urlscan.io logo urlscan.io
SecurityTrails logo

auth.fondsfinanz.de Open in urlscan Pro
89.202.70.14  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://online-zum-kunden.de/
Effective URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2F...
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On March 30 via api from IT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 89.202.70.14, located in Munich, Germany and belongs to EQUINIX, NL. The main domain is auth.fondsfinanz.de.
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 21st 2024. Valid for: a year.
This is the only time auth.fondsfinanz.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 194.97.156.218 5539 (SPACENET ...)
13 89.202.70.14 15830 (EQUINIX)
13 1
Apex Domain
Subdomains		 Transfer
14 fondsfinanz.de
wissenswelt.fondsfinanz.de
auth.fondsfinanz.de
183 KB
1 online-zum-kunden.de
online-zum-kunden.de
103 B
13 2
Domain Requested by
13 auth.fondsfinanz.de auth.fondsfinanz.de
1 wissenswelt.fondsfinanz.de 1 redirects
1 online-zum-kunden.de 1 redirects
13 3
Subject Issuer Validity Valid
*.fondsfinanz.de
Thawte TLS RSA CA G1		 2024-01-21 -
2025-02-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Frame ID: A0722B54B9F342236C6013801A00598A
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login der Fonds Finanz

Page URL History Show full URLs

  1. http://online-zum-kunden.de/ HTTP 307
    https://online-zum-kunden.de/ HTTP 301
    https://wissenswelt.fondsfinanz.de/services/online-beratung HTTP 302
    https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&... Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

1
IPs

1
Countries

182 kB
Transfer

747 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://online-zum-kunden.de/ HTTP 307
    https://online-zum-kunden.de/ HTTP 301
    https://wissenswelt.fondsfinanz.de/services/online-beratung HTTP 302
    https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorize
auth.fondsfinanz.de/oauth2/
Redirect Chain
  • http://online-zum-kunden.de/
  • https://online-zum-kunden.de/
  • https://wissenswelt.fondsfinanz.de/services/online-beratung
  • https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20of...
33 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
a3c69bacd74d7f3de7b3363b25fa7f8749fb28b2a6e51c0048cce3e0c21ce34f
Security Headers
Name Value
Strict-Transport-Security max-age=157680000
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sat, 30 Mar 2024 23:34:07 GMT
Server
nginx
Strict-Transport-Security
max-age=157680000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
DENY

