www.bahn.de Open in urlscan Pro
2.17.191.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.bahn.de/bahncard
Effective URL:
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Submission: On June 23 via api (June 23rd 2020, 1:25:02 pm UTC) from US

Summary HTTP 61 Redirects Links 32 Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 9 domains to perform 61 HTTP transactions. The main IP is 2.17.191.209, located in Ascension Island and belongs to AKAMAI-AS, US. The main domain is www.bahn.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 10th 2020. Valid for: a year.

This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 37	2.17.191.209 2.17.191.209	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:6c0... 2a02:26f0:6c00:19b::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	3.221.196.58 3.221.196.58	14618 (AMAZON-AES) (AMAZON-AES)
1	23.43.121.57 23.43.121.57	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.187.49 2.16.187.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	15.236.175.233 15.236.175.233	16509 (AMAZON-02) (AMAZON-02)
2	81.200.197.91 81.200.197.91	34156 (BAHN-AS-BLN) (BAHN-AS-BLN)
2	54.156.161.55 54.156.161.55	14618 (AMAZON-AES) (AMAZON-AES)
3	84.53.165.61 84.53.165.61	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	37.157.2.235 37.157.2.235	198622 (ADFORM) (ADFORM)
2	37.157.2.248 37.157.2.248	198622 (ADFORM) (ADFORM)
2	2600:9000:215... 2600:9000:215d:da00:1e:7aca:b8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
2	85.14.248.91 85.14.248.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	178.250.2.151 178.250.2.151	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
61	17

37 2.17.191.209 (Ascension Island) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-191-209.deploy.static.akamaitechnologies.com

www.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:19b::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.221.196.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-221-196-58.compute-1.amazonaws.com

vis.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.121.57 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-121-57.deploy.static.akamaitechnologies.com

a791773171.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.187.49 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-187-49.deploy.static.akamaitechnologies.com

www.static-bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.175.233 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

st.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.200.197.91 (Germany)

ASN34156 (BAHN-AS-BLN, DE)

ps.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.156.161.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-161-55.compute-1.amazonaws.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 84.53.165.61 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a84-53-165-61.deploy.static.akamaitechnologies.com

www.img-bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)

zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.235 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.248 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:215d:da00:1e:7aca:b8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.m-pathy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.14.248.91 (Meerbusch, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	bahn.de 2 redirects www.bahn.de st.bahn.de ps.bahn.de	909 KB
6	adform.net 2 redirects dmp.adform.net s2.adform.net track.adform.net	30 KB
5	optimizely.com cdn.optimizely.com vis.optimizely.com a791773171.cdn.optimizely.com logx.optimizely.com	193 KB
4	qualtrics.com zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com siteintercept.qualtrics.com	41 KB
3	img-bahn.de www.img-bahn.de	34 KB
2	exactag.com m.exactag.com	4 KB
2	m-pathy.com cdn.m-pathy.com	22 KB
1	criteo.com sslwidget.criteo.com	1 KB
1	static-bahn.de www.static-bahn.de
61	9

	Domain	Requested by
37	www.bahn.de	2 redirects www.bahn.de
3	siteintercept.qualtrics.com	zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
3	www.img-bahn.de	ps.bahn.de
2	m.exactag.com	www.bahn.de m.exactag.com
2	track.adform.net	1 redirects s2.adform.net
2	cdn.m-pathy.com	www.bahn.de cdn.m-pathy.com
2	s2.adform.net	www.bahn.de
2	dmp.adform.net	1 redirects s2.adform.net
2	logx.optimizely.com	cdn.optimizely.com
2	ps.bahn.de	www.bahn.de www.img-bahn.de
2	st.bahn.de	www.bahn.de
1	sslwidget.criteo.com	www.bahn.de
1	zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com	www.bahn.de
1	www.static-bahn.de	www.bahn.de
1	a791773171.cdn.optimizely.com	cdn.optimizely.com
1	vis.optimizely.com	cdn.optimizely.com
1	cdn.optimizely.com	www.bahn.de
61	17

This site contains links to these domains. Also see Links.

Domain
www.bahn.com
wl.hrs.de
fahrkarten.bahn.de
www.db-gruppen.de
reiseauskunft.bahn.de
bauinfos.deutschebahn.com
www.der-kleine-ice.de
inside.bahn.de
www.bahnbonus-freizeitwelt.de
www.youtube.com
www.facebook.com
twitter.com
www.instagram.com
youtube.com
community.bahn.de
itunes.apple.com
play.google.com
www.deutschebahn.com
bahnshop.de

Subject Issuer	Validity	Valid
www.bahn.de DigiCert SHA2 Extended Validation Server CA	`2020-01-10` - `2021-04-07`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
vis.optimizely.com Amazon	`2020-05-26` - `2021-06-26`	a year	crt.sh
*.cdn.optimizely.com GeoTrust RSA CA 2018	`2020-03-05` - `2021-06-04`	a year	crt.sh
subsites.bahn.de Let's Encrypt Authority X3	`2020-05-06` - `2020-08-04`	3 months	crt.sh
st.bahn.de DigiCert SHA2 High Assurance Server CA	`2020-03-02` - `2021-06-09`	a year	crt.sh
ps.bahn.de Let's Encrypt Authority X3	`2020-06-13` - `2020-09-11`	3 months	crt.sh
logx.optimizely.com DigiCert SHA2 High Assurance Server CA	`2018-10-01` - `2020-10-05`	2 years	crt.sh
www.img-bahn.de DigiCert SHA2 Secure Server CA	`2020-02-19` - `2021-04-14`	a year	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2018-10-08` - `2021-01-06`	2 years	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.m-pathy.com Amazon	`2020-01-28` - `2021-02-28`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-06-22` - `2020-09-20`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Frame ID: DADC51BD0BD0629CEBC07D4E86B148ED
Requests: 58 HTTP requests in this frame

Frame: https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Frame ID: A85464E6FFF6E8EB5E60AA40A555FCF7
Requests: 1 HTTP requests in this frame

Frame: https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Frame ID: B1A36A13EA1C813FB869D5A318408C24
Requests: 1 HTTP requests in this frame

Frame: https://ps.bahn.de/common/content/html/lmiframe.html
Frame ID: 89A91955EF3E87798048F833CDE0C852
Requests: 5 HTTP requests in this frame

Frame: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=BFfVsh0aXLz5&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D
Frame ID: 045465139F4B837351CFBF7D4C1FFDF7
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/px.aspx?id=98b8efcb3dfa4d048e7511d85968a245
Frame ID: 8613ABA112732032B04FB1BD6B1C6DD6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01 Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /optimizely\.com.*\.js/i

Page Statistics

61
Requests

100 %
HTTPS

13 %
IPv6

9
Domains

17
Subdomains

17
IPs

6
Countries

1232 kB
Transfer

3552 kB
Size

17
Cookies

32 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bahn.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.bahn.com/cs/view/index.shtml#slc
Title: Český

Search URL Search Domain Scan URL

URL: https://www.bahn.com/da/view/index.shtml#slc
Title: Dansk

Search URL Search Domain Scan URL

URL: https://www.bahn.com/en/view/index.shtml#slc
Title: English

Search URL Search Domain Scan URL

URL: https://www.bahn.com/es/view/index.shtml#slc
Title: Español

Search URL Search Domain Scan URL

URL: https://www.bahn.com/fr/view/index.shtml#slc
Title: Français

Search URL Search Domain Scan URL

URL: https://www.bahn.com/it/view/index.shtml#slc
Title: Italiano

Search URL Search Domain Scan URL

URL: https://www.bahn.com/nl/view/index.shtml#slc
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://wl.hrs.de/results/?s=1&code=ec95c0a4-f433-4ac4-bde5-6c8a9b3a0458&customerid=1060886022&customerid2=&Location=Ostsee&suggestedId=29549&leisure=0&lang=de&cur=EUR&sortby=recommendation&adults=2&children=0&singleRooms=0&doubleRooms=1&offerscount=12&search=Ostsee?dbkanal_007=L01_S01_D001_KIN0002_topangebot1-H-flex-ostsee-kw24_LZ08
Title: Urlaubshotel zum Flextarif buchen - keine Vorauszahlung und bis Anreisetag stornierbar. Kennzeichnung „Flex“

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/privatkunde/start/start.post?scope=meinebahn&lang=de&country=DEU&dbkanal_007=L01_S01_D001_KIN0004_TOP-NAVI-MEINE-BAHN_LZ01
Title: Meine Bahn

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?lang=de&scope=login&dbkanal_007=L01_S01_D001_KIN0004_TOP-NAVI-LOGIN_LZ01
Title: Login

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?scope=pwvergessen&lang=de
Title: Login-Daten vergessen?

