URL: https://mobile.bbva.de/
Submission Tags: @phishunt_io
Submission: On December 24 via api from DE — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 49 HTTP transactions. The main IP is 23.67.137.213, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is mobile.bbva.de.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 20th 2024. Valid for: 8 months.
This is the only time mobile.bbva.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

IP Address AS Autonomous System
38 23.67.137.213 16625 (AKAMAI-AS)
4 2600:9000:235... 16509 (AMAZON-02)
2 18.66.122.75 16509 (AMAZON-02)
1 54.154.234.207 16509 (AMAZON-02)
1 63.140.62.222 16509 (AMAZON-02)
1 66.235.152.225 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 3.122.80.43 16509 (AMAZON-02)
49 9
Apex Domain
Subdomains
Transfer
38 bbva.de
mobile.bbva.de
2 MB
4 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1341
134 KB
2 bbva.it
smetrics.bbva.it
stmetrics.bbva.it
1 KB
2 bbva.es
gam.movil.bbva.es
5 KB
1 tealiumiq.com
collect.tealiumiq.com — Cisco Umbrella Rank: 4024
788 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
53 KB
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 262
811 B
49 7
Domain Requested by
38 mobile.bbva.de mobile.bbva.de
4 tags.tiqcdn.com mobile.bbva.de
tags.tiqcdn.com
2 gam.movil.bbva.es mobile.bbva.de
1 collect.tealiumiq.com tags.tiqcdn.com
1 www.googletagmanager.com tags.tiqcdn.com
1 stmetrics.bbva.it tags.tiqcdn.com
1 smetrics.bbva.it tags.tiqcdn.com
1 dpm.demdex.net tags.tiqcdn.com
49 8

This site contains no links.

Subject Issuer Validity Valid
bbva.com
DigiCert TLS RSA SHA256 2020 CA1
2024-11-20 -
2025-07-16
8 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02
2024-03-19 -
2025-04-17
a year crt.sh
gam.movil.bbva.es
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-29 -
2025-05-30
a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-09-25 -
2025-10-26
a year crt.sh
smetrics.bbva.it
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-30 -
2025-01-29
a year crt.sh
stmetrics.bbva.it
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-05-09 -
2025-05-08
a year crt.sh
*.google-analytics.com
WR2
2024-12-02 -
2025-02-24
3 months crt.sh
*.tealiumiq.com
Amazon RSA 2048 M02
2024-06-25 -
2025-07-24
a year crt.sh

This page contains 1 frames:

Primary Page: https://mobile.bbva.de/
Frame ID: 9152483A82E38E6F0C4D0C3641CFD398
Requests: 49 HTTP requests in this frame

Screenshot

Page Title

BBVA

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

49
Requests

100 %
HTTPS

25 %
IPv6

7
Domains

8
Subdomains

9
IPs

3
Countries

2101 kB
Transfer

9000 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mobile.bbva.de/
31 KB
11 KB
Document
General
Full URL
https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ed3c238e9d1c838269529e5660a365d0a37e84750b3ad34b74297a151b4548f1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
must-revalidate, max-age=600
content-encoding
gzip
content-length
11186
content-type
text/html; charset=utf-8
date
Tue, 24 Dec 2024 22:48:00 GMT
etag
W/"fda4d8a3134a9abc939786c2824d090d"
last-modified
Tue, 17 Dec 2024 08:30:26 GMT
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
x-amz-cf-id
6vu1ESoA_2B5SLvd8Tffu21RdTLDQxr5HMSS5Jp_HkJc2rjj0JgnDw==
x-amz-cf-pop
CDG52-P4
x-content-type-options
nosniff
x-edgeconnect-midmile-rtt
13
x-edgeconnect-origin-mex-latency
677
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
app.min-6ae5e5408d57c4893d85942f34067b1eeafd9b6be4a9b314ebd867485f8755c6.css
mobile.bbva.de/assets/sid/
1 MB
131 KB
Stylesheet
General
Full URL
https://mobile.bbva.de/assets/sid/app.min-6ae5e5408d57c4893d85942f34067b1eeafd9b6be4a9b314ebd867485f8755c6.css
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6ae5e5408d57c4893d85942f34067b1eeafd9b6be4a9b314ebd867485f8755c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
x-edgeconnect-origin-mex-latency
148
cache-control
must-revalidate, max-age=600
content-encoding
br
etag
W/"166ae15adb7668227d98cbcd7a044488"
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-amz-cf-id
EAUGZEvbRUn4jGAq3KTTmkrDe9T-BN-k7cbwMLqvAEsLMh-Yi2lnvA==
x-xss-protection
1; mode=block
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-edgeconnect-midmile-rtt
8
x-amz-cf-pop
CDG52-P4
x-frame-options
SAMEORIGIN
vendor-0e889389b8f1cb62943ff54405ebd685aafb8fafde1d9f07eca4814a39f27e26.css
mobile.bbva.de/assets/
2 KB
1 KB
Stylesheet
General
Full URL
https://mobile.bbva.de/assets/vendor-0e889389b8f1cb62943ff54405ebd685aafb8fafde1d9f07eca4814a39f27e26.css
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0e889389b8f1cb62943ff54405ebd685aafb8fafde1d9f07eca4814a39f27e26
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"76fbb7b37c0dfc84309bb4eb7f3aa7a8"
x-content-type-options
nosniff
x-amz-cf-id
pF2UTzqIa6xd80lcPfPgqnFpaGZY7BzzTDeNA8jmueYihIYAHbt1CA==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:20 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
786
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
215
app-bbva-de-2cf9127ba739d87f4329109f5ff11cccbdaaab6798d43c22e275d4ec123c7511.css
mobile.bbva.de/assets/@woody-lite/
292 B
715 B
Stylesheet
General
Full URL
https://mobile.bbva.de/assets/@woody-lite/app-bbva-de-2cf9127ba739d87f4329109f5ff11cccbdaaab6798d43c22e275d4ec123c7511.css
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2cf9127ba739d87f4329109f5ff11cccbdaaab6798d43c22e275d4ec123c7511
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

