urlscan.io logo urlscan.io
SecurityTrails logo

identity.db.com Open in urlscan Pro
2a02:26f0:480:23::1726:6291  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://synergy.service4db.com/
Effective URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sal...
Submission: On July 13 via automatic, source certstream-suspicious — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a02:26f0:480:23::1726:6291, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is identity.db.com.
TLS certificate: Issued by DigiCert EV RSA CA G2 on February 8th 2024. Valid for: a year.
This is the only time identity.db.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.19.203.161 16276 (OVH)
2 5 145.239.235.74 16276 (OVH)
11 2a02:26f0:480... 20940 (AKAMAI-ASN1)
14 2
Apex Domain
Subdomains		 Transfer
11 db.com
identity.db.com
193 KB
5 postbank.de
frontend.mobilesales.postbank.de
344 KB
1 service4db.com
synergy.service4db.com
463 B
14 3
Domain Requested by
11 identity.db.com frontend.mobilesales.postbank.de
identity.db.com
5 frontend.mobilesales.postbank.de 2 redirects frontend.mobilesales.postbank.de
1 synergy.service4db.com 1 redirects
14 3

This site contains no links.

Subject Issuer Validity Valid
frontend.mobilesales.postbank.de
DigiCert EV RSA CA G2		 2024-03-20 -
2025-03-19		 a year crt.sh
identity.db.com
DigiCert EV RSA CA G2		 2024-02-08 -
2025-02-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Frame ID: F61819755FB852069FD4FD29B3EDD87B
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Connexion à standard global realm PRODUCTION

Page URL History Show full URLs

  1. https://synergy.service4db.com/ HTTP 307
    https://frontend.mobilesales.postbank.de/synergy/ Page URL
  2. https://frontend.mobilesales.postbank.de/synergy HTTP 302
    https://frontend.mobilesales.postbank.de/eidp?synergy=1 HTTP 302
    https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id... Page URL

Page Statistics

14
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

535 kB
Transfer

2082 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://synergy.service4db.com/ HTTP 307
    https://frontend.mobilesales.postbank.de/synergy/ Page URL
  2. https://frontend.mobilesales.postbank.de/synergy HTTP 302
    https://frontend.mobilesales.postbank.de/eidp?synergy=1 HTTP 302
    https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://synergy.service4db.com/ HTTP 307
  • https://frontend.mobilesales.postbank.de/synergy/

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
frontend.mobilesales.postbank.de/synergy/
Redirect Chain
  • https://synergy.service4db.com/
  • https://frontend.mobilesales.postbank.de/synergy/
456 B
884 B 		Document
General
Check archive.org
Download Go to
Full URL
https://frontend.mobilesales.postbank.de/synergy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
145.239.235.74 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip74.ip-145-239-235.eu
Software
Apache /
Resource Hash
f3e40069952594e1308bd546577e858d2b66c1d31d2c5ce807eec5e6b4fc2960
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload max-age=31536000; IncludeSubDomains; preload
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
293
Content-Type
text/html
Date
Sat, 13 Jul 2024 19:32:47 GMT
ETag
"1c8-6152a1733c248-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Wed, 03 Apr 2024 04:59:42 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; IncludeSubDomains; preload max-age=31536000; IncludeSubDomains; preload
Vary
Accept-Encoding
X-Frame-Options
sameorigin sameorigin
X-XSS-Protection
1; mode=block 1; mode=block

