDE6NTMuMDA4WiIsInB1ciI6ImJsb2Jfa2V5In19--101585ace5a0b6ab9352c8f3d033b19781375927/DZB-Bank-Logo.png
Protocol
H2
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
f779a5d691204a7ba9723fca62bdf22e651141c7024e3d58a253ac2819fc1741
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
Strict-Transport-Security max-age=631138519, max-age=15724800; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

x-request-id
e12240cc-93cc-4b80-8afb-0a9cd32e051e
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
date
Sun, 27 Oct 2024 10:56:53 GMT
content-type
image/png
last-modified
Thu, 28 Mar 2024 10:50:07 GMT
x-runtime
0.005627
content-disposition
inline; filename="DZB-Bank-Logo.png"; filename*=UTF-8''DZB-Bank-Logo.png
x-frame-options
DENY
strict-transport-security
max-age=631138519, max-age=15724800; includeSubdomains
vary
Origin
content-security-policy
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
cache-control
max-age=0, private, must-revalidate
referrer-policy
no-referrer-when-downgrade
x-download-options
noopen
content-length
3189
x-xss-protection
1; mode=block
server
nginx

Redirect headers

x-request-id
1aeef2f2-eea8-4b53-ba87-0717264d6acb
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
date
Sun, 27 Oct 2024 10:56:53 GMT
content-type
text/html; charset=utf-8
vary
Origin
x-runtime
0.009996
x-frame-options
DENY
strict-transport-security
max-age=631138519, max-age=15724800; includeSubdomains
content-security-policy
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
cache-control
max-age=300, private
location
https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhOSFkxWlc0emRHODNOSE5xZWpGNWVEWnVaVFZpY3pGaFpHdHZOZ1k2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpVFdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SWtSYVFpMUNZVzVyTFV4dloyOHVjRzVuSWpzZ1ptbHNaVzVoYldVcVBWVlVSaTA0SnlkRVdrSXRRbUZ1YXkxTWIyZHZMbkJ1WndZN0JsUTZFV052Ym5SbGJuUmZkSGx3WlVraURtbHRZV2RsTDNCdVp3WTdCbFE2RVhObGNuWnBZMlZmYm1GdFpUb0tiRzlqWVd3PSIsImV4cCI6IjIwMjQtMTAtMjdUMTE6MDE6NTMuMDA4WiIsInB1ciI6ImJsb2Jfa2V5In19--101585ace5a0b6ab9352c8f3d033b19781375927/DZB-Bank-Logo.png
referrer-policy
no-referrer-when-downgrade
x-download-options
noopen
x-xss-protection
1; mode=block
server
nginx
de.cc670a050b591bf6656d.png
onboarding.dzb-bank.de/static/media/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://onboarding.dzb-bank.de/static/media/de.cc670a050b591bf6656d.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
9ead1bc194a3a01035de7f65160c91b32604d2c788b35a914543c34ef451cd3a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/kunde/login

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
etag
"66042e50-2d74"
accept-ranges
bytes
content-length
11636
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
image/png
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
ubuntu-latin-400-normal.2f02effe392a63dc07a5.woff2
onboarding.dzb-bank.de/static/media/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/static/media/ubuntu-latin-400-normal.2f02effe392a63dc07a5.woff2
Requested by
Host: onboarding.dzb-bank.de
URL: https://onboarding.dzb-bank.de/static/css/main.82335fce.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://onboarding.dzb-bank.de
Referer
https://onboarding.dzb-bank.de/static/css/main.82335fce.css

Response headers

strict-transport-security
max-age=15724800; includeSubdomains
content-security-policy
frame-ancestors 'none'
etag
"66042e50-8824"
accept-ranges
bytes
content-length
34852
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
font/woff2
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
favicon.ico
onboarding.dzb-bank.de/ 		744 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
73e765b644c61e5e60775bf9d12dc3cc2b12009278dad014f272866fec74f98e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/kunde/login

Response headers

content-security-policy
frame-ancestors 'none'
etag
"66042e50-2e8"
accept-ranges
bytes
content-length
744
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
favicon.ico
onboarding.dzb-bank.de/ 		744 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
73e765b644c61e5e60775bf9d12dc3cc2b12009278dad014f272866fec74f98e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/kunde/login

Response headers

content-security-policy
frame-ancestors 'none'
etag
"66042e50-2e8"
accept-ranges
bytes
content-length
744
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
favicon.ico
onboarding.dzb-bank.de/ 		744 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://onboarding.dzb-bank.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
73e765b644c61e5e60775bf9d12dc3cc2b12009278dad014f272866fec74f98e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
X-Frame-Options deny