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?scope=bahnreg&lang=de
Title: Erstmalig anmelden

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/grosskunde/start/kmu_start.post?scope=pwvergessen&lang=de
Title: Login-Daten vergessen?

Search URL Search Domain Scan URL

URL: https://www.db-gruppen.de/klassenfahrten?dbkanal_007=L01_S01_D001_KIN_-ta-NAVIGATION-gruppenreisen-klassenfahrten_LZ01
Title: Klassenfahrten mit Übernachtung

Search URL Search Domain Scan URL

URL: https://www.db-gruppen.de/gruppenreisen?dbkanal_007=L01_S01_D001_KIN_-ta-NAVIGATION-gruppenreisen-mituebernachtung_LZ01
Title: Gruppenreisen mit Übernachtung

Search URL Search Domain Scan URL

URL: https://reiseauskunft.bahn.de/bin/bhftafel.exe/dn?dbkanal_007=L01_S01_D001_KIN0011_-_rs_auskunft_NAVIGATION-bahnhofstafel_LZ01
Title: Bahnhofstafel online

Search URL Search Domain Scan URL

URL: https://bauinfos.deutschebahn.com/?dbkanal_007=L01_S01_D001_KIN0011_-_rs_auskunft_NAVIGATION-bauinfos_LZ01
Title: Baustellen-Infos

Search URL Search Domain Scan URL

URL: https://www.der-kleine-ice.de/?dbkanal_007=L01_S01_D001_KIN0011_-_KINDER-NAVIGATION-der-kleine-ICE_LZ01
Title: Der kleine ICE

Search URL Search Domain Scan URL

URL: https://inside.bahn.de/tag/kinder/?dbkanal_007=L01_S01_D001_KIN0011_-_KINDER-NAVIGATION-Inside-Bahn_LZ01
Title: Inside Bahn

Search URL Search Domain Scan URL

URL: https://www.bahnbonus-freizeitwelt.de/
Title: BahnBonus FreizeitWelt

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=tUAnvMm_U5Q
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DBPersonenverkehr/
Title: Deutsche Bahn auf Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/db_bahn
Title: Deutsche Bahn auf Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dbpersonenverkehr/
Title: Deutsche Bahn auf Instagram

Search URL Search Domain Scan URL

URL: https://youtube.com/DBBahn
Title: YouTube Kanal der Deutsche Bahn

Search URL Search Domain Scan URL

URL: https://inside.bahn.de/
Title: Inside Bahn

Search URL Search Domain Scan URL

URL: https://community.bahn.de/
Title: Service Community der Deutsche Bahn

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/de/app/db-navigator/id343555245?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=de.hafas.android.db

Search URL Search Domain Scan URL

URL: http://www.deutschebahn.com/?dbkanal_007=L01_S01_D001_KIN0001_footer-deutschebahn_LZ01
Title: Konzern

Search URL Search Domain Scan URL

URL: https://bahnshop.de/?dbkanal_007=L01_S01_D001_KIN0001_footer-bahnshop_LZ01
Title: Bahnshop

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

https://dmp.adform.net/audiencetag/adformat.js HTTP 301
https://s2.adform.net/banners/scripts/audiencetag/adformat.js

Request Chain 53

https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

61 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.shtml Show response
www.bahn.de/p/view/bahncard/
Redirect Chain

http://www.bahn.de/bahncard
https://www.bahn.de/bahncard
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

65 KB
13 KB

186ms
185ms

Document
text/html

2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0a1c877ecaa033e22abaad722309878b1febc6db2a4762fbe583edf98e045776

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.bahn.de
:scheme: https
:path: /p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html
server: AmazonS3
x-amz-id-2: YR6J+O3c7yMYZjuLoBaxc1z5SHV6c/ygOvVY8JZdcP5MUMnnKH5HeTZgvufYBYPxg/JkXmHMJAQ=
x-amz-request-id: ACCFCFCDBA72D0DA
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=600
date: Tue, 23 Jun 2020 13:24:41 GMT
content-length: 13190
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload

Redirect headers

status: 301
content-type: text/html; charset=iso-8859-1
content-length: 306
server: Apache
x-sp: 2851
location: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
cache-control: max-age=600
date: Tue, 23 Jun 2020 13:24:41 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload

GET
H2 200 portal.min.css
www.bahn.de/common/view/static/04e8fc1a/responsive/css/ 470 KB
98 KB 65ms
62ms Stylesheet
text/css 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 5A83896BC469F845
status: 200
vary: Accept-Encoding
content-length: 99778
x-amz-id-2: sTYc8QUqs19sd6FIfQ09kYTYYipwCNtx2tUC501VOsujRyJ7Rt5EkX+mnTpN0/dwGR5KxBQgCO8=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 softlogin.min.js Show response
www.bahn.de/common/view/static/04e8fc1a/responsive/js/ 63 KB
18 KB 125ms
120ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/js/softlogin.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: FB6AEB0DF693FE65
status: 200
vary: Accept-Encoding
content-length: 18289
x-amz-id-2: SMLv3KRhheK8WBPYLYNT3yeP/WVs9gQ7Qi7YPYyuUXxG2NdjXXg8p9krOIkVLEby8Shv5wehvmA=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 8033263973.js Show response
cdn.optimizely.com/js/ 876 KB
192 KB 44ms
11ms Script
text/javascript 2a02:26f0:6c00:19b::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/8033263973.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:19b::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b0cc3a13aed84c9e43e98da236da9191969ca8813e1232400e48286de768f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: 7Rmf9okRcJYHphjbv4qA0omlYFJFZAR4
content-encoding: gzip
etag: "7d778a7723d12ee917aaebc2030d8b4b"
x-amz-request-id: 6EA43B6ABAED094A
status: 200
x-amz-replication-status: PENDING
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:6c00:19b::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 195507
x-amz-id-2: NW7pRAxQn4COZRWW9/eztD7rQGLyjFx+xWfgdsD7sG6ZpJIQ24bgL6uJhj6nRzAq3P3ZfNI/giM=
last-modified: Tue, 23 Jun 2020 12:55:31 GMT
server: AmazonS3
date: Tue, 23 Jun 2020 13:24:41 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=1200
x-amz-meta-revision: 16054
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 modernizr-2.8.3.min.js Show response
www.bahn.de/common/view/static/04e8fc1a/js/lib/modernizr/ 11 KB
5 KB 152ms
147ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/js/lib/modernizr/modernizr-2.8.3.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: CC15F709B08078A7
status: 200
vary: Accept-Encoding
content-length: 4530
x-amz-id-2: Sl90oqAgKd2sxoZk9+HjCtgzG/zCZSKPs+MPJ5ee6QAYXflt1MAmJ4XBIUjxC145SLi6T9mbYqk=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 db_em_rgb_100px.svg
www.bahn.de/common/view/static/v8/img/ 828 B
1 KB 66ms
65ms Image
image/svg+xml 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/v8/img/db_em_rgb_100px.svg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: FBEDF7D410DDA53D
status: 200
vary: Accept-Encoding
content-length: 480
x-amz-id-2: JokuNYTT0MV84UD4XiL7zC5vu4P79pfXzi5P5griwkN04O+hptPR9xPkkfyQZOtvsquanlukyJY=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 mdb_272597_180507_mrbc_header_980x245_v2_980x245_cp_0x0_980x245.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/uebersicht_neu/ 44 KB
45 KB 67ms
66ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/uebersicht_neu/mdb_272597_180507_mrbc_header_980x245_v2_980x245_cp_0x0_980x245.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