Redirect headers

content-length
259
content-type
text/html; charset=iso-8859-1
date
Sat, 13 Jul 2024 19:32:47 GMT
location
https://frontend.mobilesales.postbank.de/synergy/
server
Apache
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-frame-options
sameorigin
x-xss-protection
1; mode=block
index.2f796113.js
frontend.mobilesales.postbank.de/synergy/assets/ 		760 KB
224 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://frontend.mobilesales.postbank.de/synergy/assets/index.2f796113.js
Requested by
Host: frontend.mobilesales.postbank.de
URL: https://frontend.mobilesales.postbank.de/synergy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
145.239.235.74 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip74.ip-145-239-235.eu
Software
Apache /
Resource Hash
edeacb429cf20260906ce357f8f5094f537e805451da4fbc12b8f32612cc4025
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload, max-age=31536000; IncludeSubDomains; preload
X-Frame-Options sameorigin, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://frontend.mobilesales.postbank.de/synergy/
Origin
https://frontend.mobilesales.postbank.de
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 13 Jul 2024 19:32:47 GMT
Strict-Transport-Security
max-age=31536000; IncludeSubDomains; preload, max-age=31536000; IncludeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Wed, 03 Apr 2024 04:59:42 GMT
Server
Apache
ETag
"be1a3-6152a1733c248-gzip"
X-Frame-Options
sameorigin, sameorigin
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1; mode=block, 1; mode=block
index.301f1609.css
frontend.mobilesales.postbank.de/synergy/assets/ 		854 KB
117 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://frontend.mobilesales.postbank.de/synergy/assets/index.301f1609.css
Requested by
Host: frontend.mobilesales.postbank.de
URL: https://frontend.mobilesales.postbank.de/synergy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
145.239.235.74 , United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip74.ip-145-239-235.eu
Software
Apache /
Resource Hash
301f160976dceb693be3b44531937b19ea15ffb812f97139b8372be87cf5b459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload, max-age=31536000; IncludeSubDomains; preload
X-Frame-Options sameorigin, sameorigin
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Referer
https://frontend.mobilesales.postbank.de/synergy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 13 Jul 2024 19:32:48 GMT
Strict-Transport-Security
max-age=31536000; IncludeSubDomains; preload, max-age=31536000; IncludeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Wed, 03 Apr 2024 04:51:33 GMT
Server
Apache
ETag
"d59b6-61529fa0e5160-gzip"
X-Frame-Options
sameorigin, sameorigin
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-XSS-Protection
1; mode=block, 1; mode=block
Primary Request auth
identity.db.com/auth/realms/global/protocol/openid-connect/
Redirect Chain
  • https://frontend.mobilesales.postbank.de/synergy
  • https://frontend.mobilesales.postbank.de/eidp?synergy=1
  • https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de...
20 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Requested by
Host: frontend.mobilesales.postbank.de
URL: https://frontend.mobilesales.postbank.de/synergy/assets/index.2f796113.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
f111010bf61477e12e1411e64cc249d3e2e3596bd13fa88b179ed8ddaa6cc58c
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://frontend.mobilesales.postbank.de/synergy/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Language
fr
Content-Length
20405
Content-Security-Policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Referrer-Policy
no-referrer
Server
Apache
Strict-Transport-Security
max-age=31536000 max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-DB-NAR
120194-2
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
max-age=0, must-revalidate, no-cache, no-store, private
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 13 Jul 2024 19:32:48 GMT
Keep-Alive
timeout=5, max=98
Location
https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Server
Apache
Strict-Transport-Security
max-age=31536000; IncludeSubDomains; preload
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
X-Powered-By
PHP/7.4.33
X-XSS-Protection
1; mode=block
patternfly.css
identity.db.com/auth/resources/c3ain/login/dynamic/lib/patternfly/css/ 		265 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/lib/patternfly/css/patternfly.css
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
61be3eab5f2e821e8eddf79ee35ee8af6336c3b608546a9a9dbca4e4a1650d5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
39557
X-XSS-Protection
1; mode=block
zocial.css
identity.db.com/auth/resources/c3ain/login/dynamic/lib/zocial/ 		43 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/lib/zocial/zocial.css
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
1cd1769a899ea4dd16da89e7a10db29a519bd817e094f058bade93b1e4d5aeb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
22580
X-XSS-Protection
1; mode=block
login.css
identity.db.com/auth/resources/c3ain/login/dynamic/css/ 		35 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/css/login.css
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
d55b2bdface4586c18498610ebce9c7b80edf51af2687fae10abb088089065f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
6930
X-XSS-Protection
1; mode=block
validation.js
identity.db.com/auth/resources/c3ain/login/dynamic/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/js/validation.js
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
1ad848c1e481f7987047ae25e40f7916575ca5462f993f2f0163b72a2286aa37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMS80bVVadW10RUJIMjlJbmRLZE8wRnBmRmNnMEQzZWg1cz0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
1155
X-XSS-Protection
1; mode=block
common_logo.png
identity.db.com/auth/resources/c3ain/login/dynamic/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/img/common_logo.png
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
7d1564b7bf24afc8fb44063c858393ba863482878360bff0915c54e40a087058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-DB-NAR
120194-2
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
3575
X-XSS-Protection
1; mode=block
db_logo_1366.png
identity.db.com/auth/resources/c3ain/login/dynamic/img/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/img/db_logo_1366.png
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
2d9a52b1dcfda7179328e38b911896207d0e0be55c28ed406652b75fd1a0e039
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-DB-NAR
120194-2
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Server
Apache
DB-Nickname
VTJGc2RHVmtYMS80bVVadW10RUJIMjlJbmRLZE8wRnBmRmNnMEQzZWg1cz0=
Date
Sat, 13 Jul 2024 19:32:48 GMT
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
20867
X-XSS-Protection
1; mode=block
forgot_password.png
identity.db.com/auth/resources/c3ain/login/dynamic/img/ 		203 B
677 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/img/forgot_password.png
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/realms/global/protocol/openid-connect/auth?response_type=code&client_id=171554-1_Mobile_Sales_App_MSA-PB-BMA&redirect_uri=https%3A%2F%2Ffrontend.mobilesales.postbank.de%2Feidp
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
cbed491c80d516fc7b4198cea3c2b92af7d9a105d003030a4aee14b152c159d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-DB-NAR
120194-2
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Server
Apache
DB-Nickname
VTJGc2RHVmtYMS80bVVadW10RUJIMjlJbmRLZE8wRnBmRmNnMEQzZWg1cz0=
Date
Sat, 13 Jul 2024 19:32:49 GMT
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
203
X-XSS-Protection
1; mode=block
fa-solid-900.woff2
identity.db.com/auth/resources/c3ain/login/dynamic/webfonts/ 		73 KB
73 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/webfonts/fa-solid-900.woff2
Requested by
Host: identity.db.com
URL: https://identity.db.com/auth/resources/c3ain/login/dynamic/css/login.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
4f9ee3d8f6e621642979e6a8f7e75c57cb9da34918cc08a38abfe178dbae1dd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://identity.db.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:49 GMT
Vary
Accept-Encoding
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
74266
X-XSS-Protection
1; mode=block
favicon.ico
identity.db.com/auth/resources/c3ain/login/dynamic/img/ 		318 B
652 B 		Other
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/img/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
48001216f4e41faf7a1cd71dde0fefca2e3899787b67b9067d1c6eb9f4f9996a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
X-DB-NAR
120194-2
Server
Apache
DB-Nickname
VTJGc2RHVmtYMS80bVVadW10RUJIMjlJbmRLZE8wRnBmRmNnMEQzZWg1cz0=
Date
Sat, 13 Jul 2024 19:32:49 GMT
Vary
Accept-Encoding
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
116
X-XSS-Protection
1; mode=block
favicon-32x32.png
identity.db.com/auth/resources/c3ain/login/dynamic/img/ 		804 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://identity.db.com/auth/resources/c3ain/login/dynamic/img/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:23::1726:6291 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
5f7049f9e007532043c0ce1ddb890cda91a83922b26ec4a698d6a9b5f5619bf5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000, max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000, max-age=31536000; includeSubDomains
X-DB-NAR
120194-2
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Server
Apache
DB-Nickname
VTJGc2RHVmtYMThNRW0yMzlwYjRxZWtaVEJDY1EvNGVVWTQ5YXZtYnZmST0=
Date
Sat, 13 Jul 2024 19:32:49 GMT
Content-Type
image/png
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
804
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| submitForm function| validateForm function| disclaimerValidator function| validateEmail function| notNull function| notNullValidator function| emailValidator function| passwordMatchValidator function| selfRegistrationValidator function| passwordValidator function| setContentHeight object| validationMessages function| opendd

