app.n26.com Open in urlscan Pro
18.158.122.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/3OO3C6t
Effective URL:
https://app.n26.com/referral/nachoa3777
Submission: On November 12 via api (November 12th 2023, 11:30:04 pm UTC) from FI — Scanned from FI

Summary HTTP 23 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 23 HTTP transactions. The main IP is 18.158.122.11, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is app.n26.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on May 5th 2023. Valid for: a year.

This is the only time app.n26.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	108.157.194.98 108.157.194.98	16509 (AMAZON-02) (AMAZON-02)
14	18.158.122.11 18.158.122.11	16509 (AMAZON-02) (AMAZON-02)
6	2600:9000:211... 2600:9000:211e:2400:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.20 18.66.122.20	16509 (AMAZON-02) (AMAZON-02)
2	18.159.68.243 18.159.68.243	16509 (AMAZON-02) (AMAZON-02)
23	4

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.194.98 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-194-98.mxp53.r.cloudfront.net

n26.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 18.158.122.11 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

app.n26.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:211e:2400:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-20.fra60.r.cloudfront.net

videos.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.68.243 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-68-243.eu-central-1.compute.amazonaws.com

spc.n26.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	n26.com 1 redirects n26.com — Cisco Umbrella Rank: 194415 app.n26.com spc.n26.com — Cisco Umbrella Rank: 252509	506 KB
7	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3784 videos.ctfassets.net — Cisco Umbrella Rank: 22882	973 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 6111	283 B
23	3

	Domain	Requested by
14	app.n26.com	app.n26.com
6	images.ctfassets.net	app.n26.com
2	spc.n26.com	app.n26.com
1	videos.ctfassets.net	app.n26.com
1	n26.com	1 redirects
1	bit.ly	1 redirects
23	6

This site contains links to these domains. Also see Links.

Domain
get.n26.com
docs.n26.com
n26.com

Subject Issuer	Validity	Valid
n26.com Amazon RSA 2048 M01	`2023-05-05` - `2024-06-02`	a year	crt.sh
images.ctfassets.net Amazon RSA 2048 M01	`2023-02-28` - `2024-02-16`	a year	crt.sh
assets.ctfassets.net Amazon RSA 2048 M02	`2023-02-28` - `2024-02-15`	a year	crt.sh
spc.n26.com Amazon RSA 2048 M01	`2023-05-08` - `2024-06-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://app.n26.com/referral/nachoa3777
Frame ID: DB4EBE71EF07FD383363CD7C314FD0BA
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nacho invited you to join N26

Page URL History Show full URLs

https://bit.ly/3OO3C6t HTTP 301
https://n26.com/r/nachoa3777 HTTP 301
https://app.n26.com/referral/nachoa3777 Page URL

Detected technologies

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Page Statistics

23
Requests

100 %
HTTPS

17 %
IPv6

3
Domains

6
Subdomains

4
IPs

2
Countries

1478 kB
Transfer

3021 kB
Size

11
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://get.n26.com/?ch=referralPage&rc=nachoa3777
Title: Start free registration

Search URL Search Domain Scan URL

URL: https://docs.n26.com/legal/06+EU/03+Privacy%20Policy/en/01privacy-policy-en.pdf
Title: Privacy Policy (new tab)

Search URL Search Domain Scan URL

URL: https://docs.n26.com/legal/06+EU/03+Privacy+Policy/en/02cookie-policy-en.pdf
Title: Cookie Policy (new tab)

Search URL Search Domain Scan URL

URL: https://n26.com/en-eu/imprint
Title: Imprint (new tab)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/3OO3C6t HTTP 301
https://n26.com/r/nachoa3777 HTTP 301
https://app.n26.com/referral/nachoa3777 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request nachoa3777 Show response
app.n26.com/referral/
Redirect Chain

https://bit.ly/3OO3C6t
https://n26.com/r/nachoa3777
https://app.n26.com/referral/nachoa3777

147 KB
37 KB

408ms
272ms

Document
text/html

18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b08510905926566adbbf44aa26ddb451a70fa9db0e0129958522a69137794440