689f1796f6be9ef6c0c9380df50caa4f09569935c09fd21f57305686732ba0b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 08:08:40 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017847
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 44962
x-xss-protection: 1; mode=block
expires: Sun, 05 Jul 2020 08:08:49 GMT

GET
H2 200 mdb_289379_bc25_2kl_oc_bis290220_280x140_cp_0x0_800x400.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/ 7 KB
7 KB 72ms
71ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/mdb_289379_bc25_2kl_oc_bis290220_280x140_cp_0x0_800x400.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

8605f9caa8db8bc3a78228c071639b48daccd4c17764ac0341692541d874741f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1012
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1016896
last-modified: Fri, 05 Jun 2020 07:53:00 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 7102
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Sun, 05 Jul 2020 07:52:58 GMT

GET
H2 200 mdb_289384_bc50_2kl_oc_bis290220_280x140_cp_0x0_800x400.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/ 7 KB
7 KB 73ms
73ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/mdb_289384_bc50_2kl_oc_bis290220_280x140_cp_0x0_800x400.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

0f81da785734c739e391be74974aa28cde1074b3dcc9cb7ad85c59ec7fda8eeb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 516
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017355
last-modified: Fri, 05 Jun 2020 07:59:51 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 6956
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Sun, 05 Jul 2020 08:00:37 GMT

GET
H2 200 mdb_289387_probebc_faecher_3er_oc_bis290220_280x140_cp_0x0_800x400.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/ 9 KB
9 KB 73ms
71ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2019/mdb_289387_probebc_faecher_3er_oc_bis290220_280x140_cp_0x0_800x400.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

24fb71543a65dc5ac2af201fdfa725f00065b40cd8830e86951ae75c15e3ef04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1172
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017224
last-modified: Fri, 05 Jun 2020 07:59:52 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 8730
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Sun, 05 Jul 2020 07:58:26 GMT

GET
H2 200 mdb_264140_05_comfort_portal_280x140_cp_31x0_397x183.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bc_100/ 8 KB
9 KB 74ms
72ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bc_100/mdb_264140_05_comfort_portal_280x140_cp_31x0_397x183.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

301fd4fb64fd7b976c74679c79de83e17e44e415540bba5b114c1dd53141b1fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 07:59:51 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017179
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 8172
x-xss-protection: 1; mode=block
expires: Sun, 05 Jul 2020 07:57:41 GMT

GET
H2 200 mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 5 KB
6 KB 76ms
74ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 34
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017246
last-modified: Fri, 05 Jun 2020 07:59:50 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 5202
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Sun, 05 Jul 2020 07:58:48 GMT

GET
H2 200 mdb_270611_db_bb_partnerseite_700x214_280x140_cp_334x15_700x198.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 7 KB
7 KB 79ms
78ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270611_db_bb_partnerseite_700x214_280x140_cp_334x15_700x198.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

8dd962317f64f8aa72e57ab1ed1d821a807ac759a210f18eaa31ee8feeca22cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 07:59:55 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017306
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 6686
x-xss-protection: 1; mode=block
expires: Sun, 05 Jul 2020 07:59:48 GMT

GET
H2 200 mdb_308406_playbutton_1000x500_980x490.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/ 51 KB
52 KB 80ms
79ms Image
image/jpeg 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/mdb_308406_playbutton_1000x500_980x490.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ad98aafd7af2044e0613833a78c1377adbfa9d7df89d5109e8abe60ab2b9db97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
last-modified: Sat, 06 Jun 2020 00:47:21 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/jpeg
status: 200
cache-control: private, no-transform, max-age=1077741
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 52319
x-xss-protection: 1; mode=block
expires: Mon, 06 Jul 2020 00:47:03 GMT

GET
H2 200 mdb_270742_180427_ly_bahnbonus_bahn_de_startseite_980x300_980x300_cp_0x0_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 33 KB
34 KB 86ms
86ms Image
image/webp 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270742_180427_ly_bahnbonus_bahn_de_startseite_980x300_980x300_cp_0x0_980x300.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

39469dcff773f11dc4d1672200d83e6f68ab0c95cca33c7a7cc38cff4c0b3968

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 07:56:47 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=1017052
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 34046
x-xss-protection: 1; mode=block
expires: Sun, 05 Jul 2020 07:55:34 GMT

GET
H2 200 portal-index.min.js Show response
www.bahn.de/common/view/static/04e8fc1a/responsive/js/ 323 KB
93 KB 67ms
66ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/js/portal-index.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 0466D6A25D226A2C
status: 200
vary: Accept-Encoding
content-length: 94604
x-amz-id-2: Rxgd3EZmH+KvLqua5VSrP0yqITUw8Tp4BxAl7iBUdjWlPpagQohqQx6dUCuTaLBEKU0yycdus9A=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 s_code.min.js Show response
www.bahn.de/common/view/static/04e8fc1a/js/lib/omniture/ 111 KB
38 KB 76ms
74ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/js/lib/omniture/s_code.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 9146DC383129E38F
status: 200
vary: Accept-Encoding
content-length: 37926
x-amz-id-2: PyMmrV9IcaKgG37FcL+JMRB1NyVC+lj7ESFDJk59qK39XVq9GC3JXOy+cKYcr5qYINKxCMHNDdI=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H/1.1 200
OK oeu1592918682314r0.3737567469091325 Show response
vis.optimizely.com/api/targeting/8033263973/8512265067/ 1 KB
621 B 634ms
166ms XHR
application/json 3.221.196.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://vis.optimizely.com/api/targeting/8033263973/8512265067/oeu1592918682314r0.3737567469091325
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.221.196.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-221-196-58.compute-1.amazonaws.com
Software: nginx / Express
Resource Hash: c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 23 Jun 2020 13:24:42 GMT
Content-Encoding: gzip
ETag: W/"-1045647723"
Server: nginx
X-Powered-By: Express
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 284

GET
H2 200 svg-sprites.svg
www.bahn.de/common/view/static/04e8fc1a/responsive/img/ 324 KB
88 KB 91ms
90ms Other
image/svg+xml 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/img/svg-sprites.svg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: E1849C8E210E497B
status: 200
vary: Accept-Encoding
content-length: 89114
x-amz-id-2: 8DMhR6L2EVeRXvuloh9b6Y2abRhiOt5mzQkW/HLgDgX0zVHOMWTFBkH5h8STOHRurPqnkLHMv/g=
server: AmazonS3
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 icon-s73bc5bf69c.png
www.bahn.de/common/view/static/04e8fc1a/responsive/img/ 53 KB
54 KB 98ms
98ms Image
image/png 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/img/icon-s73bc5bf69c.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: B912CE7A4704DFF5
x-frame-options: SAMEORIGIN
x-amz-id-2: fy9FYkeRT3pjaJAm2wEZx++wGtdPP+i4y6CEEnT87IiwFyYoS5EsVO8RoO/bN5Y4sbhKB83v4xU=
content-type: image/png
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 54236
x-xss-protection: 1; mode=block