4 Cookies

Domain/Path Name / Value
identity.db.com/auth/realms Name: AUTH_SESSION_ID
Value: 5d9d7760-633b-419b-b98c-4446c9637df3.-sso-ext-prod2-34-fplqv
identity.db.com/auth/realms Name: AUTH_SESSION_ID_LEGACY
Value: 5d9d7760-633b-419b-b98c-4446c9637df3.-sso-ext-prod2-34-fplqv
identity.db.com/auth/realms Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwOGJjMTQyYS0xYzk2LTQ1MjUtYTllNC1iOWEwZjNmYTI4ZDUifQ.eyJjaWQiOiIxNzE1NTQtMV9Nb2JpbGVfU2FsZXNfQXBwX01TQS1QQi1CTUEiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwczovL2Zyb250ZW5kLm1vYmlsZXNhbGVzLnBvc3RiYW5rLmRlL2VpZHAiLCJhY3QiOiJBVVRIRU5USUNBVEUiLCJub3RlcyI6eyJpc3MiOiJodHRwczovL2lkZW50aXR5LmRiLmNvbS9hdXRoL3JlYWxtcy9nbG9iYWwiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vZnJvbnRlbmQubW9iaWxlc2FsZXMucG9zdGJhbmsuZGUvZWlkcCJ9fQ.m3EhTrDJU1d7vx0FsTliGuCXL6e8L7SqzuJZf8t6nws
frontend.mobilesales.postbank.de/ Name: PHPSESSID
Value: vvo81o9csdulovsoi6pm7g5db7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload max-age=31536000; IncludeSubDomains; preload
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1; mode=block 1; mode=block