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* .n26.com n26.com .youtube-nocookie.com youtube-nocookie.com .lpsnmedia.net .liveperson.net js.stripe.com https://widgets.marqeta.com;connect-src 'self' https://spc.n26.com wss://tsock.us1.twilio.com wss://lo.msg.liveperson.net .liveperson.net blob: s3.eu-central-1.amazonaws.com cdn.number26.de;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com .lpsnmedia.net message-templates-assets.tech26.de cdn.number26.de;media-src videos.contentful.com videos.ctfassets.net .lpsnmedia.net 'self' blob:;object-src 'none';style-src 'unsafe-inline' 'self';script-src 'self' cdn.number26.de 'unsafe-inline' .youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com .lpsnmedia.net .liveperson.net js.stripe.com/v3 maps.googleapis.com;worker-src 'self';default-src ;frame-ancestors 'self' .n26.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: fi-FI,fi;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-security-policy: report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.youtube-nocookie.com youtube-nocookie.com *.lpsnmedia.net *.liveperson.net js.stripe.com https://widgets.marqeta.com;connect-src 'self' https://spc.n26.com wss://tsock.us1.twilio.com wss://lo.msg.liveperson.net *.liveperson.net blob: s3.eu-central-1.amazonaws.com cdn.number26.de;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com *.lpsnmedia.net message-templates-assets.tech26.de cdn.number26.de;media-src videos.contentful.com videos.ctfassets.net *.lpsnmedia.net 'self' blob:;object-src 'none';style-src 'unsafe-inline' 'self';script-src 'self' cdn.number26.de 'unsafe-inline' *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com *.lpsnmedia.net *.liveperson.net js.stripe.com/v3 maps.googleapis.com;worker-src 'self';default-src *;frame-ancestors 'self' *.n26.com
content-type: text/html; charset=utf-8
date: Sun, 12 Nov 2023 23:29:56 GMT
etag: W/"24b64-0Gp6rbr/3hcQRwIogOfcdGbOSqo"
feature-policy: accelerometer 'none';autoplay 'none';camera 'none';fullscreen 'none';geolocation 'self';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';notifications 'self';payment 'self';push 'self';speaker 'none';sync-xhr 'none';usb 'none';vibrate 'none';vr 'none'
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https://n26.com/report-csp"}],"include_subdomains":true,"group":"/report-csp","max_age":31536000}
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-ratelimit-limit: 60
x-ratelimit-remaining: 59
x-ratelimit-reset: 1699831857
x-recruiting: We're hiring! https://n26.com/careers | recruiting@n26.com
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-store
content-length: 134
content-type: text/html; charset=utf-8
date: Sun, 12 Nov 2023 23:29:56 GMT
location: https://app.n26.com/referral/nachoa3777
referrer-policy: no-referrer-when-downgrade
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 def985088effa03f9a526a0c6d72487c.cloudfront.net (CloudFront)
x-amz-cf-id: vueqHD2Z0GAw2bHxg9eki2by9Bu6fm6tuTi4PkKVpuhq30LdeiKisg==
x-amz-cf-pop: MXP53-P2
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-ratelimit-limit: 60
x-ratelimit-remaining: 59
x-ratelimit-reset: 1699831857
x-robots-tag: noindex
x-xss-protection: 1; mode=block

GET
H2 200 GT-America-Standard-Regular.latin.woff2
app.n26.com/build/fonts/ 13 KB
14 KB 122ms
118ms Font
font/woff2 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/fonts/GT-America-Standard-Regular.latin.woff2

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.n26.com/
Origin: https://app.n26.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
last-modified: Fri, 10 Nov 2023 09:32:47 GMT
server: nginx
etag: W/"3550-18bb893aa18"
content-type: font/woff2
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 13648
x-xss-protection: 1; mode=block

GET
H2 200 GT-America-Extended-Medium.latin.woff2
app.n26.com/build/fonts/ 21 KB
21 KB 123ms
120ms Font
font/woff2 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/fonts/GT-America-Extended-Medium.latin.woff2