GET
H2 200 bg_nav_active_left.png
www.bahn.de/common/view/static/04e8fc1a/responsive/img/ 132 B
679 B 104ms
103ms Image
image/png 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/img/bg_nav_active_left.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: 41BC97A03158F630
x-frame-options: SAMEORIGIN
x-amz-id-2: dS56MaevovdnE9UhFatmdx+zpUeMiJKYnAnIiJP6ROpEMNJnOpsmNk6W05Oy6ruxMqaTyhwakTA=
content-type: image/png
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 132
x-xss-protection: 1; mode=block

GET
H2 200 bg_nav_active_right.png
www.bahn.de/common/view/static/04e8fc1a/responsive/img/ 132 B
680 B 104ms
104ms Image
image/png 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/img/bg_nav_active_right.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: AE97C2C3943D0C9A
x-frame-options: SAMEORIGIN
x-amz-id-2: JZd0LyE4I50fraclz/hT+5zEcS1IcgtD0myYjktjVgTEbN8VCNrhCX6T70X03EcgkifdCc3zIzs=
content-type: image/png
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 132
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 538 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdd715407bbcb2c0325bb1e1466715b9ec9dcd2e7e662e647fddf74d92ba4150

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 824 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e1a71dbeac14ad724fd5bf1f63d833a2cea06c7de8f9173b6d2a3bad0fbc7bf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd45e3a7a55ce6d15988606f79657a593097ac40f0d29bff151fdd10b0438b88

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1019 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5db9108016c62906c987c432fab8efb55a0c92425c9cace3793c536fa2aafcde

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d765be61f3668f58a9fee31185882edaf07d31b79ef37e1305b23fd01d6aef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff458e01b24643b5a0d6b8a21452f5a582ac28527a05c36aa0ff6f37c5186214

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 logo-s56974c59c7.png
www.bahn.de/common/view/static/04e8fc1a/responsive/img/ 87 KB
88 KB 62ms
61ms Image
image/png 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/img/logo-s56974c59c7.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: EEE9EED07063DCD7
x-frame-options: SAMEORIGIN
x-amz-id-2: k4vPUfsEtN43lh+QVwYbnioveXqRJqYc2PdQmofp5dDf9AboErU6f+KMGFqDMvbvVAeD7vyhXxM=
content-type: image/png
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 89271
x-xss-protection: 1; mode=block

GET
H2 200 dbsan03-webfont.woff
www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/ 48 KB
48 KB 92ms
86ms Font
binary/octet-stream 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/dbsan03-webfont.woff

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
Origin: https://www.bahn.de

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: 66DB085C466BB8F0
x-frame-options: SAMEORIGIN
x-amz-id-2: IO1pdSeNZPEKuj8WOy7dua3LdEV2Uf8nEiaWflt5lMpDXb/o6NbjMq/sdcQEfdrZQa9v3sIAr5w=
content-type: binary/octet-stream
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 48820
x-xss-protection: 1; mode=block

GET
H2 200 db-icons.woff
www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/ 29 KB
29 KB 93ms
87ms Font
binary/octet-stream 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/db-icons.woff?de5f8900bd1b6298cc0ca94466418537

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
Origin: https://www.bahn.de

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: CBF9C2114B77FF38
x-frame-options: SAMEORIGIN
x-amz-id-2: F+CUUZgpQYN2l1P/K31xx29I3ny/0ZyYYv30qPsZh5x67pmCiSDkZ7U5zftTaeRYZ0ZECSTfK5s=
content-type: binary/octet-stream
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 29320
x-xss-protection: 1; mode=block

GET
H2 200 dbsan06-webfont.woff
www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/ 48 KB
48 KB 93ms
87ms Font
binary/octet-stream 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/04e8fc1a/responsive/fonts/dbsan06-webfont.woff

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/common/view/static/04e8fc1a/responsive/css/portal.min.css
Origin: https://www.bahn.de

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: AmazonS3
x-amz-request-id: C4EA152F735852F7
x-frame-options: SAMEORIGIN
x-amz-id-2: zG2yVC6B+6PVmFnXAloJCy8S5OtPXt2LoHWIij1GHO9UNMUMFS1jpU1QY7GN64Iv3RoA4uUxMiw=
content-type: binary/octet-stream
status: 200
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
accept-ranges: bytes
content-length: 48880
x-xss-protection: 1; mode=block

GET
H2 200 a791773171.html
a791773171.cdn.optimizely.com/client_storage/ Frame A854 0
0 203ms
58ms Document
text/html 23.43.121.57
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://a791773171.cdn.optimizely.com/client_storage/a791773171.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.121.57 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a23-43-121-57.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a791773171.cdn.optimizely.com
:scheme: https
:path: /client_storage/a791773171.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

status: 200
x-amz-id-2: 0YwR2v0tj/DoFfbvjEaOFIFTjOL7AXrYE4S6JlpqqEexvb2Q7UUxD1aZcMHqn5iXc6jINQdhARw=
x-amz-request-id: 59DBB67A0DE87919
x-amz-replication-status: COMPLETED
last-modified: Tue, 23 Jun 2020 12:59:08 GMT
etag: "8bfa96915e5a4cb1a18c4e516469fcbd"
cache-control: max-age=120
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: D4OH.f_HZAyJ5mOfHr9dwl8IINXLDskR
accept-ranges: bytes
content-type: text/html; charset=utf-8
content-length: 773
server: AmazonS3
vary: Accept-Encoding
date: Tue, 23 Jun 2020 13:24:43 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="22";dur=0,cdnip;desc="23.43.121.57";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H/1.1 200
OK skyscraper.html
www.static-bahn.de/media/view/mdb/media/w/skyscraper/ Frame B1A3 0
0 238ms
76ms Document
text/html 2.16.187.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.16.187.49 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a2-16-187-49.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload

Request headers

Host: www.static-bahn.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

Content-Type: text/html
Server: Apache
Last-Modified: Thu, 19 Dec 2019 11:16:01 GMT
ETag: "fe-59a0cafaa1e40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 186
Cache-Control: max-age=600
Date: Tue, 23 Jun 2020 13:24:43 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=15768000 ; includeSubDomains ; preload

GET
H2 200 id Show response
st.bahn.de/ 48 B
477 B 256ms
62ms XHR
application/x-javascript 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://st.bahn.de/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=91038950750889886241655593438073595307&ts=1592918682885

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/04e8fc1a/js/lib/omniture/s_code.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

b92fb542ac5266d7900ce9f5616d5294635254644a67a563c151c8f3d2d4ef6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Tue, 23 Jun 2020 13:24:42 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6f7565dc8b-6wzsr
vary: Origin
x-c: master-1308.I3d0a82.M0-421
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bahn.de
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 200 utag.js Show response
www.bahn.de/media/view/tms/ 195 KB
55 KB 63ms
62ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3b51760fa571f941a26c2cb43ff53a3a65e556f373ce287e297091beb2027274

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 55934
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jun 2020 14:47:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "30a76-5a8ad51a30500"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 getjson.pl Show response
www.bahn.de/pbin/ 104 KB
16 KB 147ms
147ms XHR
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/pbin/getjson.pl?name=nav_p&callback=jQuery11100039143847648414054_1592918682859&_=1592918682860

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/04e8fc1a/responsive/js/portal-index.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

78f035ce576758047f1a3963127caa98b30171099aeab30597a403cd8ed87889

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: max-age=180
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
vary: Accept-Encoding
content-length: 15999
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK Cookie set lmiframe.html Show response
ps.bahn.de/common/content/html/ Frame 89A9 2 KB
3 KB 224ms
60ms Document
text/html 81.200.197.91
BAHN-AS-BLN

General

Check archive.org

Show headers Download Go to

Full URL

https://ps.bahn.de/common/content/html/lmiframe.html

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/04e8fc1a/responsive/js/softlogin.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),

