urlscan.io logo urlscan.io
SecurityTrails logo

login.datev.de Open in urlscan Pro
79.140.57.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://duo.datev.de/
Effective URL: https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV...
Submission: On July 25 via manual from SG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 79.140.57.13, located in Germany and belongs to DATEV-AS, DE. The main domain is login.datev.de. The Cisco Umbrella rank of the primary domain is 333450.
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 18th 2024. Valid for: a year.
This is the only time login.datev.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 193.27.50.203 15451 (DATEV-AS)
2 2 193.27.51.43 15451 (DATEV-AS)
4 79.140.57.13 15451 (DATEV-AS)
5 193.27.50.202 15451 (DATEV-AS)
9 3
Apex Domain
Subdomains		 Transfer
12 datev.de
duo.datev.de
webapps.datev.de
login.datev.de — Cisco Umbrella Rank: 333450
apps.datev.de — Cisco Umbrella Rank: 389690
413 KB
9 1
Domain Requested by
5 apps.datev.de login.datev.de
apps.datev.de
4 login.datev.de login.datev.de
2 webapps.datev.de 2 redirects
1 duo.datev.de 1 redirects
9 4

This site contains links to these domains. Also see Links.

Domain
www.datev-umfrage.de
www.datev.de
datev.de
Subject Issuer Validity Valid
login.datev.de
Thawte TLS RSA CA G1		 2024-01-18 -
2025-01-17		 a year crt.sh
apps.datev.de
Thawte TLS RSA CA G1		 2024-02-02 -
2025-02-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile
Frame ID: C2D00FF196A08DB2E1273FAC27D2C9CB
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DATEV Login

Page URL History Show full URLs

  1. https://duo.datev.de/ HTTP 307
    https://webapps.datev.de/wopl/FC/FC HTTP 302
    https://webapps.datev.de/authorize HTTP 302
    https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhe... Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

4
Subdomains

3
IPs

1
Countries

409 kB
Transfer

402 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://duo.datev.de/ HTTP 307
    https://webapps.datev.de/wopl/FC/FC HTTP 302
    https://webapps.datev.de/authorize HTTP 302
    https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorize
login.datev.de/openid/
Redirect Chain
  • https://duo.datev.de/
  • https://webapps.datev.de/wopl/FC/FC
  • https://webapps.datev.de/authorize
  • https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8...
20 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
79.140.57.13 , Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
Software
/
Resource Hash
70df1e0e57b21e216863fd6a22025a6eea4ad552dd22badbb44e7429ac35d3aa
Security Headers
Name Value
Content-Security-Policy default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self' https://webapps.datev.de;img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Content-Language
de
Content-Security-Policy
default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self' https://webapps.datev.de;img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Thu, 25 Jul 2024 07:07:37 GMT
Encoding
UTF-8
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Feature-Policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; fullscreen 'self'; payment 'none'; usb 'none';
Pragma
No-cache
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Dns-Prefetch-Control
off
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
X-Vcap-Request-Id
1eea4f05-4234-49d9-57fe-03d434037276
X-Xss-Protection
0

