urlscan.io logo urlscan.io
SecurityTrails logo

oidc.dfb.de Open in urlscan Pro
2620:1ec:bdf::60  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://account.dfb.de/
Effective URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-managemen...
Submission: On July 07 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2620:1ec:bdf::60, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is oidc.dfb.de.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 3rd 2023. Valid for: a year.
This is the only time oidc.dfb.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 16 2620:1ec:bdf::60 8075 (MICROSOFT...)
14 1
Apex Domain
Subdomains		 Transfer
16 dfb.de
account.dfb.de
oidc.dfb.de
281 KB
14 1
Domain Requested by
14 oidc.dfb.de oidc.dfb.de
2 account.dfb.de 2 redirects
14 2

This site contains links to these domains. Also see Links.

Domain
www.dfb.de
Subject Issuer Validity Valid
oidc.dfb.de
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-03 -
2024-11-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Frame ID: FB460CECB3B6EC69FD9A39CCD4C9EE32
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmeldung bei MEIN.DFB

Page URL History Show full URLs

  1. https://account.dfb.de/ HTTP 302
    https://account.dfb.de/oauth2/authorization/keycloak HTTP 302
    https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfb... Page URL

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

280 kB
Transfer

912 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://account.dfb.de/ HTTP 302
    https://account.dfb.de/oauth2/authorization/keycloak HTTP 302
    https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
oidc.dfb.de/auth/realms/AK/protocol/openid-connect/
Redirect Chain
  • https://account.dfb.de/
  • https://account.dfb.de/oauth2/authorization/keycloak
  • https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&red...
10 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
53389229e7a95de46f2b5d697054514e0823d05376542210c05afe69e0fb5506
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-store, must-revalidate, max-age=0
content-language
de
content-length
10494
content-security-policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
content-type
text/html;charset=utf-8
date
Sun, 07 Jul 2024 05:17:38 GMT
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guf
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
none
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Sun, 07 Jul 2024 05:17:38 GMT
expires
0
location
https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-azure-ref
20240707T051738Z-r195c4c79d9sqgckvvz1u2gg3c00000007200000000050v1
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
theme.min.css
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/theme.min.css
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aeeb9677ba5745268b80113d8a422313d6bcd4554aada538571253875742a116
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gus
x-cache
CONFIG_NOCACHE
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1337
x-xss-protection
1; mode=block
dachmarke.css
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/ 		202 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/dachmarke.css
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d22f2f779d74e53b30bdd08721776dbef6a39df67cb949b01bf4439fc3c9d3e5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gut
x-cache
CONFIG_NOCACHE
content-type
text/css
cache-control
max-age=2592000
x-xss-protection
1; mode=block
login.css
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/ 		525 B
594 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/login.css
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
57e6fb652bfac2a338f1605a9b6e8982c450eaabdfb22b84719cd2418927eba9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guu
x-cache
CONFIG_NOCACHE
content-type
text/css
cache-control
max-age=2592000
accept-ranges
bytes
content-length
277
x-xss-protection
1; mode=block
register.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/ 		988 B
760 B 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/register.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
32623a4f63a94de892ccf5a282b7fcdab9cda80adf5e63ad0d30716659dd9e2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guv
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
438
x-xss-protection
1; mode=block
u16_registration_checkbox_handling.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/ 		518 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/u16_registration_checkbox_handling.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
49663a5a17734b45dbef479849646739cb81815c1a92412de6b76934b80b2132
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guw
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
194
x-xss-protection
1; mode=block
dachmarke.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/ 		262 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/dachmarke.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
eba1907fbbd89f193a0096468470da33e60a864d8a7b004bd5c9afb5cb3141c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gux
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
x-xss-protection
1; mode=block
common.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/ 		1 KB
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/common.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2151e713be987f1bcb05ebd188b4a0a8efe2f9e9c42fea54939643e0d2f3ffe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guy
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
309
x-xss-protection
1; mode=block
dfb-logo.svg
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/img/dfb-logo.svg
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
791501ed966c38e3fadf2b687af3742c8cb1dd831b839fd69ae47de32a373512
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000guz
x-cache
CONFIG_NOCACHE
content-type
image/svg+xml
cache-control
max-age=2592000
accept-ranges
bytes
content-length
768
x-xss-protection
1; mode=block
main.bundle.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/ 		295 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/main.bundle.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ee3588d28f0807a93e097723ee247b41fae88feebcbcbc3ca57ea0cfe74a371e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gv2
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
x-xss-protection
1; mode=block
loading-spinner.js
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/ 		718 B
646 B 		Script
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/js/loading-spinner.js
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/realms/AK/protocol/openid-connect/auth?response_type=code&client_id=dfbde-account-management&scope=openid%20profile&state=V_mqrnlc3oY5cu6A9R3fPNNgvmzUbIl2QvS95lBfMxw%3D&redirect_uri=https://account.dfb.de/login/oauth2/code/keycloak&nonce=Q1ck8qMMV3Zn86UAlhjmBIfUyKXV7dyHpR8cZwCHTnQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ab7862369cc5f73fa39b3ad27066535bb7c652b45d444414a64c7876d73223e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gv7
x-cache
CONFIG_NOCACHE
content-type
text/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
324
x-xss-protection
1; mode=block
dfb-sans-web-bold.woff2
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/fonts/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/fonts/dfb-sans-web-bold.woff2
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/dachmarke.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
944d4cee8d2b3f4dab4c0799c29565d3508d542aa6192f93d9dcbafc79aff2d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://oidc.dfb.de
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gve
x-cache
CONFIG_NOCACHE
content-type
application/octet-stream
cache-control
max-age=2592000
x-xss-protection
1; mode=block
dfb-sans-web-regular.woff2
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/assets/fonts/dfb-sans-web-regular.woff2
Requested by
Host: oidc.dfb.de
URL: https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/css/dachmarke.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
32b1b78ff093729595c640cd1661c34ce61d1498be631e47bad4a961b534da74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://oidc.dfb.de
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gvf
x-cache
CONFIG_NOCACHE
content-type
application/octet-stream
cache-control
max-age=2592000
x-xss-protection
1; mode=block
favicon.ico
oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/img/ 		34 KB
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://oidc.dfb.de/auth/resources/kbkgk/login/dachmarke/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::60 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
269d22e4f924c7e513e406d23a77e63887e2070b688ef11fa8324af628d40a3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 05:17:38 GMT
content-encoding
gzip
referrer-policy
no-referrer
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-azure-ref
20240707T051738Z-17cf9458cfbtllggh4ruw3c95c0000000440000000000gvn
x-cache
CONFIG_NOCACHE
content-type
application/octet-stream
cache-control
max-age=2592000
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| checkInvalidRegistrationFields function| showParentalEmailInput function| webpackHotUpdate function| objectFitPolyfill function| applyFocusVisiblePolyfill function| flatpickr function| lazyload object| __SVG_SPRITE__ function| startContinuousSpinner