Reverse DNS

Software

Apache /

Resource Hash

a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Host: ps.bahn.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: optimizelyEndUserId=oeu1592918682314r0.3737567469091325; bahn-cmf=dbkanal_004%7CL01_S01_D001_FKPM0020_redirect-bc_LZ01; AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg=-408604571%7CMCIDTS%7C18437%7CMCMID%7C91038950750889886241655593438073595307%7CvVersion%7C4.6.0; s_ecid=MCMID%7C91038950750889886241655593438073595307
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

Date: Tue, 23 Jun 2020 13:24:43 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2209
Connection: keep-alive
Set-Cookie: AWSALB=qN+JAPk4Z/5/EK6II3btbCdXMbqjDSkWk12W98i+nHg7uylYtwtLiqp3xlMLiDqTXteHpBaCVnKzC5fefUylzKAcBL1dUeH+TWbezrLmmtAq8kbrfLfSgnJ4/jkB; Expires=Tue, 30 Jun 2020 13:24:43 GMT; Path=/ AWSALBCORS=qN+JAPk4Z/5/EK6II3btbCdXMbqjDSkWk12W98i+nHg7uylYtwtLiqp3xlMLiDqTXteHpBaCVnKzC5fefUylzKAcBL1dUeH+TWbezrLmmtAq8kbrfLfSgnJ4/jkB; Expires=Tue, 30 Jun 2020 13:24:43 GMT; Path=/; SameSite=None; Secure
Server: Apache
Last-Modified: Mon, 22 Jun 2020 12:02:16 GMT
Accept-Ranges: bytes
Strict-Transport-Security: max-age=16070400; includeSubDomains

GET
H2 200 s23121439167937
st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/ 43 B
563 B 98ms
95ms Image
image/gif 15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/s23121439167937?AQB=1&ndh=1&pf=1&t=23%2F5%2F2020%2015%3A24%3A43%202%20-120&mid=91038950750889886241655593438073595307&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=BAHN_PVE_DEU_DE_bahncard_index&g=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&c.&Rendering=Desktop&Orientierung=Landscape&page_info=0%7C0%2C0x0%2C0x0%2C0%2C&first_page_of_visit=true&dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01&persistent_campaign=L01_S01_D001_FKPM0020_redirect-bc_LZ01&load_time=15&.c&cc=EUR&ch=BAHN_PVE_DEU_DE&v0=L01_S01_D001_FKPM0020_redirect-bc_LZ01&events=event45%2Cevent46&c1=D%3Dv0&v1=D%3Dv0&h1=PVE%3Ebahncard&c4=BAHN_PVE_DEU_DE&v4=BAHN_PVE_DEU_DE&c14=D%3Dv14&v14=L01_S01_D001_FKPM0020_redirect-bc_LZ01&c22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&v22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&c24=D%3DpageName&v24=D%3DpageName&c47=L01_S01_D001_FKPM0020_redirect-bc_LZ01%3EBAHN_PVE_DEU_DE_bahncard_index&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
x-content-type-options: nosniff
x-c: master-1308.I3d0a82.M0-421
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 24 Jun 2020 13:24:43 GMT
server: jag
xserver: anedge-6f7565dc8b-9sb9s
etag: 3420766824421490688-4614158441387890207
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 22 Jun 2020 13:24:43 GMT

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 604ms
146ms XHR
text/plain 54.156.161.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.161.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-161-55.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 23 Jun 2020 13:24:44 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 52fe92ff-e4bd-4f62-bbe5-92cde68a5514

GET
H2 200 utag.140.js Show response
www.bahn.de/media/view/tms/ 3 KB
2 KB 63ms
63ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.45.201910290813

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

7ea1331d012fad978fd3df964b4f8d74aa46899d9a62a23c760c35a8462e9361

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1411
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Jun 2020 12:39:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "ba7-5a7a6056d1d40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.85.js Show response
www.bahn.de/media/view/tms/ 3 KB
2 KB 64ms
61ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.45.201904151138

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f091ff05ef0adb41045d0eebe7e446c59d4cf4ceb382387beb9140acb933e0c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1390
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Jun 2020 12:39:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "ae0-5a7a6056d1d40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.74.js Show response
www.bahn.de/media/view/tms/ 2 KB
2 KB 65ms
63ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.45.201907291243

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

825131f978383977296b087ed1b0ad45c85e58a1a24c8302a7871efc1a590392

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1060
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Jun 2020 12:39:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "813-5a7a6056d1d40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.139.js Show response
www.bahn.de/media/view/tms/ 3 KB
2 KB 66ms
63ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.139.js?utv=ut4.45.201912030818

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

db0ff20533bfabd0a73f8cefd62f4c4470cd7d4eb2b2f5a3a5afea37e8b03174

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1359
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Jun 2020 12:39:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "ba0-5a7a6056d1d40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.41.js Show response
www.bahn.de/media/view/tms/ 24 KB
6 KB 66ms
64ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.41.js?utv=ut4.45.202004141226

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9059a482d812dc45fe7d8a0d5a3b1d650d8a3308bb62f41f1db4588984e4e67f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 5521
x-xss-protection: 1; mode=block
last-modified: Tue, 09 Jun 2020 12:39:41 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "616b-5a7a6056d1d40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.33.js Show response
www.bahn.de/media/view/tms/ 19 KB
5 KB 73ms
72ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.33.js?utv=ut4.45.202006221255

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

cd5bbe7a7b4a9d8e8a02455a6e9e0716380fc3b25f2346321f61e49ac4fe900e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 4179
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jun 2020 14:47:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "4b90-5a8ad51a30500"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.14.js Show response
www.bahn.de/media/view/tms/ 8 KB
3 KB 98ms
97ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.14.js?utv=ut4.45.202004141226

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e54959dcb5f3f52c453e60682fb7b10e6b3f12557205646fa491ea33267127f7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 2349
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jun 2020 14:47:16 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "2103-5a8ad51a30500"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H/1.1 200
OK es6-promise.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 89A9 32 KB
7 KB 248ms
81ms Script
application/javascript 84.53.165.61
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/es6-promise.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 84.53.165.61 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a84-53-165-61.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 23 Jun 2020 13:24:43 GMT
Content-Encoding: gzip
Last-Modified: Sat, 13 Jun 2020 22:26:59 GMT
Server: AmazonS3
x-amz-request-id: D10AFDD25E47CEEF
ETag: "c833d9c873652af4a666772e9930b031"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6686
x-amz-id-2: rgPKzuViO/nC9FshoaCvEt+a2QDNyXZHADr8DemyOHb0GnHk/JEY7sSmBDeUT3u8jLImOFwbEGw=
Expires: Tue, 23 Jun 2020 13:39:43 GMT

GET
H/1.1 200
OK common.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 89A9 29 KB
6 KB 249ms
81ms Script
application/javascript 84.53.165.61
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/common.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 84.53.165.61 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a84-53-165-61.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 23 Jun 2020 13:24:43 GMT
Content-Encoding: gzip
Last-Modified: Sat, 13 Jun 2020 22:26:58 GMT
Server: AmazonS3
x-amz-request-id: B40BD4D56D9676E4
ETag: "34057f636668a1f6f1d15a4de2bc090c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5489
x-amz-id-2: vdrkV+RJnrjmkNxBiXdc7YKF5lObA9aqZfynXjwhYQuLxbncy5I96IN4RbqRF03AJGw1J2r05js=
Expires: Tue, 23 Jun 2020 13:39:43 GMT

GET
H/1.1 200
OK softlogin.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 89A9 117 KB
21 KB 277ms
108ms Script
application/javascript 84.53.165.61
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 84.53.165.61 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a84-53-165-61.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 846f8d539675a8b7014e4e2510f75e8ee8cf6a442f5d5072faea438b70872db6