Redirect headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'none'; script-src 'self' https://*.datev.de 'unsafe-hashes' 'sha256-ePniVEkSivX/c7XWBGafqh8tSpiRrKiqYeqbG7N1TOE=' 'sha256-O5c8AmwmpaTp3CDXe7+Tcs7Hh+I4RsUqQf6jfFviY7I=' 'sha256-BkW3arwoi1RVyGuHNsQgUkSCbHMkjVlhSTBNDS/Z5Us=' 'sha256-taiq+UCvDLSXWLe6a0ZYLoYxAzDJmylhC88rY6lpfTM=' 'sha256-d9NtTBR3HPwtyI4gaiKkAhm10BGJhPjSHg+ZUxFS7ak=' 'sha256-p73Bp6svG7Qy2w258fnpKwSQxIMkVKDDmbcTnyITmqw=' 'sha256-x6uoze2ARXRqsaXDebQr/HNJd244Nfxb5snSf1KbWWw=' 'sha256-J+ZJXXX/ngQd+DxpL+4niMXBkfyjJymAFoAU4OT53eQ='; connect-src 'self'; img-src 'self' data: https://*.datev.de; style-src 'self' https://*.datev.de 'unsafe-hashes' 'sha256-7JQOTtywr2Plg/CsqOLi8gUFgyvxSHKFM+G0rChPZcQ=' 'sha256-qnVkQSG7pWu17hBhIw0kCpfEB3XGvt0mNRa6+uM6OUU=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog='; font-src 'self' data: https://*.datev.de
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Location
https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Backside-Transport
FAIL FAIL
X-Content-Type-Options
nosniff
X-Global-Transaction-ID
b79902aa66a1f9b9564821bf
X-XSS-Protection
0
cache-control
no-cache
expires
Wed, 09-Nov-1999 23:12:40 GMT
pragma
no-cache
styles-13ac85988970c1939ffbabc1751bc0a4.css
login.datev.de/ 		23 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.datev.de/styles-13ac85988970c1939ffbabc1751bc0a4.css
Requested by
Host: login.datev.de
URL: https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
79.140.57.13 , Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
Software
/
Resource Hash
dd55dbb19f57a6c0953b65635e19ebf9aefcdf17f4c2a2b0fb75466ead409748
Security Headers
Name Value
Content-Security-Policy default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Content-Security-Policy
default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
23666
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Mon, 08 Jul 2024 09:47:50 GMT
Cross-Origin-Opener-Policy
same-origin
X-Download-Options
noopen
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Vcap-Request-Id
9b2c6337-726f-4285-48ca-4cc1bc9614d6
Feature-Policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; fullscreen 'self'; payment 'none'; usb 'none';
Accept-Ranges
bytes
main.min-31917b0ab2b66d5c648cac6b6740b958.js
login.datev.de/ 		13 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.datev.de/main.min-31917b0ab2b66d5c648cac6b6740b958.js
Requested by
Host: login.datev.de
URL: https://login.datev.de/openid/authorize?state=MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9&nonce=e7c6d3c3-3ca8-4e77-b493-aa0299b707f8&redirect_uri=https://webapps.datev.de/login&code_challenge=JZj2DKqRIvy73kj5wLLmRim17tq8t9wJa67UqfWr0Sc&code_challenge_method=S256&client_id=0000fa81-3dfc-4e88-9052-96eb5257eaef&response_type=code%20id_token&response_mode=form_post&scope=openid%20profile%20email%20extended_profile
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
79.140.57.13 , Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
Software
/
Resource Hash
7610eb32f4ee07c56b00060590bca59c3576b904d109561c92838b723fc6fcf5
Security Headers
Name Value
Content-Security-Policy default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Content-Security-Policy
default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
12938
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Mon, 08 Jul 2024 09:47:50 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"31917b0ab2b66d5c648cac6b6740b958"
X-Download-Options
noopen
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Vcap-Request-Id
c7e084b0-be88-4144-4802-8cd7c9111d69
Feature-Policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; fullscreen 'self'; payment 'none'; usb 'none';
Accept-Ranges
bytes
fonts.css
apps.datev.de/assets/datev/fonts/1.2.0/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Requested by
Host: login.datev.de
URL: https://login.datev.de/styles-13ac85988970c1939ffbabc1751bc0a4.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
193.27.50.202 Nuremberg, Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
www.datev.de
Software
/
Resource Hash
0ad57da52b13be4266a8fda6852d406c526f96d923e03b002c9fe62d2f6fa8b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubdomains
Transfer-Encoding
chunked
Connection
Keep-Alive
Last-Modified
Mon, 24 Jun 2024 15:48:00 GMT
Etag
W/"66799530-bd5"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
X-Vcap-Request-Id
aa8d75cb-af0d-4554-7462-5a21a9e69713
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Language
de
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Keep-Alive
timeout=5, max=100
truncated
/ 		107 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
335e5062efcf210e2523ebb420451027432e3fc447854a372c62b7b87888827e

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		693 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01e476e6563af4de568947991fa4049f0e045e9373d74d0a1408ff733b7186d4