4 Cookies

Domain/Path Name / Value
oidc.dfb.de/auth/realms/AK/ Name: AUTH_SESSION_ID
Value: 0690ae1f-fcc7-46ab-ba6e-b5b03e871e52.keycloak-dfbde-1-49806
oidc.dfb.de/auth/realms/AK/ Name: AUTH_SESSION_ID_LEGACY
Value: 0690ae1f-fcc7-46ab-ba6e-b5b03e871e52.keycloak-dfbde-1-49806
oidc.dfb.de/auth/realms/AK/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0MThjODEwNi1jZTg4LTQzM2ItYjZmNS04MTk0Zjc1NjdkNjgifQ.eyJjaWQiOiJkZmJkZS1hY2NvdW50LW1hbmFnZW1lbnQiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwczovL2FjY291bnQuZGZiLmRlL2xvZ2luL29hdXRoMi9jb2RlL2tleWNsb2FrIiwiYWN0IjoiQVVUSEVOVElDQVRFIiwibm90ZXMiOnsic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSIsImlzcyI6Imh0dHBzOi8vb2lkYy5kZmIuZGUvYXV0aC9yZWFsbXMvQUsiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vYWNjb3VudC5kZmIuZGUvbG9naW4vb2F1dGgyL2NvZGUva2V5Y2xvYWsiLCJzdGF0ZSI6IlZfbXFybmxjM29ZNWN1NkE5UjNmUE5OZ3ZtelViSWwyUXZTOTVsQmZNeHc9Iiwibm9uY2UiOiJRMWNrOHFNTVYzWm44NlVBbGhqbUJJZlV5S1hWN2R5SHBSOGNad0NIVG5RIn19.L9vLuViF1eDdr5IT-PF_ROtVtLIyTg34LL-mlnAb04k
account.dfb.de/ Name: JSESSIONID
Value: BA114FCE0E5CCD2A6CF6424ABFE244AD

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block