etag
"8c4db6a14f4c391c53086f26071c47f4"
x-content-type-options
nosniff
x-amz-cf-id
Re-UjnjeUHcvltK4RPgdevFt7RnpP9eDtiNCpxc0ZLWMWDgJ8KWxjA==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
292
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
167
BentonSansBBVA-Book-faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec.woff
mobile.bbva.de/assets/sid/res/fonts/
69 KB
69 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/fonts/BentonSansBBVA-Book-faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"dad6b6198b8254b8bce259aefda62568"
x-content-type-options
nosniff
x-amz-cf-id
VwkRSh3SSyTwqIKl0pgIe1Gq2FMkRGc0POB3cQdAmlDpegwZaOiAsw==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
70412
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
188
BentonSansBBVA-Bold-d357956c1738482f2a07db03beeddaf8b5e81c18dc50d19fd9d0cef0e7020f94.woff
mobile.bbva.de/assets/sid/res/fonts/
62 KB
62 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/fonts/BentonSansBBVA-Bold-d357956c1738482f2a07db03beeddaf8b5e81c18dc50d19fd9d0cef0e7020f94.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d357956c1738482f2a07db03beeddaf8b5e81c18dc50d19fd9d0cef0e7020f94
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"e06ceeb2df9de08b730f6788c2045ad0"
x-content-type-options
nosniff
x-amz-cf-id
lOljBD2q43LatYCyrW0d5kK0sJqyN0G2hXc7tz81G1d03ZqVach01Q==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
63516
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
343
BentonSansBBVA-Medium-7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732.woff
mobile.bbva.de/assets/sid/res/fonts/
71 KB
71 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/fonts/BentonSansBBVA-Medium-7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"f50002bc63bc7f6f4e68c65bd0ec40d4"
x-content-type-options
nosniff
x-amz-cf-id
Ie44jeWShZyoXbNR7xdhFXorgPlaAl9WgkzHuxcMIf3TckBtfgWUPg==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
72684
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
12
x-edgeconnect-origin-mex-latency
135
BentonSansBBVA-BookItalic-8d2773d3627ef45ce1d6d0bfd029a68fd6b6dadb1aa75e60b8eb9ee01ff26f23.woff
mobile.bbva.de/assets/sid/res/fonts/
71 KB
71 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/fonts/BentonSansBBVA-BookItalic-8d2773d3627ef45ce1d6d0bfd029a68fd6b6dadb1aa75e60b8eb9ee01ff26f23.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8d2773d3627ef45ce1d6d0bfd029a68fd6b6dadb1aa75e60b8eb9ee01ff26f23
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"c109f702b5103d7302b44179636a6b6b"
x-content-type-options
nosniff
x-amz-cf-id
VQ8_93LahNaOn5uzNnjM9XtLtal9WPmFE0wZY951zAYtl4CyZxOwDg==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
72284
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
219
BentonSansBBVA-MediumItalic-d695c54e6a80f75f1de09b33bd8f2f6c349fe257e079e518d42c96f4a10a86a3.woff
mobile.bbva.de/assets/sid/res/fonts/
72 KB
72 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/fonts/BentonSansBBVA-MediumItalic-d695c54e6a80f75f1de09b33bd8f2f6c349fe257e079e518d42c96f4a10a86a3.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d695c54e6a80f75f1de09b33bd8f2f6c349fe257e079e518d42c96f4a10a86a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"803e1fe842adc8c2e1aa001b53874f0b"
x-content-type-options
nosniff
x-amz-cf-id
Uf-corqda_yFzldyAfPEneYfdK5Nml2GPOb5nXMzjq60TzKKRK2HgA==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
73488
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
133
icon-maiden-20d2130a3f2840ed9b3be8d5e3fd121223e0dba5620891ef62416072353a2381.woff
mobile.bbva.de/assets/sid/res/iconfonts/
87 KB
87 KB
Font
General
Full URL
https://mobile.bbva.de/assets/sid/res/iconfonts/icon-maiden-20d2130a3f2840ed9b3be8d5e3fd121223e0dba5620891ef62416072353a2381.woff
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
20d2130a3f2840ed9b3be8d5e3fd121223e0dba5620891ef62416072353a2381
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