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

fdc5236b3efa02f88b747ff3d49c0a38a738f77d9d26bfa3046d2b284a0f305d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.n26.com/
Origin: https://app.n26.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
last-modified: Fri, 10 Nov 2023 09:32:47 GMT
server: nginx
etag: W/"52d8-18bb893aa18"
content-type: font/woff2
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 21208
x-xss-protection: 1; mode=block

GET
H2 200 client.f61a9b18.css
app.n26.com/build/css/ 40 KB
5 KB 122ms
120ms Stylesheet
text/css 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/css/client.f61a9b18.css

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

1cde61595de3d59850bf836abacf59eff8b0c39292134eaf6f241bb8c67d467d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"1473-18bb89ba510"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 5235
x-xss-protection: 1; mode=block

GET
H2 200 webpack-runtime.cf16c5df.js Show response
app.n26.com/build/js/ 16 KB
6 KB 123ms
120ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/webpack-runtime.cf16c5df.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d080fa93ca4ce4c40f969a2a0f93dc0115332418adf95550879669c09759564f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"1728-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 5928
x-xss-protection: 1; mode=block

GET
H2 200 util_vendor.76b62dc2.js Show response
app.n26.com/build/js/ 199 KB
44 KB 121ms
119ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/util_vendor.76b62dc2.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

3231bf5d6a6004d1c16dc749313462674b6084248e2fbf8e8895c43d38b9440a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"ad97-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 44439
x-xss-protection: 1; mode=block

GET
H2 200 react_vendor.780b89c5.js Show response
app.n26.com/build/js/ 149 KB
42 KB 118ms
116ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/react_vendor.780b89c5.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e4483ea24c53f6d2bd2ddffed60d83ae6364c80b49542eaed41192e698d4c17e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"a69d-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 42653
x-xss-protection: 1; mode=block

GET
H2 200 4616.817d3883.js Show response
app.n26.com/build/js/ 732 KB
172 KB 63ms
61ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/4616.817d3883.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

b115e17739c6f9ce1c359e91b3d7d021aae792746bb10272aa950375a89f1499

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"2afc5-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 176069
x-xss-protection: 1; mode=block

GET
H2 200 client.ae2a4842.js Show response
app.n26.com/build/js/ 550 KB
102 KB 123ms
121ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/client.ae2a4842.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

991d11451334129bc4280d083dbe098a8b9c0f26c0ca45a44c0796d073e59b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"194b9-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 103609
x-xss-protection: 1; mode=block

GET
H2 200 8011.13cba072.js Show response
app.n26.com/build/js/ 113 KB
30 KB 123ms
121ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/8011.13cba072.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d3cfaaa30db1a8b49f3ca7143fcc6d121e11e39780a4beba8472625b158cae2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"7720-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 30496
x-xss-protection: 1; mode=block

GET
H2 200 5055.4e27a5c7.js Show response
app.n26.com/build/js/ 13 KB
5 KB 119ms
118ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/5055.4e27a5c7.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

79b15bfea8b8b1885c2f335ddbd698647cee77207e28afc147fd8c95a43df689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"1112-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 4370
x-xss-protection: 1; mode=block

GET
H2 200 RefereeLanding.a4ccf89c.js Show response
app.n26.com/build/js/ 44 KB
11 KB 123ms
122ms Script
application/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/js/RefereeLanding.a4ccf89c.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dc6b4b5561f5aa0fc0dc6f38fc3da9a20e62deb13fc7c91a0d6e3fa0c10364ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-encoding: br
referrer-policy: no-referrer-when-downgrade
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Fri, 10 Nov 2023 09:41:30 GMT
server: nginx
x-content-type-options: nosniff
etag: W/"2a4a-18bb89ba510"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 10826
x-xss-protection: 1; mode=block

GET
H2 200 party-light.png
images.ctfassets.net/iv7ikzngu0lb/5M5DbEJQ3gkqHICdJx2YKm/1f24bc2f0f1b52925b4f351724714485/ 1 KB
2 KB 199ms
59ms Image
image/png 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/5M5DbEJQ3gkqHICdJx2YKm/1f24bc2f0f1b52925b4f351724714485/party-light.png
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 71cd0e75c6f982dd58a622e7128b07b77edbdd482fc47f6420f69341b0a66895