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 23 Jun 2020 13:24:43 GMT
Content-Encoding: gzip
Last-Modified: Sat, 13 Jun 2020 22:26:59 GMT
Server: AmazonS3
x-amz-request-id: 8FC90358F06FA1AC
ETag: "c13baff010e06af0cdf0d49dd57e7ca8"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21162
x-amz-id-2: bxqckKsw97uqveFNNsz8tc4Uzv3STdGVCz+vd/mzM1Exg0C/dek8cuKbQMbDkicdDW5QiOlJdrc=
Expires: Tue, 23 Jun 2020 13:39:43 GMT

GET
H2 200 / Show response
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/ 50 KB
15 KB 289ms
96ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&t=1592918683773

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.45.201904151138

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

4ea4d1f382c18e80f77f1aae50a6ce5f5f10236b132125af6d1c06c73fb7661e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 462194
cf-polished: origSize=52586
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 0382f3495a00007275a41bd200000001
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"cd6a-suq480vNguAAaHjmzNFHp4IUrs0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 5a7e87eefefd7275-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2

200

adformat.js Show response
s2.adform.net/banners/scripts/audiencetag/
Redirect Chain

https://dmp.adform.net/audiencetag/adformat.js
https://s2.adform.net/banners/scripts/audiencetag/adformat.js

3 KB
2 KB

174ms
59ms

Script
application/x-javascript

37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0965fd0c86a54875a6bd3d08231fe4042ea96fc354a40aeab2f31ed0c8b103a2

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: gzip
last-modified: Wed, 25 Mar 2020 11:13:59 GMT
server: nginx
etag: W/"5e7b3cf7-b69"
x-cache-status: HIT
status: 200
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

status: 301
date: Tue, 23 Jun 2020 13:24:43 GMT
server: nginx
location: https://s2.adform.net/banners/scripts/audiencetag/adformat.js
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 a2987.js Show response
cdn.m-pathy.com/js/ 22 KB
6 KB 138ms
25ms Script
application/javascript 2600:9000:215d:da00:1e:7aca:b8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.m-pathy.com/js/a2987.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.45.201907291243
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:215d:da00:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a00c21dc315ee589f88f6e9c71f9aa400383a8af766347d43f1be7490d3d2b89

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Origin: https://www.bahn.de

Response headers

date: Tue, 23 Jun 2020 12:37:00 GMT
content-encoding: gzip
age: 2864
x-cache: Hit from cloudfront
status: 200
content-length: 6078
access-control-allow-origin: *
last-modified: Tue, 23 Jun 2020 12:35:48 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "577e-5a8bf995a8eb4-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 a2ff850ccdde2a6d47a8ef587e8cb536.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: CPH50-C1
accept-ranges: bytes
x-amz-cf-id: l460sZaZvTelutM7U2o1m-yAuAtAFGD2rVz21XPrQBs2NcxjViModA==
expires: Tue, 23 Jun 2020 13:37:00 GMT

GET
H2 200 exactag.js Show response
www.bahn.de/media/view/tms/js/ 13 KB
6 KB 67ms
66ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/js/exactag.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 5428
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 11:16:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "321a-59a0cafaa1e40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2

200

trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/
Redirect Chain

https://track.adform.net/serving/scripts/trackpoint/async/
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

78 KB
27 KB

294ms
293ms

Script
application/x-javascript

37.157.2.248
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.248 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 87b95fcebb35063c2ee39c7022c77522be49c506672bbf58f312e6869b8c1e3b

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: gzip
last-modified: Thu, 18 Jun 2020 11:04:58 GMT
server: nginx
etag: W/"5eeb4a5a-1364d"
x-cache-status: HIT
status: 200
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

status: 301
date: Tue, 23 Jun 2020 13:24:44 GMT
server: nginx
location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 criteo.js Show response
www.bahn.de/media/view/tms/js/ 14 KB
6 KB 74ms
73ms Script
text/javascript 2.17.191.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/js/criteo.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.191.209 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-209.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 5403
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 11:16:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "3802-59a0cafaa1e40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H/1.1 200
OK pi.aspx Show response
m.exactag.com/ Frame 0454 6 KB
4 KB 233ms
69ms Script
text/javascript 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=BFfVsh0aXLz5&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/exactag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

85.14.248.91 Meerbusch, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

812f2ad61687b19ebff0fb7cb5ceb204b89307eb80cb03f2f231373c993ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR", policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Di, 23 Jun 2020 01:24:44 GMT,Di, 23 Jun 2020 01:24:44 GMT
Server: Microsoft-IIS/8.5
Date: Tue, 23 Jun 2020 13:24:43 GMT
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
X-ET-Camp: 1053
Expires: -1

GET
H2 200 loader.js Show response
cdn.m-pathy.com/modules/4.16-164/ 43 KB
15 KB 39ms
35ms Script
application/javascript 2600:9000:215d:da00:1e:7aca:b8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.m-pathy.com/modules/4.16-164/loader.js
Requested by: Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:215d:da00:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Origin: https://www.bahn.de

Response headers

date: Tue, 23 Jun 2020 12:37:33 GMT
content-encoding: gzip
age: 2830
x-cache: Hit from cloudfront
status: 200
content-length: 15101
access-control-allow-origin: *
last-modified: Mon, 02 Mar 2020 12:42:50 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "acff-59fde8666e680-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 a2ff850ccdde2a6d47a8ef587e8cb536.cloudfront.net (CloudFront)
cache-control: max-age=2419200
x-amz-cf-pop: CPH50-C1
accept-ranges: bytes
x-amz-cf-id: qrN1ug9bgYAMfWDu5QrZ7hJGUWVcVSIIqA2X8SwNgj6Bd4piavQlaA==
expires: Tue, 21 Jul 2020 12:37:33 GMT

GET
H2 200 event Show response
sslwidget.criteo.com/ 1 KB
1 KB 180ms
61ms Script
application/x-javascript 178.250.2.151
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://sslwidget.criteo.com/event?a=16780&v=4.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh%26ui_db_page%3DBAHN_PVE_DEU_DE_bahncard_index&p2=e%3Ddis&adce=1
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/criteo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jun 2020 13:24:43 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
timing-allow-origin: *
x-powered-by: ASP.NET
vary: Accept-Encoding
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
status: 200
cache-control: no-cache
content-type: application/x-javascript
content-length: 863
expires: 0

GET
H/1.1 200
OK px.aspx
m.exactag.com/ Frame 8613 0
0 235ms
56ms Document
text/html 85.14.248.91
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/px.aspx?id=98b8efcb3dfa4d048e7511d85968a245

Requested by

Host: m.exactag.com
URL: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=BFfVsh0aXLz5&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.91 Meerbusch, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: m.exactag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: exactag_new_gk=737912adb3864e6ea472205cd5101a2c%7c22.08.2020+13%3a24%3a43; exactag_new_uk=941a8d6074d246b5a85cc632a0144564%7c; session_session=abfe90badfcd42a28944e7f5; exactag_new_user=1053%7c2%7cabfe90badfcd42a28944e7f5%7c01.01.0001+00%3a00%3a00%7c23.06.2020+13%3a24%3a44%7cabfe90badfcd42a28944e7f5%7c68537%7c1753%7cFalse
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-ET-Code: 0
X-ET-Camp: 1053
Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 23 Jun 2020 13:24:43 GMT
Connection: close
Transfer-Encoding: chunked
Content-Encoding: gzip

GET
H2 200 cookiesegments Show response
dmp.adform.net/audiencetag/ 2 B
236 B 139ms
139ms XHR
application/json 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://dmp.adform.net/audiencetag/cookiesegments?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBZGZvcm0uRE1QLkNsYWltczo6RGF0YVByb3ZpZGVycyI6IlsxMDU4MV0iLCJpc3MiOiJkbXAtYXBpLmFkZm9ybS5jb20iLCJhdWQiOiJhdWRpZW5jZV90YWdfY29uc3VtZXJfdjEiLCJleHAiOjE4NDY0NzkyOTksIm5iZiI6MTUzMTExOTIzOX0.FJQj3NEIHLPLagWbUeSDroGlMNqPApSp4JsfF5qhvxA