etag
"8c7b9b010338a8e752e284fa134404b0"
x-content-type-options
nosniff
x-amz-cf-id
EWVZ-cFB5A9lp3fe6Go6CpAN7qWRjqkVwU9b4TDqMAj5Q_18ZoWuIw==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
font/woff
last-modified
Tue, 17 Dec 2024 08:29:52 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
89032
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
184
vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
mobile.bbva.de/assets/
4 MB
879 KB
Script
General
Full URL
https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a00901f7d80583639e5820cc681d9ccc1db1a397ab84dada68ef487f5d5cc815
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
W/"19e6a7e7785999f0468fdcab6d3bf84b"
x-content-type-options
nosniff
x-amz-cf-id
EIx6dZvBqUS_9e9IzHssXcXO8a6Xsnev9vlJiZf59EAm_G55y03waw==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:30:20 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
231
chunk.3.c9ae93cdc6d7ebe85333.js
mobile.bbva.de/assets/
282 KB
87 KB
Script
General
Full URL
https://mobile.bbva.de/assets/chunk.3.c9ae93cdc6d7ebe85333.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1ce125afd229a0271860c912f534c654fbdc3669bdad802ad26e3ce2e085cd6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
W/"c78c12db653f239a67c22298c0f6f838"
x-content-type-options
nosniff
x-amz-cf-id
pLnUL-R5uj3KM1Xr3B8XNgBQDedBZ4bT0wo-xkgNKmVzKCpFrB62qQ==
date
Tue, 24 Dec 2024 22:48:00 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
201
chunk.6.2ea271d261995a2c0eb4.js
mobile.bbva.de/assets/
2 KB
1003 B
Script
General
Full URL
https://mobile.bbva.de/assets/chunk.6.2ea271d261995a2c0eb4.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
91def27438bfb2a72b216e95ffdb61aab3fb34b14e698d33c69ce6c1753fcd37
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
W/"db8214591b98c80dd31a5e4d427262b7"
x-content-type-options
nosniff
x-amz-cf-id
f7XxMXEmtrM-L_CWqzpJtZAgbHAEp3tJ4ITRSjokOLP1PkzKgtfoWA==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
559
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
353
chunk.0.2e371583b9c908523a55.js
mobile.bbva.de/assets/
7 KB
3 KB
Script
General
Full URL
https://mobile.bbva.de/assets/chunk.0.2e371583b9c908523a55.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1919fc824939a4756106c22099f57146ba6d2d763bcba0b7a6bdfb7707d9117d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
W/"bce072624a3799fe3d5e055d9eb972a6"
x-content-type-options
nosniff
x-amz-cf-id
wg-G1LKh_9mUbG2Y1logh7BGgyzuNcznCfZOMKrI10sdOQERHy0PMg==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
2889
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
327
app-bbva-de-b892cbbc1d2affc1b42c35d8022ccaf997b5d4b6225c3d865bd9582e32965201.js
mobile.bbva.de/assets/@woody-lite/
306 KB
22 KB
Script
General
Full URL
https://mobile.bbva.de/assets/@woody-lite/app-bbva-de-b892cbbc1d2affc1b42c35d8022ccaf997b5d4b6225c3d865bd9582e32965201.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9acd106386433e135744a1ce11004163a22434fae283fd0570b618bbc05c6d05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
W/"219f69737bb58555445674a5756a82aa"
x-content-type-options
nosniff
x-amz-cf-id
gjYVva1cxW5JeXpXcx2y5g9EMtM9ENa6XcVTXrbGC00WkOkU-ulKrA==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
22515
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
212
asset-manifest-a0601fda56e807a01ded28a41117ccfe0c7511da8a67d02ed887b05bdf093720-0c3b4a7e7a0781d3aac64d087d6ad6cd2d6d2dd5450e61fb8443ac82ba3ea69e.json
mobile.bbva.de/
23 KB
6 KB
Fetch
General
Full URL
https://mobile.bbva.de/asset-manifest-a0601fda56e807a01ded28a41117ccfe0c7511da8a67d02ed887b05bdf093720-0c3b4a7e7a0781d3aac64d087d6ad6cd2d6d2dd5450e61fb8443ac82ba3ea69e.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/@woody-lite/app-bbva-de-b892cbbc1d2affc1b42c35d8022ccaf997b5d4b6225c3d865bd9582e32965201.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4b62e52b04cb0c510ab75c84d685d98475bbd38df92304f52d7ab2144e754088
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"31ec912b5ba7878ab6f6b23f99352b59"
x-content-type-options
nosniff
x-amz-cf-id
FpMDBdV3n2GgmZJWg0H-5ci4ICVA98bAHTfGTUiNpP87_3AqVgt8lw==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
5931
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
11
x-edgeconnect-origin-mex-latency
126
assetMap-ceb22421c97d33be1bed4ae60ced2fd5fe5f80667c331183685ad838a980fe11.json
mobile.bbva.de/assets/
636 KB
144 KB
Fetch
General
Full URL
https://mobile.bbva.de/assets/assetMap-ceb22421c97d33be1bed4ae60ced2fd5fe5f80667c331183685ad838a980fe11.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ceb22421c97d33be1bed4ae60ced2fd5fe5f80667c331183685ad838a980fe11
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
x-edgeconnect-origin-mex-latency
114
cache-control
must-revalidate, max-age=600
content-encoding
br
etag
W/"e449efe8df98244355161767f1b36453"
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-amz-cf-id
rz4I6AgKGM591xZzGgfEadK73Pb67UKve_OrVTKQvx8R7SmiYeZsCg==
x-xss-protection
1; mode=block
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-edgeconnect-midmile-rtt
8
x-amz-cf-pop
CDG52-P4
x-frame-options
SAMEORIGIN
favicon.ico
mobile.bbva.de/assets/img/
1 KB
1 KB
Other
General
Full URL
https://mobile.bbva.de/assets/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cef16bfc3973e2a9778fe0371bb205e50cea3d50df2811c3852afa28a0ebbcec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
"5c08cb7cf2cf90049ec968ad4fe17cbf"
x-content-type-options
nosniff
x-amz-cf-id
7fuD5cseDs_bcLkR0clHrjajlGcFDqZu80cF3T0n7ct-ZyuqvRbQ9Q==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
597
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
17
x-edgeconnect-origin-mex-latency
124
chunk.15.597d4c597484d429d415.js
mobile.bbva.de/assets/
44 KB
13 KB
Script
General
Full URL
https://mobile.bbva.de/assets/chunk.15.597d4c597484d429d415.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/chunk.0.2e371583b9c908523a55.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7d72e884f95568045c0bbaa715c0bc22f2b70b0e3d299dd6e204d20c50c11990
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"47d28cef27b7f37d5afbcc2d1c7f0dcc"
x-content-type-options
nosniff
x-amz-cf-id
yDV6X766GUDBHd2XZ-mFgnauogNHCeXQEpnQoca1kILS4LZaqdwbkg==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
13022
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
11
x-edgeconnect-origin-mex-latency
111
utag.js
tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/
160 KB
41 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:e600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2af60a93b600d8123f9372f65e66101fe7766540020ef9a2fe5ecd4507e40758

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

vary
accept-encoding
cache-control
max-age=300
content-encoding
br
etag
W/"d856f1f9bfc9d8633cd0495aca9782e0"
x-amz-version-id
gajigA6Te7j2MOuY60SdCo1eA0n6niPR
age
168
via
1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
iVPWq2tk6c2wV9r3KAqZckg6z_PWrd-WkHudXEph5sM9nGTKjR13DA==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
application/javascript
last-modified
Wed, 18 Dec 2024 14:46:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
utag.sync.js
tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/
175 KB
56 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.sync.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:e600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
616082be71d2edad9ebb27dcd5b22b6207c7cd927a7fc728e2d1fa5ea81f1264