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 05:56:50 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 08:43:28 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 63188
etag: "55afad3cfe6e4f7e2c1b601c17272520"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1397
x-amz-cf-id: WuW_qzJJZ6IRt6kYLWbXPIJ4h6Wr8mHxI_BH3bzXyffF9EQgwICcDw==

GET
H2 200 id-document-check.png
images.ctfassets.net/iv7ikzngu0lb/4yIvyo0pY53PqA0Uf2Rzxf/3327de253658efcb42e38e3b072c2036/ 1 KB
1 KB 200ms
60ms Image
image/png 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/4yIvyo0pY53PqA0Uf2Rzxf/3327de253658efcb42e38e3b072c2036/id-document-check.png
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 7f947dccc25fc916dd7fd7cacca71901cf36cc1434f028ac2e37d3c046824e06

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 06:51:45 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 08:44:06 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 59893
etag: "2136ba9654ffe114a8aab7c1bf2199f6"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1119
x-amz-cf-id: 78E3NvzKaVd2u4NhDS9eJcTdonwkIEa1UvB6CN-gceAgkLSYte_d_w==

GET
H2 200 friend-referral-light.png
images.ctfassets.net/iv7ikzngu0lb/2LTkRbpDBaiGCK9QHgTXJA/0fb9699db0dc5e92bfeb8bf621121726/ 1 KB
2 KB 189ms
58ms Image
image/png 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/2LTkRbpDBaiGCK9QHgTXJA/0fb9699db0dc5e92bfeb8bf621121726/friend-referral-light.png
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 8cfb09c7189f81f4ae0a98cfe25477fb6b9e9f9e2c364b0cdec4f228a5d737c0

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 02:50:46 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 08:44:46 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 74352
etag: "2682fc5681464a43ee3525d2fe1352be"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1264
x-amz-cf-id: pKmitPjCGruN5XBXkq0n1dFJmcpcCkCcW4WxrXALm9nZRq2QqKqJKg==

GET
H2 200 cards.png
images.ctfassets.net/iv7ikzngu0lb/6hMXWE6q72mHcbOurRyU1L/39400928941e56adf05272afc2797082/ 26 KB
26 KB 189ms
58ms Image
image/png 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/6hMXWE6q72mHcbOurRyU1L/39400928941e56adf05272afc2797082/cards.png
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: ee77be8d2daf34ab46ef80ae3886fcab14a1a0ae39c4f0bc0a3be1f13f837e47

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 05:56:50 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 08:40:26 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 63188
etag: "3bb0355b8404bb93dfae0d131420682c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 26493
x-amz-cf-id: tD88btgCLfFw17RTbz-4sWQNp9tQ1a_Kl2btlDMKhAE9YjukEYU86Q==

GET
H2 200 SPACES_LP_EN_MODULE2.webp
images.ctfassets.net/iv7ikzngu0lb/6HK9q0NfNfzEQW1ZN5iDGs/e290d24390fc4d341999804be8711b8e/ 7 KB
7 KB 190ms
59ms Image
image/webp 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/6HK9q0NfNfzEQW1ZN5iDGs/e290d24390fc4d341999804be8711b8e/SPACES_LP_EN_MODULE2.webp
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 62f8bd17536583134ee0329ce5ab4e101a0c7e38f8913db6ba561395d658b5aa

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 04:24:17 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 08:41:16 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 68741
etag: "4bd934e2e855f76a5890886037f1ecb6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 6892
x-amz-cf-id: YUEglall6rT2v9jMlaDSUkCtExVHyGtTM7HVZ5089gQNrBKr7lEUCw==

GET
H2 200 InstantBankTransfer_WebLP_Static_1400x1400_EN.webp
images.ctfassets.net/iv7ikzngu0lb/58Nlmcxxghr69W6vSzGift/ceb569ac4be4f978ee8a66be5c76206a/ 18 KB
18 KB 190ms
60ms Image
image/webp 2600:9000:211e:2400:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/iv7ikzngu0lb/58Nlmcxxghr69W6vSzGift/ceb569ac4be4f978ee8a66be5c76206a/InstantBankTransfer_WebLP_Static_1400x1400_EN.webp
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:2400:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 63f15a293798bc57a9e52abc5506d78706e3466bb122863e8dde28117f3e65fe