Redirect headers

content-security-policy
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'
content-type
text/html; charset=UTF-8
date
Sat, 30 Mar 2024 23:34:07 GMT
location
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
semantic-ui-reset2.css
auth.fondsfinanz.de/assets/ 		153 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/assets/semantic-ui-reset2.css
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
055e79081fe2f759582cd021ddf3538b5ab130316fe5ce0edf418ff227436485
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Cteonnt-Length
156314
Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
semantic-ui-reset.css
auth.fondsfinanz.de/assets/ 		408 KB
76 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/assets/semantic-ui-reset.css
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
92cfc153fd6e53b4b952e12f5f1c623e6662d232298ae54d1004cc190fc17386
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Cteonnt-Length
417495
Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
prime-min-1.6.1.js
auth.fondsfinanz.de/js/ 		120 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/js/prime-min-1.6.1.js?version=1.41.3
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
68bf9a5d728ef58836824ba219273ac2ab3ce99f691764a0a165a9dace01d99a
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Tue, 22 Nov 2022 03:08:44 GMT
Server
nginx
ntCoent-Length
123187
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
LocaleSelect.js
auth.fondsfinanz.de/js/oauth2/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/js/oauth2/LocaleSelect.js?version=1.41.3
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
1e1f5022c76e1fb9e70581dff5967da037ba3e579867dde78554781e179e666a
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Fri, 9 Sep 2022 21:01:56 GMT
Server
nginx
ntCoent-Length
1865
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
824
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
jstz-min-1.0.6.js
auth.fondsfinanz.de/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/js/jstz-min-1.0.6.js
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
ebcb35563ab0d4a54fd83891e6e3629594237feb45e88ad023d3e329363cf273
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Tue, 9 Aug 2022 21:13:52 GMT
Server
nginx
ntCoent-Length
12076
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
4280
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
Authorize.js
auth.fondsfinanz.de/js/oauth2/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/js/oauth2/Authorize.js?version=1.41.3
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
ebcf33e8310a1642f46ddaea496ff6ea8d6e3416d29d2e74510b5997794f41d3
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Thu, 10 Nov 2022 07:06:10 GMT
Server
nginx
ntCoent-Length
2118
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
799
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
InProgress.js
auth.fondsfinanz.de/js/identityProvider/ 		617 B
849 B 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/js/identityProvider/InProgress.js?version=1.41.3
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
e402a8935f7d816a69bf497870d0a70eeaae4c10122addc36653bd911d710e73
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Content-Encoding
gzip
Last-Modified
Tue, 9 Aug 2022 21:13:52 GMT
Server
nginx
ntCoent-Length
617
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
297
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
ff-logo.svg
auth.fondsfinanz.de/assets/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.fondsfinanz.de/assets/ff-logo.svg
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
b69416db14fe83b927b53dde120d3dd1d04de3f4164f3ad8a4b82df81fa4cfe4
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
11015
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
eye-open.svg
auth.fondsfinanz.de/assets/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.fondsfinanz.de/assets/eye-open.svg
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
df7a19114b232b11d6768f10474a27052d61a703ed59a10e117241f393705cf1
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
2129
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
eye-closed.svg
auth.fondsfinanz.de/assets/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.fondsfinanz.de/assets/eye-closed.svg
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
c725623ef49405371cd3725004dd982fa42db7895854a360d0f9167a513a34d4
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
3235
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
linkedin-icon.svg
auth.fondsfinanz.de/assets/ 		526 B
1001 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.fondsfinanz.de/assets/linkedin-icon.svg
Requested by
Host: auth.fondsfinanz.de
URL: https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
ea5b60cc6980c5df9e0de489a4f314797cc0894dabc8591b930e22b7f894efd2
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
526
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT
favicon.ico
auth.fondsfinanz.de/assets/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth.fondsfinanz.de/assets/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.202.70.14 Munich, Germany, ASN15830 (EQUINIX, NL),
Reverse DNS
Software
nginx /
Resource Hash
b17f75d9a621c20183687790719a27f77a00fbdedda1cb1ef58bebcde5033185
Security Headers
Name Value
Strict-Transport-Security max-age=157680000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://auth.fondsfinanz.de/oauth2/authorize?code_challenge=KD0tj51ZZA-hUsQzdhO2EUyI5dg4vVRZDuxKjudMe1U&state=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2Fservices%2Fonline-beratung&scope=openid%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwissenswelt.fondsfinanz.de%2F&client_id=f823b7bc-e0d1-49de-8d78-4abbd6852192
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:34:07 GMT
Strict-Transport-Security
max-age=157680000
Last-Modified
Wed, 7 Feb 2024 05:41:10 GMT
Server
nginx
Content-Type
image/x-icon
Access-Control-Allow-Origin
*
Cache-Control
public
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1150
Retry-After
Sat, 6 Apr 2024 23:34:07 GMT
Expires
Sat, 6 Apr 2024 23:34:07 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| _inherits function| _setPrototypeOf function| _createSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _isNativeReflectConstruct function| _getPrototypeOf function| _typeof function| _classCallCheck function| _defineProperties function| _createClass object| Prime object| FusionAuth object| jstz function| togglePassword object| eventListeners

3 Cookies

Domain/Path Name / Value
.fondsfinanz.de/ Name: PHPSESSID
Value: 3kl0hthrgogjm813o6c4vf38if
auth.fondsfinanz.de/ Name: fusionauth.sso
Value: AhXNutLl5QYJwHr-CKvq0PQcFnyFndstdX7prpSHI9xq
auth.fondsfinanz.de/ Name: fusionauth.timezone
Value: Europe/Berlin

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=157680000
X-Frame-Options DENY