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

vary
accept-encoding
cache-control
max-age=300
content-encoding
br
etag
W/"79deea44ae4da13339746b327caed2e8"
x-amz-version-id
pgDx5XUhPSPgnz5wQMh7RZAiGo5uOLxc
age
70
via
1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
eR0i9Wpg5gm-Qz6b7Q4AOA2N9L8vOMdCoD1SOkpNpnl85DME7X0dvA==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
application/javascript
last-modified
Wed, 18 Dec 2024 14:46:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
mobilepublicconfig1.1
gam.movil.bbva.es/
0
0
Preflight
General
Full URL
https://gam.movil.bbva.es/mobilepublicconfig1.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-75.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
bbva-user-agent,content-type
Access-Control-Request-Method
POST
Origin
https://mobile.bbva.de
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization,Content-Language,Content-Type,Referer,X-Amz-Date,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,bbva-user-agent
access-control-allow-methods
OPTIONS,GET,POST
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Tue, 24 Dec 2024 22:48:02 GMT
via
1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront)
x-amz-apigw-id
DUYFYFXxDoEEavQ=
x-amz-cf-id
5kW8Mlc7yD2xyc0lv1dw7Hq_Cr58-88D7xjYdHayN_tJ_Z3IHXdbFA==
x-amz-cf-pop
FRA60-P2
x-amzn-requestid
d2829281-be43-4eb6-a416-12c160fdce27
x-cache
Miss from cloudfront
engine-345ed7f2b1a2e0bf246bd0f565cf6af458d92dcc8ba2692c19fa07dfbe88b8fd.js
mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/assets/
201 KB
25 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/assets/engine-345ed7f2b1a2e0bf246bd0f565cf6af458d92dcc8ba2692c19fa07dfbe88b8fd.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7b5af6457a43dd67a9dae098b1d94ce9e703e0c9141adb062734aedef10e6a96
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"837f172999ed336379ea8759401f0bcd"
x-content-type-options
nosniff
x-amz-cf-id
f-MTJJw6G35JlNayrJd0Kw4ALbu9uz6nQyRW5ZMvlLXjYgwk0-Gvgw==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
25129
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
117
engine-vendor-8c9b67cfc19c436738751c8b123a5c24148cfc20cbcf165ba34598dfc334944c.js
mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/assets/
624 KB
82 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/assets/engine-vendor-8c9b67cfc19c436738751c8b123a5c24148cfc20cbcf165ba34598dfc334944c.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
04c850d750412b044d58dac9310a0b831a21efd0afeb80ab519d97e87263193e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains; preload
x-edgeconnect-origin-mex-latency
121
cache-control
must-revalidate, max-age=600
content-encoding
br
etag
W/"30b7e9c26b4a80238ebf8ece9d95052d"
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
x-amz-cf-id
tsIIBhwSz1mC-d3MigZC0VNyDV_6_XXCoylkfdgP0L7pim-hE2njMw==
x-xss-protection
1; mode=block
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-edgeconnect-midmile-rtt
16
x-amz-cf-pop
CDG52-P4
x-frame-options
SAMEORIGIN
environment-c2ebe0528024b1ccdf6d3119026111b1a1401099f3925fc20a3701be35bddf1d.js
mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/config/
2 KB
1 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/config/environment-c2ebe0528024b1ccdf6d3119026111b1a1401099f3925fc20a3701be35bddf1d.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c2ebe0528024b1ccdf6d3119026111b1a1401099f3925fc20a3701be35bddf1d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"885bd6fb0c57c4e5126985b692d15020"
x-content-type-options
nosniff
x-amz-cf-id
DjK9eSElXPbz9IiDvSsMC2OtVmDgJY9AHQylHgTEIfOU2yo18uRGgg==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
878
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
146
de-87f94214a85b00372b524be751fd4cf39f24a9b5756c6eff09054dfb67ec4baa.json
mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/translations/
24 KB
9 KB
Other
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-global-position/translations/de-87f94214a85b00372b524be751fd4cf39f24a9b5756c6eff09054dfb67ec4baa.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
87f94214a85b00372b524be751fd4cf39f24a9b5756c6eff09054dfb67ec4baa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"4eb91627f317b567ece921fc3579036a"
x-content-type-options
nosniff
x-amz-cf-id
MtkZQ6dYMBvCR8DZaGKqNlYvL9dJH8wVH5UOJxDdWaBkWKGDp953jg==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
8528
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
144
de-3a357ce8fc58995512ca07fc3a46575c63189b7adb4da2900d6690f50f620805.json
mobile.bbva.de/translations/
15 KB
6 KB
Fetch
General
Full URL
https://mobile.bbva.de/translations/de-3a357ce8fc58995512ca07fc3a46575c63189b7adb4da2900d6690f50f620805.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3a357ce8fc58995512ca07fc3a46575c63189b7adb4da2900d6690f50f620805
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"17d1025bb8aee27d01264c4496c1e123"
x-content-type-options
nosniff
x-amz-cf-id
aQ59eSqUKxzqvuqrloVdBK_zjmK6QSLpYTqyPC8eC0wQn21V9ufFBw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:26 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
5658
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
121
mobilepublicconfig1.1
gam.movil.bbva.es/
5 KB
5 KB
Fetch
General
Full URL
https://gam.movil.bbva.es/mobilepublicconfig1.1
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-75.fra60.r.cloudfront.net
Software
/
Resource Hash
db90d1b31bbb4c62213f3d35767fd914db4e9585a7ff8d52ebb9144aa2a70f81

Request headers

Referer
https://mobile.bbva.de/client
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json, text/javascript, */*; q=0.01
bbva-user-agent
13d0b77a-2d16-f538-8355-3d7be87bc68c;HTML;;;1600x1200;Linux;x86_64;forkyDE;0.29.3;mdpi;;pro;;Chrome;131.0.0.0
content-language
de
content-type
application/json