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 06:13:59 GMT
via: 1.1 aff6ac5c98fa897349204752e5877c80.cloudfront.net (CloudFront)
last-modified: Fri, 15 Jul 2022 09:12:38 GMT
server: Contentful Images API
x-amz-cf-pop: FRA56-C2
age: 62159
etag: "d6cf611345ce2b3aa9753902b4a4999b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 18432
x-amz-cf-id: -3LefITkl8dTE5nzXk_SKSFP8bt_qN8xb5llIKVHM80go4w8u550fQ==

GET
H2 200 polyfill.min.js Show response
app.n26.com/js/ 101 B
1 KB 214ms
213ms Script
text/javascript 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/js/polyfill.min.js

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Content-Security-Policy	report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* .n26.com n26.com .youtube-nocookie.com youtube-nocookie.com .lpsnmedia.net .liveperson.net js.stripe.com https://widgets.marqeta.com;connect-src 'self' https://spc.n26.com wss://tsock.us1.twilio.com wss://lo.msg.liveperson.net .liveperson.net blob: s3.eu-central-1.amazonaws.com cdn.number26.de;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com .lpsnmedia.net message-templates-assets.tech26.de cdn.number26.de;media-src videos.contentful.com videos.ctfassets.net .lpsnmedia.net 'self' blob:;object-src 'none';style-src 'unsafe-inline' 'self';script-src 'self' cdn.number26.de 'unsafe-inline' .youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com .lpsnmedia.net .liveperson.net js.stripe.com/v3 maps.googleapis.com;worker-src 'self';default-src ;frame-ancestors 'self' .n26.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fi-FI,fi;q=0.9
Referer: https://app.n26.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
content-security-policy: report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.youtube-nocookie.com youtube-nocookie.com *.lpsnmedia.net *.liveperson.net js.stripe.com https://widgets.marqeta.com;connect-src 'self' https://spc.n26.com wss://tsock.us1.twilio.com wss://lo.msg.liveperson.net *.liveperson.net blob: s3.eu-central-1.amazonaws.com cdn.number26.de;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com *.lpsnmedia.net message-templates-assets.tech26.de cdn.number26.de;media-src videos.contentful.com videos.ctfassets.net *.lpsnmedia.net 'self' blob:;object-src 'none';style-src 'unsafe-inline' 'self';script-src 'self' cdn.number26.de 'unsafe-inline' *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com *.lpsnmedia.net *.liveperson.net js.stripe.com/v3 maps.googleapis.com;worker-src 'self';default-src *;frame-ancestors 'self' *.n26.com
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 10 Nov 2023 10:30:12 GMT
server: nginx
x-ratelimit-remaining: 58
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
feature-policy: accelerometer 'none';autoplay 'none';camera 'none';fullscreen 'none';geolocation 'self';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';notifications 'self';payment 'self';push 'self';speaker 'none';sync-xhr 'none';usb 'none';vibrate 'none';vr 'none'
x-ratelimit-reset: 1699831857
x-ratelimit-limit: 60

GET
H2 206 Friend_referal_650x650_v01.mp4
videos.ctfassets.net/iv7ikzngu0lb/3SoEW3A7oJx6p9w7R9jjQy/32140b4c5e11541afe89f3d370bf8add/ 915 KB
917 KB 353ms
65ms Media
video/mp4 18.66.122.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://videos.ctfassets.net/iv7ikzngu0lb/3SoEW3A7oJx6p9w7R9jjQy/32140b4c5e11541afe89f3d370bf8add/Friend_referal_650x650_v01.mp4
Requested by: Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-20.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b139315ed4ed30cbdc4f3238619e95885e15570631f71fdf02941bb4f6c390cd