Requested by

Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/audiencetag/adformat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bahn.de
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 8 KB
2 KB 180ms
178ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0lxkzEthotizcTX&Q_CLIENTVERSION=1.29.0&Q_CLIENTTYPE=web

Requested by

Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&t=1592918683773

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b58e0d7cb58a31208da658faf2b8da4baa87ca1870c68bbbbb942040d180bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: https://www.bahn.de
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 5a7e87f10fef7275-AMS
vary: Accept-Encoding
cf-request-id: 0382f34aa100007275a41d0200000001

GET
H/1.1 200
OK Texte Show response
ps.bahn.de/webservices/rest/resource/ Frame 89A9 1 KB
2 KB 56ms
56ms XHR
application/json 81.200.197.91
BAHN-AS-BLN

General

Check archive.org

Show headers Download Go to

Full URL

https://ps.bahn.de/webservices/rest/resource/Texte?r=12a55328

Requested by

Host: www.img-bahn.de
URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),

Reverse DNS

Software

Apache /

Resource Hash

3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 23 Jun 2020 13:24:44 GMT
Server: Apache
Connection: keep-alive
Content-Length: 1333
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/json

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 80 KB
23 KB 87ms
86ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.29.0&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

ed65491097e484171911b62df5625489757779c217f5bf87f2fdd6af9256325d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 482881
cf-polished: origSize=82320
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 0382f34b5700007275a41d7200000001
last-modified: Wed, 17 Jun 2020 18:45:15 GMT
server: cloudflare
x-powered-by: Express
etag: W/"14190-172c3997a78"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
cf-ray: 5a7e87f2288a7275-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 / Show response
track.adform.net/Serving/TrackPoint/ 164 B
629 B 287ms
287ms Script
text/javascript 37.157.4.24
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?pm=646062&ADFPageName=%7Bwww.bahn.de%7D%7C%7BBAHN_PVE_DEU_DE%7D%7C%7BBAHN_PVE_DEU_DE_bahncard_index%7D&ADFdivider=%7C&ord=743874427745&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfYmFobmNhcmRfaW5kZXh9In0&loc=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01

Requested by

Host: s2.adform.net
URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

61175726d0a2de2cae41ad18d5eb5df94d23bbf156f9a6fed2c98fe31d731449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 224
expires: -1

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 4 KB
851 B 183ms
182ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0lxkzEthotizcTX&Q_CLIENTVERSION=1.29.0&Q_CLIENTTYPE=web&t=1592918684572&Q_VSI=%7B%22SI_3luT85PojdA98ax%22%3A%22DependencyResolver%22%2C%22SI_eRorgFMc5Fo4yQR%22%3A%22DependencyResolver%22%2C%22SI_0keDUnRnIumZ1n7%22%3A%22DependencyResolver%22%2C%22SI_bDcf3YlzkQWsUWV%22%3A%22DependencyResolver%22%2C%22SI_9FSidsK0H17O9JX%22%3A%22DependencyResolver%22%2C%22SI_eFqy0Q5jpoxPemh%22%3A%22DependencyResolver%22%2C%22SI_4VAPRHY2enGqqc5%22%3A%22DependencyResolver%22%2C%22SI_9TxpAoj9pf4ovNr%22%3A%22DependencyResolver%22%2C%22SI_0UJlVcKcKBjvL8h%22%3A%22DependencyResolver%22%2C%22SI_9NzmaDz9jyPRYy1%22%3A%22DependencyResolver%22%2C%22SI_cHHjgOhdDwVIaX3%22%3A%22DependencyResolver%22%7D&Q_DPR=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27805b012ad48ed72ac027e0e5fbfd4610554310c0c46adaf0d0d318785a3213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 23 Jun 2020 13:24:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: https://www.bahn.de
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 5a7e87f2c8cf7275-AMS
vary: Accept-Encoding
cf-request-id: 0382f34bbc00007275a41df200000001

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 143ms
143ms XHR
text/plain 54.156.161.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.161.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-161-55.compute-1.amazonaws.com
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 23 Jun 2020 13:24:44 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 898c97c6-610b-40ba-afbd-a425d6cc6e31

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.exactag.com/	1970-01-19 14:47:50	Name: exactag_new_user Value: 1053%7c2%7cabfe90badfcd42a28944e7f5%7c01.01.0001+00%3a00%3a00%7c23.06.2020+13%3a24%3a44%7cabfe90badfcd42a28944e7f5%7c68537%7c1753%7cFalse
m.exactag.com/	1970-01-19 12:38:14	Name: exactag_new_gk Value: 737912adb3864e6ea472205cd5101a2c%7c22.08.2020+13%3a24%3a43
ps.bahn.de/	1970-01-19 10:38:43	Name: AWSALB Value: QEMuonCBlmz1q7jWz1QRwMgV73c4ArQo6pzSM/MrG4vleFyf3gQTwg3URELiPRIDPrbsCEw9Vxu5r8wXSimsXxHUMcyThywMyNsxv6ivZ290LtOKP9VzjWk4fvkW
.bahn.de/	1969-12-31 23:59:59	Name: s_ppv Value: BAHN_PVE_DEU_DE_bahncard_index%2C38%2C38%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/	1970-01-19 12:38:14	Name: et_gk Value: 737912adb3864e6ea472205cd5101a2c\|22.08.2020 13:24:43
.bahn.de/	1969-12-31 23:59:59	Name: s_ppvl Value: BAHN_PVE_DEU_DE_bahncard_index%2C37%2C37%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
www.bahn.de/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01~1592918684472
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: abfe90badfcd42a28944e7f5
.bahn.de/	1970-01-19 10:38:43	Name: mpt_cookieForErrSites Value: 0\|1594128284268
.bahn.de/	1970-01-19 10:38:43	Name: mpt_followpage Value: 0\|1594128284268
.bahn.de/	1970-01-19 10:38:43	Name: mpt_vid Value: 159291868427098522\|1655990684270
.bahn.de/	1970-01-19 19:14:14	Name: utag_main Value: v_id:0172e15a302400168a03d88c3b8900078006207000b08$_sn:1$_ss:1$_st:1592920483686$ses_id:1592918683686%3Bexp-session$_pn:1%3Bexp-session$ls:undefined%3Bexp-session
.bahn.de/	1970-01-19 14:47:50	Name: et_uk Value: 941a8d6074d246b5a85cc632a0144564
.bahn.de/	1970-01-19 10:38:43	Name: mpt_rate_comparator_3372 Value: 68.26495193977311\|1595510684215
.bahn.de/	1970-01-20 03:59:50	Name: s_ecid Value: MCMID%7C91038950750889886241655593438073595307
ps.bahn.de/	1970-01-19 10:38:43	Name: AWSALBCORS Value: QEMuonCBlmz1q7jWz1QRwMgV73c4ArQo6pzSM/MrG4vleFyf3gQTwg3URELiPRIDPrbsCEw9Vxu5r8wXSimsXxHUMcyThywMyNsxv6ivZ290LtOKP9VzjWk4fvkW
.bahn.de/	1970-01-20 03:59:50	Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg Value: -408604571%7CMCIDTS%7C18437%7CMCMID%7C91038950750889886241655593438073595307%7CMCAID%7CNONE%7CMCOPTOUT-1592925883s%7CNONE%7CvVersion%7C4.6.0