Response headers

x-amz-apigw-id
DUYFZGfZjoEEsgQ=
etag
190d5fc55f6bbaa662cba28856108fc2
x-amzn-trace-id
Root=1-676b3a22-7c6a9c304cf354940722aae3;Parent=0cf660351c94dde6;Sampled=0;Lineage=1:00dffb72:0
x-amzn-requestid
1946a5b0-c4bb-4f6c-9d26-8ac7c5776ce0
via
1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
5121
x-amz-cf-id
vJL1g0DdWK5G3h_r-uAvhEzUu8JvrDph96qZ2_BpYHw6s9_jSNhg4A==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json
x-amz-cf-pop
FRA60-P2
favicon.ico
mobile.bbva.de/assets/img/
1 KB
0
Other
General
Full URL
https://mobile.bbva.de/assets/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cef16bfc3973e2a9778fe0371bb205e50cea3d50df2811c3852afa28a0ebbcec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
"5c08cb7cf2cf90049ec968ad4fe17cbf"
x-content-type-options
nosniff
x-amz-cf-id
7fuD5cseDs_bcLkR0clHrjajlGcFDqZu80cF3T0n7ct-ZyuqvRbQ9Q==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
597
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
17
x-edgeconnect-origin-mex-latency
124
utag.28.js
tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/
128 KB
36 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.28.js?utv=ut4.51.202412111511
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:e600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5612f1cb33bfa8fe743da3b522ac071f99afc64602d7e0ab904bfc35f22f11e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