Request headers

Referer: https://app.n26.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: xHlgZZsF1IZUVK1FtiEqbqoBf8vSOG3W
date: Sun, 12 Nov 2023 04:04:37 GMT
via: 1.1 d4f777a2d5a6d5aeb7eb6201b41775ea.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
age: 69920
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
Content-Range: bytes 0-937182/937183
x-amz-replication-status: COMPLETED
Content-Length: 937183
last-modified: Fri, 15 Jul 2022 08:33:10 GMT
server: AmazonS3
etag: "618f6ef07d51de70fc50f7a4163e6c28"
access-control-max-age: 86400
access-control-allow-methods: GET, HEAD
content-type: video/mp4
access-control-allow-origin: *
cache-control: max-age=2592000
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 4YZpHOc6J5cBIL--q59bh7B0rWoHwmmgP2GRYi6Iuj-2sY-HRZchmw==

GET
H2 200 GT-America-Standard-Medium.latin.woff2
app.n26.com/build/fonts/ 14 KB
14 KB 72ms
71ms Font
font/woff2 18.158.122.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.n26.com/build/fonts/GT-America-Standard-Medium.latin.woff2

Requested by

Host: app.n26.com
URL: https://app.n26.com/referral/nachoa3777

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.158.122.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-122-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e1c2d323b6b5d86a647a34092f9c18b935f807b46f924578865a738f7b518f10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://app.n26.com/referral/nachoa3777
Origin: https://app.n26.com
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Sun, 12 Nov 2023 23:29:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
last-modified: Fri, 10 Nov 2023 09:32:47 GMT
server: nginx
etag: W/"3830-18bb893aa18"
content-type: font/woff2
cache-control: public, max-age=864000
accept-ranges: bytes
content-length: 14384
x-xss-protection: 1; mode=block

POST
H2 200 tp2 Show response
spc.n26.com/com.snowplowanalytics.snowplow/ 2 B
344 B 182ms
66ms XHR
text/plain 18.159.68.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://spc.n26.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: app.n26.com
URL: https://app.n26.com/build/js/4616.817d3883.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.68.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-68-243.eu-central-1.compute.amazonaws.com
Software: envoy /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://app.n26.com/
accept-language: fi-FI,fi;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Sun, 12 Nov 2023 23:29:58 GMT
server: envoy
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://app.n26.com
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
content-length: 2

OPTIONS
H2 200 tp2
spc.n26.com/com.snowplowanalytics.snowplow/ 0
0 192ms
64ms Preflight 18.159.68.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://spc.n26.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.159.68.243 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-159-68-243.eu-central-1.compute.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://app.n26.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://app.n26.com
access-control-max-age: 3600
content-length: 0
date: Sun, 12 Nov 2023 23:29:57 GMT
server: envoy
x-envoy-upstream-service-time: 7

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bit.ly/	1970-01-20 20:29:43	Name: _bit Value: nacntU-4c51bcccc6722a7d55-00r
n26.com/	1969-12-31 23:59:59	Name: n26.csrf Value: s%3AQqLOsFwE9Dn-1DVReHuBB27d.4y%2BtPdwm5wDZ9uTusY40EYGTq7V33B%2FZXLxD9fd6TmM
.n26.com/	1970-01-20 20:32:36	Name: num26DeviceToken Value: s%3Ae60b675f-4901-4824-98fb-51a4355c2ebc.rwRpoiCIptlR4wFnck5NXHeEjoAybIvwzd%2B259%2B58lQ
app.n26.com/	1969-12-31 23:59:59	Name: n26.csrf Value: s%3AeHq_tBQRmLqCiQuSwotOMnbd.tdeVm%2B5Kws1MOFe3HMR5oGNnE6s64lIra38sCJ6rmV4
.n26.com/	1969-12-31 23:59:59	Name: n26.timezone Value: -120
.n26.com/	1969-12-31 23:59:59	Name: n26.timezone_identifier Value: Europe%2FHelsinki
.n26.com/	1970-01-20 16:10:33	Name: _sp_ses.5b99 Value: *
.n26.com/	1969-12-31 23:59:59	Name: num26ReferralCode Value: nachoa3777
.n26.com/	1970-01-21 01:46:31	Name: _sp_id.5b99 Value: 43fa7db2-af4e-48f9-8f40-a5cf9a14a981.1699831798.1.1699831798..ee58bcce-dbd8-4033-9628-85fa1f0eacbd..08e92fc0-6656-49f2-a767-d06422c41c7d.1699831797711.1
.n26.com/	1969-12-31 23:59:59	Name: n26.render_js_version Value: true
spc.n26.com/	1970-01-21 00:56:07	Name: sp Value: 87b4cf5b-dd5f-4e2b-a6d2-e89daec0de6f