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
notosansdisplay-regular-webfont.woff2
apps.datev.de/assets/datev/fonts/1.2.0/ 		64 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://apps.datev.de/assets/datev/fonts/1.2.0/notosansdisplay-regular-webfont.woff2
Requested by
Host: apps.datev.de
URL: https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
193.27.50.202 Nuremberg, Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
www.datev.de
Software
/
Resource Hash
724fdf3eb38da4f1109629d04214722e01ef4d5554033955e1d169c2881859df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Origin
https://login.datev.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains
Last-Modified
Mon, 24 Jun 2024 16:12:53 GMT
Etag
"66799b05-10020"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
font/woff2
Access-Control-Allow-Origin
*
X-Vcap-Request-Id
4b01cfef-f563-4895-6234-4913e2295dda
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Language
de
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length
65568
Keep-Alive
timeout=5, max=100
notosansdisplay-semibold-webfont.woff2
apps.datev.de/assets/datev/fonts/1.2.0/ 		168 KB
169 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://apps.datev.de/assets/datev/fonts/1.2.0/notosansdisplay-semibold-webfont.woff2
Requested by
Host: apps.datev.de
URL: https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
193.27.50.202 Nuremberg, Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
www.datev.de
Software
/
Resource Hash
07f2a892991fc423c42cf9f9c6f9cf4227cbb64f8332422bb892ca52c750307b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Origin
https://login.datev.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains
Last-Modified
Mon, 24 Jun 2024 16:12:55 GMT
Etag
"66799b07-29fa0"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
font/woff2
Access-Control-Allow-Origin
*
X-Vcap-Request-Id
38c676d0-2915-494a-7b22-4b2500c78e46
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Language
de
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length
171936
Keep-Alive
timeout=5, max=100
3b9c2c78-1f7c-419b-aeda-67708caa3005.woff2
apps.datev.de/assets/datev/fonts/1.2.0/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://apps.datev.de/assets/datev/fonts/1.2.0/3b9c2c78-1f7c-419b-aeda-67708caa3005.woff2
Requested by
Host: apps.datev.de
URL: https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
193.27.50.202 Nuremberg, Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
www.datev.de
Software
/
Resource Hash
e7adcc31c74d34b5a98a3046685c6c83b43a1a09eef9702d9f4345f629a5fd4c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Origin
https://login.datev.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains
Last-Modified
Mon, 24 Jun 2024 15:48:00 GMT
Etag
"66799530-a344"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
font/woff2
Access-Control-Allow-Origin
*
X-Vcap-Request-Id
6b52de3f-4b32-482f-7bd2-8e357d2154a3
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Language
de
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length
41796
Keep-Alive
timeout=5, max=100
notosansdisplay-medium-webfont.woff2
apps.datev.de/assets/datev/fonts/1.2.0/ 		65 KB
66 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://apps.datev.de/assets/datev/fonts/1.2.0/notosansdisplay-medium-webfont.woff2
Requested by
Host: apps.datev.de
URL: https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
193.27.50.202 Nuremberg, Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
www.datev.de
Software
/
Resource Hash
7541b800f0b92bcf922fd6e9536e83424453524c4f20ca2090e0c0dd7a38f48e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://apps.datev.de/assets/datev/fonts/1.2.0/fonts.css
Origin
https://login.datev.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains
Last-Modified
Mon, 24 Jun 2024 16:12:52 GMT
Etag
"66799b04-10380"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
font/woff2
Access-Control-Allow-Origin
*
X-Vcap-Request-Id
a2a05c1d-5fb3-4048-4864-7bdb9b293ec1
Access-Control-Expose-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Language
de
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
Content-Length
66432
Keep-Alive
timeout=5, max=100
favicon-0c5044210f00fbe26e5ebe4dfe92610a.ico
login.datev.de/ 		5 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://login.datev.de/favicon-0c5044210f00fbe26e5ebe4dfe92610a.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
79.140.57.13 , Germany, ASN15451 (DATEV-AS, DE),
Reverse DNS
Software
/
Resource Hash
3702ae6d1b35cb63ae429ae8c7e93f3e09b3e30447a4835f6d92902ce65c1fa3
Security Headers
Name Value
Content-Security-Policy default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Thu, 25 Jul 2024 07:07:37 GMT
Content-Security-Policy
default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
5430
X-Xss-Protection
0
Pragma
No-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 08 Jul 2024 09:47:50 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"0c5044210f00fbe26e5ebe4dfe92610a"
X-Download-Options
noopen
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
X-Vcap-Request-Id
0ac4e8f5-cb79-4b97-4a34-1c510a6863cb
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Feature-Policy
geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; fullscreen 'self'; payment 'none'; usb 'none';
Accept-Ranges
bytes
Encoding
UTF-8
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Util object| util function| __values$1 function| Cookie function| __awaiter function| __generator function| Sso function| __values

4 Cookies

Domain/Path Name / Value
.webapps.datev.de/ Name: DP-WEBAPPS-ORIURI
Value: aHR0cHM6Ly93ZWJhcHBzLmRhdGV2LmRlL3dvcGwvRkMvRkM=
.webapps.datev.de/ Name: DP-WEBAPPS-HMACURI
Value: ImZv47JlABoojZgdmCveW+bgJ0bS90IzZWh8pDz3kt8=
.webapps.datev.de/ Name: DP-OID-STATE-TOKEN
Value: MWNjZDE5ZWUtZGVmMC00ZDQ4LWJkZGMtYWEwMjk5YjdhZmZlO0hhemh4YXNRUTFvMTRHaSsyV2VOSGgxS2dZWW0xWEJQS3B5Y1pIK2pyd1E9
.apps.datev.de/ Name: TASF12140f81
Value: 123adfa92403e21c05c3947c32d7fb22ad2e748ea5c79e9b6409eebb55cb985d304cd1e712d8b784bdf672d6fa40802e778894642f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none';connect-src 'self';base-uri 'self';font-src 'self' https://apps.datev.de data:;form-action 'self';frame-ancestors 'self' https://webapps.datev.de;img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https://apps.datev.de;upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0