vary
accept-encoding
cache-control
max-age=1296000
content-encoding
gzip
etag
W/"07555493048fb0ce9233ee41cfb0525a"
x-amz-version-id
MDl6Q..FOqw8E2oNvAjQFhJA0DshkAYm
age
65
via
1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
EqJwU5gbiMjuJYMfzvlcJLfvbYwOUhuTIng7eep9Oz6WQDPwCZzGiw==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
application/javascript
last-modified
Wed, 18 Dec 2024 14:46:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
id
dpm.demdex.net/
213 B
811 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=D906879D557EE0547F000101%40AdobeOrg&d_nsid=0&ts=1735080481976
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.154.234.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-234-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
afb8769e5bbfa85ca0b6ab41d2df8f04c1a2a96416c3a9f6a93eda398b0ed90e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v069-0992b6c75.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
rX2/oHVjQIU=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://mobile.bbva.de
content-length
207
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json;charset=utf-8
vary
Origin
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
430 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=bbva/it-main-mobileapp/202412181445&cb=1735080482001
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:e600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
etag
"7bc0ee636b3b83484fc3b9348863bd22"
age
403
x-cache
Hit from cloudfront
x-amz-cf-id
IOTGyVkLHl6ef0aAeuZNbW8jnOaJDgvMjLs511YGGlYbiFstr2h9IA==
date
Tue, 24 Dec 2024 22:41:20 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
cache-control
max-age=300
via
1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
2
x-amz-cf-pop
FRA60-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
mobile.bbva.de/assets/img/
0
0
Fetch
General
Full URL
https://mobile.bbva.de/assets/img/favicon.ico
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
cache-control
no-cache
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
"5c08cb7cf2cf90049ec968ad4fe17cbf"
x-content-type-options
nosniff
x-amz-cf-id
rxY7NtSm0V7QFGQfNFPs8YTwylCIbObtDkRFJzeEVcZ3ZbZCMD_gsw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
20
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
8
x-edgeconnect-origin-mex-latency
1
engine-4829babf9edab29f32673a71329edbee2e3c6cf16b50e56c912baa11a2648f9f.js
mobile.bbva.de/engines-dist/@woody-lite/engine-login/assets/
82 KB
13 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-login/assets/engine-4829babf9edab29f32673a71329edbee2e3c6cf16b50e56c912baa11a2648f9f.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
48b5015de0e36e31016c75806233217d8d0d4ad4b72596fabdb36c01c8095311
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"76267f633393497d738a4796cd9df480"
x-content-type-options
nosniff
x-amz-cf-id
wc-T4iUzpG__SjM5GzbiGPQ-X4wKyXccFiHkUgGBJtebcJYkIwyT5Q==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
13022
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
14
x-edgeconnect-origin-mex-latency
59
engine-vendor-66aa4237a70ac9105911a412de27c8e7210b0b0a133b94ac8441cf01373f176c.js
mobile.bbva.de/engines-dist/@woody-lite/engine-login/assets/
26 KB
4 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-login/assets/engine-vendor-66aa4237a70ac9105911a412de27c8e7210b0b0a133b94ac8441cf01373f176c.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2e6925de3d2acb1d02ea997eba8cbaa8a1cb3dc3c8784d803451128edf92b3f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"23903365201931db7dd8e86fef2c9aaa"
x-content-type-options
nosniff
x-amz-cf-id
GbkmK9ccUZT0E-mnC0SlJSvs1RnGp1BhwxGhmIt5X-x54v7dQV5lHw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
3749
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
118
environment-8f2d9e493cadde6f19eaac679df36e214bdedbbe3acc2a49933406e3b5f0c2e7.js
mobile.bbva.de/engines-dist/@woody-lite/engine-login/config/
1 KB
1 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-login/config/environment-8f2d9e493cadde6f19eaac679df36e214bdedbbe3acc2a49933406e3b5f0c2e7.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8f2d9e493cadde6f19eaac679df36e214bdedbbe3acc2a49933406e3b5f0c2e7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"45559749619a8ca956e35234c393c4c9"
x-content-type-options
nosniff
x-amz-cf-id
xXE4iQZZiv36vnBPvF0Z1tRBk8dLhzazlLYW5hLsEZtPXQDnPmUtWA==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
682
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
140
de-28a94ab147adb0576876096dbcef960c79ddcf9820050b1ef8e12e52939bed9c.json
mobile.bbva.de/engines-dist/@woody-lite/engine-login/translations/
13 KB
5 KB
Other
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-login/translations/de-28a94ab147adb0576876096dbcef960c79ddcf9820050b1ef8e12e52939bed9c.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
28a94ab147adb0576876096dbcef960c79ddcf9820050b1ef8e12e52939bed9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"2b46208b6a4deaf30b7df8e5e6121537"
x-content-type-options
nosniff
x-amz-cf-id
UJdQhSp5kZZMmH9Q8mMD4hv__6Uj6JeZIo1grSJ58q8I0AYvf8rmMQ==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
4797
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
119
id
smetrics.bbva.it/
48 B
455 B
XHR
General
Full URL
https://smetrics.bbva.it/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=D906879D557EE0547F000101%40AdobeOrg&mid=34108662520024577400843768349034323278&ts=1735080482174
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.222 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
36157d5f2107af811febf2f7153150cf0d669422b75ead99cbdc8eac9a9fb730
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://mobile.bbva.de
p3p
CP="This is not a P3P policy"
content-length
48
date
Tue, 24 Dec 2024 22:48:02 GMT
x-xss-protection
1; mode=block
content-type
application/x-javascript;charset=utf-8
vary
Origin
server
jag
delivery
stmetrics.bbva.it/rest/v1/
321 B
823 B
XHR
General
Full URL
https://stmetrics.bbva.it/rest/v1/delivery?client=bbva&sessionId=278a967d16d0493bb5a64b1ea952a5fa&version=2.11.4
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-225.data.adobedc.net
Software
jag /
Resource Hash
a2de41070c6da3f431732864d2df2c7a4687b4e17a0c3040f1e6b8d29272a158
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://mobile.bbva.de/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
7cda8519-28eb-451f-812b-5bae168a0556
cache-control
no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin
*
content-encoding
gzip
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
access-control-allow-origin
https://mobile.bbva.de
date
Tue, 24 Dec 2024 22:48:02 GMT
x-xss-protection
1; mode=block
content-type
application/json;charset=UTF-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
server
jag
engine-fb6c3f0b28157c43f01d448417b7ad5df4b2121c02eeca65d287feecb4c599e5.js
mobile.bbva.de/engines-dist/@woody-lite/engine-menu/assets/
49 KB
8 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-menu/assets/engine-fb6c3f0b28157c43f01d448417b7ad5df4b2121c02eeca65d287feecb4c599e5.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
be4b51920815be8253c6ae10ae7948e820c6a53b837b8b026889b482f073672a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"7bdbb3a9aa1e2ef61cffd588743a2a25"
x-content-type-options
nosniff
x-amz-cf-id
3lGneF5BUVSkgHx4m-594hEXOqRkeVTaXE167P5xk9QtMXAsZWpTRw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
7413
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
131
engine-vendor-da2140c122b2c490be4ec2648cb6e417641df17adb439f1411c256bdc9b7dec4.js
mobile.bbva.de/engines-dist/@woody-lite/engine-menu/assets/
50 KB
8 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-menu/assets/engine-vendor-da2140c122b2c490be4ec2648cb6e417641df17adb439f1411c256bdc9b7dec4.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0bf903e9768162cd5851e48582cae6194ebecb7e342fa40f06812d6f88fe3963
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"7644d856eb708c0eee574611751faa2c"
x-content-type-options
nosniff
x-amz-cf-id
eLRyH6ST1MrHMwMcjJKjNpiN5-n6YJsY9HCrDS8y7Py9Iy2I1lRhdQ==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
8261
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
115
environment-2dcc335ae55763aa82f20784164a3c185eb06eb89a0a270dc52e2642651c78df.js
mobile.bbva.de/engines-dist/@woody-lite/engine-menu/config/
1 KB
1 KB
Script
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-menu/config/environment-2dcc335ae55763aa82f20784164a3c185eb06eb89a0a270dc52e2642651c78df.js
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2dcc335ae55763aa82f20784164a3c185eb06eb89a0a270dc52e2642651c78df
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"d8f8b4d8ab1b70dc03b085924890ab68"
x-content-type-options
nosniff
x-amz-cf-id
y-tl8fB3OjPtMiO5dqnoeSutxn9tN6wRqf3bXpJeWcbkYSYeHbi8qA==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
text/javascript; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
715
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
72
bg-menu-d19a3f0c27a6b419e11c1c379647ca77aff247cbda55f87c4d486d7809cb97ed.svg
mobile.bbva.de/assets/sid/res/img/
2 KB
1 KB
Image
General
Full URL
https://mobile.bbva.de/assets/sid/res/img/bg-menu-d19a3f0c27a6b419e11c1c379647ca77aff247cbda55f87c4d486d7809cb97ed.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d19a3f0c27a6b419e11c1c379647ca77aff247cbda55f87c4d486d7809cb97ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"d3fe57499aeaf7ae66b280cdb8f243b4"
x-content-type-options
nosniff
x-amz-cf-id
POXbUzzz02d7JG0SWP7nGIBt0eW5o5BmEMQZI3Yr-keKEd-1tTiIDw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
image/svg+xml
last-modified
Tue, 17 Dec 2024 08:30:00 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
640
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
12
x-edgeconnect-origin-mex-latency
101
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
32b5be70164acc09cb52ed04d8e5b86b3461bb03037ce96176e5cd1030e6bee9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
logo-white-02f45b3337d897cf6298f8835de1376549d43dfd5c10fc50fafd4ca6386321a9.svg
mobile.bbva.de/assets/sid/res/img/logos/
1 KB
1 KB
Image
General
Full URL
https://mobile.bbva.de/assets/sid/res/img/logos/logo-white-02f45b3337d897cf6298f8835de1376549d43dfd5c10fc50fafd4ca6386321a9.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
02f45b3337d897cf6298f8835de1376549d43dfd5c10fc50fafd4ca6386321a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"994dd0155fb3c5f3870ce61d53f464ed"
x-content-type-options
nosniff
x-amz-cf-id
YTCeCp0M1J8asP1WNijGDVbq1V4gHljgTYdSNzvif-367M-BlUVpjw==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
image/svg+xml
last-modified
Tue, 17 Dec 2024 08:30:12 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
615
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
10
x-edgeconnect-origin-mex-latency
138
de-56d35bc5c78044244dabcd1a1d69b01b03392c2b77be86685ba9c2420630b4cc.json
mobile.bbva.de/engines-dist/@woody-lite/engine-menu/translations/
10 KB
4 KB
Other
General
Full URL
https://mobile.bbva.de/engines-dist/@woody-lite/engine-menu/translations/de-56d35bc5c78044244dabcd1a1d69b01b03392c2b77be86685ba9c2420630b4cc.json
Requested by
Host: mobile.bbva.de
URL: https://mobile.bbva.de/assets/vendor-f08001097f1b0ea9e4419cb253855a478cb550411e4884da186308116f8f5092.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
56d35bc5c78044244dabcd1a1d69b01b03392c2b77be86685ba9c2420630b4cc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://mobile.bbva.de
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
etag
W/"609471f3286ac4f8913790d473a034b2"
x-content-type-options
nosniff
x-amz-cf-id
e9FQ1GuSTpi8GZOgrqsHCHIhsN8ZMx50hLORxPFS8pkgKsHtpByaQg==
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/json; charset=utf-8
last-modified
Tue, 17 Dec 2024 08:30:23 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=63072000; includeSubdomains; preload
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
content-length
3773
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
13
x-edgeconnect-origin-mex-latency
125
favicon.ico
mobile.bbva.de/assets/img/
1 KB
0
Other
General
Full URL
https://mobile.bbva.de/assets/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cef16bfc3973e2a9778fe0371bb205e50cea3d50df2811c3852afa28a0ebbcec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
"5c08cb7cf2cf90049ec968ad4fe17cbf"
x-content-type-options
nosniff
x-amz-cf-id
7fuD5cseDs_bcLkR0clHrjajlGcFDqZu80cF3T0n7ct-ZyuqvRbQ9Q==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
597
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
17
x-edgeconnect-origin-mex-latency
124
js
www.googletagmanager.com/gtag/
138 KB
53 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4671ed9fbc9269106bc9b41f73f5cb7ad5c0e78267faaad36d0cf7efdb8a1e26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Tue, 24 Dec 2024 22:48:02 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Tue, 24 Dec 2024 21:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
53567
x-xss-protection
0
server
Google Tag Manager
i.gif
collect.tealiumiq.com/bbva/it-main-mobileapp/2/
43 B
788 B
XHR
General
Full URL
https://collect.tealiumiq.com/bbva/it-main-mobileapp/2/i.gif
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/bbva/it-main-mobileapp/prod/utag.28.js?utv=ut4.51.202412111511
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.122.80.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-122-80-43.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryhTtZvUNnKKyn63d2
Referer
https://mobile.bbva.de/