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* .n26.com n26.com .youtube-nocookie.com youtube-nocookie.com .lpsnmedia.net .liveperson.net js.stripe.com https://widgets.marqeta.com;connect-src 'self' https://spc.n26.com wss://tsock.us1.twilio.com wss://lo.msg.liveperson.net .liveperson.net blob: s3.eu-central-1.amazonaws.com cdn.number26.de;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com .lpsnmedia.net message-templates-assets.tech26.de cdn.number26.de;media-src videos.contentful.com videos.ctfassets.net .lpsnmedia.net 'self' blob:;object-src 'none';style-src 'unsafe-inline' 'self';script-src 'self' cdn.number26.de 'unsafe-inline' .youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com .lpsnmedia.net .liveperson.net js.stripe.com/v3 maps.googleapis.com;worker-src 'self';default-src ;frame-ancestors 'self' .n26.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.n26.com
bit.ly
images.ctfassets.net
n26.com
spc.n26.com
videos.ctfassets.net
108.157.194.98
18.158.122.11
18.159.68.243
18.66.122.20
2600:9000:211e:2400:12:94b3:c380:93a1
67.199.248.10
1cde61595de3d59850bf836abacf59eff8b0c39292134eaf6f241bb8c67d467d
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
3231bf5d6a6004d1c16dc749313462674b6084248e2fbf8e8895c43d38b9440a
57b016225d321a77e0a129515f4436a9bcd53cd6ba8dcd32a96b95ec55d7a785
62f8bd17536583134ee0329ce5ab4e101a0c7e38f8913db6ba561395d658b5aa
63f15a293798bc57a9e52abc5506d78706e3466bb122863e8dde28117f3e65fe
71cd0e75c6f982dd58a622e7128b07b77edbdd482fc47f6420f69341b0a66895
79b15bfea8b8b1885c2f335ddbd698647cee77207e28afc147fd8c95a43df689
7f947dccc25fc916dd7fd7cacca71901cf36cc1434f028ac2e37d3c046824e06
8cfb09c7189f81f4ae0a98cfe25477fb6b9e9f9e2c364b0cdec4f228a5d737c0
991d11451334129bc4280d083dbe098a8b9c0f26c0ca45a44c0796d073e59b80
b08510905926566adbbf44aa26ddb451a70fa9db0e0129958522a69137794440
b115e17739c6f9ce1c359e91b3d7d021aae792746bb10272aa950375a89f1499
b139315ed4ed30cbdc4f3238619e95885e15570631f71fdf02941bb4f6c390cd
d080fa93ca4ce4c40f969a2a0f93dc0115332418adf95550879669c09759564f
d3cfaaa30db1a8b49f3ca7143fcc6d121e11e39780a4beba8472625b158cae2f
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
dc6b4b5561f5aa0fc0dc6f38fc3da9a20e62deb13fc7c91a0d6e3fa0c10364ba
e1c2d323b6b5d86a647a34092f9c18b935f807b46f924578865a738f7b518f10
e4483ea24c53f6d2bd2ddffed60d83ae6364c80b49542eaed41192e698d4c17e
ee77be8d2daf34ab46ef80ae3886fcab14a1a0ae39c4f0bc0a3be1f13f837e47
fdc5236b3efa02f88b747ff3d49c0a38a738f77d9d26bfa3046d2b284a0f305d

app.n26.com Open in urlscan Pro 18.158.122.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

17 %IPv6

3 Domains

6 Subdomains

4 IPs

2 Countries

1478 kBTransfer

3021 kBSize

11 Cookies

4 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

11 Cookies

5 Console Messages

Security Headers

Indicators

app.n26.com Open in urlscan Pro
18.158.122.11 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

17 %
IPv6

3
Domains

6
Subdomains

4
IPs

2
Countries

1478 kB
Transfer

3021 kB
Size

11
Cookies

23 HTTP transactions
0 data transactions