32 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.optimizely.com/js/8033263973.js(Line 3094) Message: null
console-api	log	URL: https://cdn.optimizely.com/js/8033263973.js(Line 3094) Message: null - customerID should be set
console-api	log	URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 14) Message: IFr Begin
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Constructing IframeMain
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Reading IframeState from cache: null
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 40) Message: IFr End
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Incoming message 'init'
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: init(https://www.bahn.de:443)
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] checkClientOrigin successsful.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Examining cookies...
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] slstat = null
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] hlstat = null
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] LoginState is Anonymous
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Login state remains Anonymous .
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Checking whether resources need to be loaded eagerly.
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Writing IframeState to cache: [object Object]
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Incoming message 'load'
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: load(Texte)
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Connectivity is Connected
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Data is not in cache.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] -> loading it from server.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Ajax call load(Texte).
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Processing AJAX response for load(Texte)
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] response = [object Object]
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [Cache] Wrote Texte to cache (storage): {"login.hardlogin.logout.value":"Logout","meinestrecken.speichern.keine":"Um Strecken zu speichern, geben Sie in den Feldern \"Von\" und \"Nach\" eine Verbindung ein.","login.hardlogin.begruessung":"Sie sind angemeldet, {0} {1} {2}","meinestrecken.loeschen.tooltip":"Strecke löschen","login.hardlogin.logout.tooltip":"Logout","titel.3":"Prof. Dr.","titel.2":"Prof.","titel.1":"Dr.","titel.0":"","login.softlogin.begruessung":"Herzlich Willkommen, {0} {1} {2}!","meinestrecken.keine.anonym":"Sie haben keine Strecken gespeichert. Im Bereich Meine Bahn können Sie Ihre wichtigsten Strecken hinterlegen und hier abrufen.","meinestrecken.via":"Über","anrede.1":"Frau","login.softlogin.logout.link.tooltip":"Hier melden Sie sich von \"Angemeldet bleiben\" ab und verzichten auf persönliche Angebote und Services.","anrede.0":"Herr","meinestrecken.speichern.gespeichert":"Strecke gespeichert","login.softlogin.logout.link.text":"Abmelden","login.softlogin.logout.value":"Sie sind nicht {0} {1} {2}?","login.softlogin.logout.tooltip":"Durch diesen Klick löschen Sie Ihre Cookies zur Personalisierung auf bahn.de. Mehr Informationen erhalten Sie in unseren Datenschutzhinweisen.","meinestrecken.bearbeiten":"Bearbeiten","meinestrecken.speichern":"Strecke speichern","meinestrecken.speichern.max":"Strecke speichern (max. {0} Strecken)"}
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Writing IframeState to cache: [object Object]
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a791773171.cdn.optimizely.com
cdn.m-pathy.com
cdn.optimizely.com
dmp.adform.net
logx.optimizely.com
m.exactag.com
ps.bahn.de
s2.adform.net
siteintercept.qualtrics.com
sslwidget.criteo.com
st.bahn.de
track.adform.net
vis.optimizely.com
www.bahn.de
www.img-bahn.de
www.static-bahn.de
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
104.17.209.240
15.236.175.233
178.250.2.151
2.16.187.49
2.17.191.209
23.43.121.57
2600:9000:215d:da00:1e:7aca:b8c0:93a1
2a02:26f0:6c00:19b::13b8
3.221.196.58
37.157.2.235
37.157.2.248
37.157.4.24
54.156.161.55
81.200.197.91
84.53.165.61
85.14.248.91
0965fd0c86a54875a6bd3d08231fe4042ea96fc354a40aeab2f31ed0c8b103a2
09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377
0a1c877ecaa033e22abaad722309878b1febc6db2a4762fbe583edf98e045776
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
0f81da785734c739e391be74974aa28cde1074b3dcc9cb7ad85c59ec7fda8eeb
24fb71543a65dc5ac2af201fdfa725f00065b40cd8830e86951ae75c15e3ef04
25b58e0d7cb58a31208da658faf2b8da4baa87ca1870c68bbbbb942040d180bd
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
27805b012ad48ed72ac027e0e5fbfd4610554310c0c46adaf0d0d318785a3213
298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7
2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
301fd4fb64fd7b976c74679c79de83e17e44e415540bba5b114c1dd53141b1fb
39469dcff773f11dc4d1672200d83e6f68ab0c95cca33c7a7cc38cff4c0b3968
3b51760fa571f941a26c2cb43ff53a3a65e556f373ce287e297091beb2027274
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
3e1a71dbeac14ad724fd5bf1f63d833a2cea06c7de8f9173b6d2a3bad0fbc7bf
4ea4d1f382c18e80f77f1aae50a6ce5f5f10236b132125af6d1c06c73fb7661e
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
5db9108016c62906c987c432fab8efb55a0c92425c9cace3793c536fa2aafcde
61175726d0a2de2cae41ad18d5eb5df94d23bbf156f9a6fed2c98fe31d731449
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
689f1796f6be9ef6c0c9380df50caa4f09569935c09fd21f57305686732ba0b4
6b0cc3a13aed84c9e43e98da236da9191969ca8813e1232400e48286de768f40
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
78f035ce576758047f1a3963127caa98b30171099aeab30597a403cd8ed87889
7ea1331d012fad978fd3df964b4f8d74aa46899d9a62a23c760c35a8462e9361
812f2ad61687b19ebff0fb7cb5ceb204b89307eb80cb03f2f231373c993ee24a
825131f978383977296b087ed1b0ad45c85e58a1a24c8302a7871efc1a590392
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708
846f8d539675a8b7014e4e2510f75e8ee8cf6a442f5d5072faea438b70872db6
8605f9caa8db8bc3a78228c071639b48daccd4c17764ac0341692541d874741f
87b95fcebb35063c2ee39c7022c77522be49c506672bbf58f312e6869b8c1e3b
8dd962317f64f8aa72e57ab1ed1d821a807ac759a210f18eaa31ee8feeca22cd
9059a482d812dc45fe7d8a0d5a3b1d650d8a3308bb62f41f1db4588984e4e67f
90d765be61f3668f58a9fee31185882edaf07d31b79ef37e1305b23fd01d6aef
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
a00c21dc315ee589f88f6e9c71f9aa400383a8af766347d43f1be7490d3d2b89
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
ad98aafd7af2044e0613833a78c1377adbfa9d7df89d5109e8abe60ab2b9db97
b92fb542ac5266d7900ce9f5616d5294635254644a67a563c151c8f3d2d4ef6a
bd45e3a7a55ce6d15988606f79657a593097ac40f0d29bff151fdd10b0438b88
bdd715407bbcb2c0325bb1e1466715b9ec9dcd2e7e662e647fddf74d92ba4150
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24
cd5bbe7a7b4a9d8e8a02455a6e9e0716380fc3b25f2346321f61e49ac4fe900e
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
db0ff20533bfabd0a73f8cefd62f4c4470cd7d4eb2b2f5a3a5afea37e8b03174
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e54959dcb5f3f52c453e60682fb7b10e6b3f12557205646fa491ea33267127f7
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
ed65491097e484171911b62df5625489757779c217f5bf87f2fdd6af9256325d
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062
f091ff05ef0adb41045d0eebe7e446c59d4cf4ceb382387beb9140acb933e0c8
ff458e01b24643b5a0d6b8a21452f5a582ac28527a05c36aa0ff6f37c5186214

www.bahn.de Open in urlscan Pro 2.17.191.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

100 %HTTPS

13 %IPv6

9 Domains

17 Subdomains

17 IPs

6 Countries

1232 kBTransfer

3552 kBSize

17 Cookies

32 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bahn.de Open in urlscan Pro
2.17.191.209 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

100 %
HTTPS

13 %
IPv6

9
Domains

17
Subdomains

17
IPs

6
Countries

1232 kB
Transfer

3552 kB
Size

17
Cookies

61 HTTP transactions
6 data transactions