Response headers

access-control-expose-headers
X-Region
expires
Tue, 24 Dec 2024 22:48:02 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-serverid
uconnect_uconnect-16061db6-9669-4c6b-ac85-12fb00288684
date
Tue, 24 Dec 2024 22:48:02 GMT
content-type
image/gif
vary
Origin
x-uuid
326bfbc7-8ffd-4691-a052-fcb8fee21947
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
pragma
no-cache
access-control-allow-credentials
true
x-tid
0193fadb14a3001f233a75a0667d05065001705d00b08
access-control-allow-origin
https://mobile.bbva.de
content-length
43
x-acc
bbva:it-main-mobileapp:2:datacloud
x-ulver
8508a0e804185b77d25c5885f11abd42ab8f0249-SNAPSHOT
x-did
0193fadb14a3001f233a75a0667d05065001705d00b08
x-region
eu-central-1
favicon.ico
mobile.bbva.de/assets/img/
1 KB
0
Other
General
Full URL
https://mobile.bbva.de/assets/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.137.213 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-137-213.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cef16bfc3973e2a9778fe0371bb205e50cea3d50df2811c3852afa28a0ebbcec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://mobile.bbva.de/

Response headers

content-encoding
gzip
etag
"5c08cb7cf2cf90049ec968ad4fe17cbf"
x-content-type-options
nosniff
x-amz-cf-id
7fuD5cseDs_bcLkR0clHrjajlGcFDqZu80cF3T0n7ct-ZyuqvRbQ9Q==
date
Tue, 24 Dec 2024 22:48:01 GMT
content-type
image/vnd.microsoft.icon
vary
Accept-Encoding
last-modified
Tue, 17 Dec 2024 08:29:51 GMT
x-frame-options
SAMEORIGIN
cache-control
must-revalidate, max-age=600
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
content-length
597
x-xss-protection
1; mode=block
x-amz-cf-pop
CDG52-P4
x-edgeconnect-midmile-rtt
17
x-edgeconnect-origin-mex-latency
124

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| removeElement function| cleanAppShell function| cleanErrorView object| loader function| define function| requireModule function| require function| requirejs object| _templateObject object| _templateObject2 object| _templateObject3 object| _templateObject4 object| _templateObject5 object| _templateObject6 function| _taggedTemplateLiteral function| _classPrivateFieldInitSpec function| _checkPrivateRedeclaration function| _defineProperty function| _toPropertyKey function| _toPrimitive object| EmberENV function| Velocity function| Dexie function| clearImmediate function| setImmediate object| operationsWorkshop object| webpackChunk_ember_auto_import_ object| __ember_auto_import__ function| _eai_r function| _eai_d function| emberAutoImportDynamic function| emberAutoImportSync function| Hammer object| slinky_fafbad9890272f20d4b1a1b113fbf645 object| HtmlSessionId object| digitalData object| utag function| getIDFormulario object| utag_data object| utag_cfg_ovrd function| HTMLEncode function| quita_tildes function| cleanString function| getDomain function| getCookie function| setCookie function| getPosicionGEO function| VisualizacionBarraPersonalizadaSC function| VisualizacionBannerSC function| ClicBuscadorSC function| SeguimientoProcesoSC function| AbandonoProcesosContratacionSC function| envia_nombrado_pagina function| medicion_sc_operativa_privada function| SeguimientoBuscadorAxesorSC function| SeguimientoEmpresaAxesorSC function| getTrackingCode object| TagManager object| teal string| FlagCampaigns function| cleanListCampaigns function| digitalChange function| digitalTrack function| getProfileID function| getTimeHourData function| getTimeHourMinutesSeconds object| tiq_ownVars function| setAsincronosListeners object| videoID object| gtmYTListeners object| elements number| elementsLength function| getGDPRCookie boolean| analitica boolean| personalizacion function| e function| targetPageParams string| logVisitorAPI object| adobe function| Visitor object| s_c_il number| s_c_in object| visitor boolean| loaded_target object| targetOffersMBoxes object| ATManager object| targetGlobalSettings object| __target_telemetry object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| adtech_vars string| gtagRename object| dataLayer function| gtag string| newDatosCookie string| serialString object| dias number| s_loadT string| UDOvar string| udo object| google_tag_manager object| google_tag_data