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/kunde/login

Response headers

content-security-policy
frame-ancestors 'none'
etag
"66042e50-2e8"
accept-ranges
bytes
content-length
744
date
Sun, 27 Oct 2024 10:56:52 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 27 Mar 2024 14:33:52 GMT
server
nginx
x-frame-options
deny
favicon.ico
be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNak0zWTJ4d2F6ZHhNbkozT0dWdGJuVjVjVzR4YXpCemEyUjBPUVk2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpUVdsdWJHb...
Redirect Chain
  • https://be.onboarding.dzb-bank.de/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaEpJaWxrTlRrMk9UTmpOaTA1WkRaa0xUUmpNalV0T0dGbFlpMHhPVGN4WlRWbU16TmxPVFVHT2daRlZBPT0iLCJleHAiOm5...
  • https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNak0zWTJ4d2F6ZHhNbkozT0dWdGJuVjVjVzR4YXpCemEyUjBPUVk2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpU...
15 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNak0zWTJ4d2F6ZHhNbkozT0dWdGJuVjVjVzR4YXpCemEyUjBPUVk2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpUVdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SW1aaGRtbGpiMjR1YVdOdklqc2dabWxzWlc1aGJXVXFQVlZVUmkwNEp5ZG1ZWFpwWTI5dUxtbGpid1k3QmxRNkVXTnZiblJsYm5SZmRIbHdaVWtpSFdsdFlXZGxMM1p1WkM1dGFXTnliM052Wm5RdWFXTnZiZ1k3QmxRNkVYTmxjblpwWTJWZmJtRnRaVG9LYkc5allXdz0iLCJleHAiOiIyMDI0LTEwLTI3VDExOjAxOjUzLjAyMFoiLCJwdXIiOiJibG9iX2tleSJ9fQ==--e8543f4466d673aa9e94969efc913c210fef5927/favicon.ico
Protocol
H2
Server
185.145.196.105 , Germany, ASN42263 (WIITCLOUDEDGE, DE),
Reverse DNS
Software
nginx /
Resource Hash
de50f9f221dd284f364b30bf3631aa44e22c65aa47c15b8456374b2c8c9b45ca
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
Strict-Transport-Security max-age=631138519, max-age=15724800; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://onboarding.dzb-bank.de/

Response headers

x-request-id
a2874f97-d442-410b-87f5-721342b61468
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
date
Sun, 27 Oct 2024 10:56:53 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 28 Mar 2024 10:50:07 GMT
x-runtime
0.006614
content-disposition
inline; filename="favicon.ico"; filename*=UTF-8''favicon.ico
x-frame-options
DENY
strict-transport-security
max-age=631138519, max-age=15724800; includeSubdomains
vary
Origin
content-security-policy
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
cache-control
max-age=0, private, must-revalidate
referrer-policy
no-referrer-when-downgrade
x-download-options
noopen
content-length
15086
x-xss-protection
1; mode=block
server
nginx

Redirect headers

x-request-id
390d935e-1e9a-41e7-a885-31384f99efbb
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
date
Sun, 27 Oct 2024 10:56:53 GMT
content-type
text/html; charset=utf-8
vary
Origin
x-runtime
0.018807
x-frame-options
DENY
strict-transport-security
max-age=631138519, max-age=15724800; includeSubdomains
content-security-policy
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self'; font-src 'self' fonts.gstatic.com data: *.compeon.de; form-action 'self' *.staging.devguru.co *.fnstrt.de *.dkb.de *.anfragestrecke.de; img-src 'self' *.compeon.de storage.googleapis.com data:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.compeon.de; worker-src 'self'
cache-control
max-age=300, private
location
https://be.onboarding.dzb-bank.de/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNak0zWTJ4d2F6ZHhNbkozT0dWdGJuVjVjVzR4YXpCemEyUjBPUVk2QmtWVU9oQmthWE53YjNOcGRHbHZia2tpUVdsdWJHbHVaVHNnWm1sc1pXNWhiV1U5SW1aaGRtbGpiMjR1YVdOdklqc2dabWxzWlc1aGJXVXFQVlZVUmkwNEp5ZG1ZWFpwWTI5dUxtbGpid1k3QmxRNkVXTnZiblJsYm5SZmRIbHdaVWtpSFdsdFlXZGxMM1p1WkM1dGFXTnliM052Wm5RdWFXTnZiZ1k3QmxRNkVYTmxjblpwWTJWZmJtRnRaVG9LYkc5allXdz0iLCJleHAiOiIyMDI0LTEwLTI3VDExOjAxOjUzLjAyMFoiLCJwdXIiOiJibG9iX2tleSJ9fQ==--e8543f4466d673aa9e94969efc913c210fef5927/favicon.ico
referrer-policy
no-referrer-when-downgrade
x-download-options
noopen
x-xss-protection
1; mode=block
server
nginx

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _env object| webpackChunkcompeon_reverse_front object| axe object| __REACT_INTL_CONTEXT__ function| _ function| filterCSS function| filterXSS object| scCGSHMRCache function| saveAs

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Frame-Options deny