8 Cookies

Domain/Path Name / Value
.bbva.de/ Name: at_check
Value: true
.demdex.net/ Name: demdex
Value: 34125149142966774450845496013026337159
.bbva.de/ Name: AMCVS_D906879D557EE0547F000101%40AdobeOrg
Value: 1
.bbva.de/ Name: AMCV_D906879D557EE0547F000101%40AdobeOrg
Value: 179643557%7CMCIDTS%7C20082%7CMCMID%7C34108662520024577400843768349034323278%7CMCAAMLH-1735685282%7C6%7CMCAAMB-1735685282%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1735087682s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.5.0
.bbva.de/ Name: mbox
Value: session#278a967d16d0493bb5a64b1ea952a5fa#1735082343|PC#278a967d16d0493bb5a64b1ea952a5fa.37_0#1798325283
.bbva.de/ Name: mboxEdgeCluster
Value: 37
.tealiumiq.com/ Name: TAPID
Value: bbva/it-main-mobileapp>0193fadb14a3001f233a75a0667d05065001705d00b08|
.bbva.de/ Name: utag_main
Value: v_id:0193fadb14a3001f233a75a0667d05065001705d00b08$_sn:1$_se:1%3Bexp-session$_ss:1%3Bexp-session$_st:1735082281956%3Bexp-session$ses_id:1735080481956%3Bexp-session$_pn:1%3Bexp-session$dc_visit:1$dc_event:1%3Bexp-session$dc_region:eu-central-1%3Bexp-session

1 Console Messages

Source Level URL
Text
rendering warning URL: https://mobile.bbva.de/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0301D0024170000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

collect.tealiumiq.com
dpm.demdex.net
gam.movil.bbva.es
mobile.bbva.de
smetrics.bbva.it
stmetrics.bbva.it
tags.tiqcdn.com
www.googletagmanager.com
18.66.122.75
23.67.137.213
2600:9000:235a:e600:7:2bfb:7c00:93a1
2a00:1450:4001:80f::2008
3.122.80.43
54.154.234.207
63.140.62.222
66.235.152.225
02f45b3337d897cf6298f8835de1376549d43dfd5c10fc50fafd4ca6386321a9
04c850d750412b044d58dac9310a0b831a21efd0afeb80ab519d97e87263193e
0bf903e9768162cd5851e48582cae6194ebecb7e342fa40f06812d6f88fe3963
0e889389b8f1cb62943ff54405ebd685aafb8fafde1d9f07eca4814a39f27e26
1919fc824939a4756106c22099f57146ba6d2d763bcba0b7a6bdfb7707d9117d
1ce125afd229a0271860c912f534c654fbdc3669bdad802ad26e3ce2e085cd6f
20d2130a3f2840ed9b3be8d5e3fd121223e0dba5620891ef62416072353a2381
28a94ab147adb0576876096dbcef960c79ddcf9820050b1ef8e12e52939bed9c
2af60a93b600d8123f9372f65e66101fe7766540020ef9a2fe5ecd4507e40758
2cf9127ba739d87f4329109f5ff11cccbdaaab6798d43c22e275d4ec123c7511
2dcc335ae55763aa82f20784164a3c185eb06eb89a0a270dc52e2642651c78df
2e6925de3d2acb1d02ea997eba8cbaa8a1cb3dc3c8784d803451128edf92b3f6
32b5be70164acc09cb52ed04d8e5b86b3461bb03037ce96176e5cd1030e6bee9
36157d5f2107af811febf2f7153150cf0d669422b75ead99cbdc8eac9a9fb730
3a357ce8fc58995512ca07fc3a46575c63189b7adb4da2900d6690f50f620805
4671ed9fbc9269106bc9b41f73f5cb7ad5c0e78267faaad36d0cf7efdb8a1e26
48b5015de0e36e31016c75806233217d8d0d4ad4b72596fabdb36c01c8095311
4b62e52b04cb0c510ab75c84d685d98475bbd38df92304f52d7ab2144e754088
56d35bc5c78044244dabcd1a1d69b01b03392c2b77be86685ba9c2420630b4cc
616082be71d2edad9ebb27dcd5b22b6207c7cd927a7fc728e2d1fa5ea81f1264
6ae5e5408d57c4893d85942f34067b1eeafd9b6be4a9b314ebd867485f8755c6
7af3360fe39c201b1ccbe7a726a5d3c2f0253add6616b71176f0d9e7c849a732
7b5af6457a43dd67a9dae098b1d94ce9e703e0c9141adb062734aedef10e6a96
7d72e884f95568045c0bbaa715c0bc22f2b70b0e3d299dd6e204d20c50c11990
87f94214a85b00372b524be751fd4cf39f24a9b5756c6eff09054dfb67ec4baa
8d2773d3627ef45ce1d6d0bfd029a68fd6b6dadb1aa75e60b8eb9ee01ff26f23
8f2d9e493cadde6f19eaac679df36e214bdedbbe3acc2a49933406e3b5f0c2e7
91def27438bfb2a72b216e95ffdb61aab3fb34b14e698d33c69ce6c1753fcd37
9acd106386433e135744a1ce11004163a22434fae283fd0570b618bbc05c6d05
a00901f7d80583639e5820cc681d9ccc1db1a397ab84dada68ef487f5d5cc815
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a2de41070c6da3f431732864d2df2c7a4687b4e17a0c3040f1e6b8d29272a158
afb8769e5bbfa85ca0b6ab41d2df8f04c1a2a96416c3a9f6a93eda398b0ed90e
be4b51920815be8253c6ae10ae7948e820c6a53b837b8b026889b482f073672a
c2ebe0528024b1ccdf6d3119026111b1a1401099f3925fc20a3701be35bddf1d
ceb22421c97d33be1bed4ae60ced2fd5fe5f80667c331183685ad838a980fe11
cef16bfc3973e2a9778fe0371bb205e50cea3d50df2811c3852afa28a0ebbcec
d19a3f0c27a6b419e11c1c379647ca77aff247cbda55f87c4d486d7809cb97ed
d357956c1738482f2a07db03beeddaf8b5e81c18dc50d19fd9d0cef0e7020f94
d695c54e6a80f75f1de09b33bd8f2f6c349fe257e079e518d42c96f4a10a86a3
db90d1b31bbb4c62213f3d35767fd914db4e9585a7ff8d52ebb9144aa2a70f81
e5612f1cb33bfa8fe743da3b522ac071f99afc64602d7e0ab904bfc35f22f11e
ed3c238e9d1c838269529e5660a365d0a37e84750b3ad34b74297a151b4548f1
faef4c0bda0c3c95f57f42c990d7623eedb0d7f8174a6640ff4114f1091217ec