www.bahn.de Open in urlscan Pro
104.109.90.218 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.bahn.de/bahncard
Effective URL:
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Submission: On August 25 via manual (August 25th 2020, 6:55:41 am UTC) from IN

Summary HTTP 63 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 18 IPs in 6 countries across 9 domains to perform 63 HTTP transactions. The main IP is 104.109.90.218, located in Netherlands and belongs to AKAMAI-ASN1, EU. The main domain is www.bahn.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 10th 2020. Valid for: a year.

This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 37	104.109.90.218 104.109.90.218	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:f1:... 2a02:26f0:f1:281::13b8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.207.49.197 52.207.49.197	14618 (AMAZON-AES) (AMAZON-AES)
1	23.37.32.235 23.37.32.235	16625 (AKAMAI-AS) (AKAMAI-AS)
1	184.86.103.204 184.86.103.204	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.17.191.240 2.17.191.240	16625 (AKAMAI-AS) (AKAMAI-AS)
2	15.188.154.177 15.188.154.177	16509 (AMAZON-02) (AMAZON-02)
2	81.200.197.91 81.200.197.91	34156 (BAHN-AS-BLN) (BAHN-AS-BLN)
3	104.109.92.47 104.109.92.47	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
2	37.157.6.240 37.157.6.240	198622 (ADFORM) (ADFORM)
5	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:218... 2600:9000:2182:7800:1e:7aca:b8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	52.55.64.227 52.55.64.227	14618 (AMAZON-AES) (AMAZON-AES)
63	18

37 104.109.90.218 (Netherlands) 2 redirects

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-90-218.deploy.static.akamaitechnologies.com

www.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:f1:281::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.207.49.197 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-49-197.compute-1.amazonaws.com

vis.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.32.235 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-32-235.deploy.static.akamaitechnologies.com

cdn3.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.86.103.204 (United States)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a184-86-103-204.deploy.static.akamaitechnologies.com

www.static-bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.191.240 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-191-240.deploy.static.akamaitechnologies.com

a791773171.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.154.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

st.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.200.197.91 (Germany)

ASN34156 (BAHN-AS-BLN, DE)

ps.bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.109.92.47 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-92-47.deploy.static.akamaitechnologies.com

www.img-bahn.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.28 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.240 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.17.208.240 (United States)

ASN13335 (CLOUDFLARENET, US)

zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2182:7800:1e:7aca:b8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.m-pathy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.30 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

a1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.10 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.55.64.227 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	bahn.de 2 redirects www.bahn.de st.bahn.de ps.bahn.de	849 KB
6	adform.net 2 redirects dmp.adform.net s2.adform.net a1.adform.net	30 KB
6	optimizely.com cdn.optimizely.com vis.optimizely.com cdn3.optimizely.com a791773171.cdn.optimizely.com logx.optimizely.com	183 KB
5	qualtrics.com zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com siteintercept.qualtrics.com	52 KB
3	img-bahn.de www.img-bahn.de	34 KB
2	exactag.com m.exactag.com	4 KB
2	m-pathy.com cdn.m-pathy.com	22 KB
1	criteo.com sslwidget.criteo.com	1 KB
1	static-bahn.de www.static-bahn.de
63	9

	Domain	Requested by
37	www.bahn.de	2 redirects www.bahn.de
4	siteintercept.qualtrics.com	zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
3	www.img-bahn.de	ps.bahn.de
2	logx.optimizely.com	cdn.optimizely.com
2	m.exactag.com	www.bahn.de m.exactag.com
2	a1.adform.net	1 redirects a1.adform.net
2	cdn.m-pathy.com	www.bahn.de cdn.m-pathy.com
2	s2.adform.net	www.bahn.de
2	dmp.adform.net	1 redirects dmp.adform.net
2	ps.bahn.de	www.bahn.de www.img-bahn.de
2	st.bahn.de	www.bahn.de
1	sslwidget.criteo.com	www.bahn.de
1	zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com	www.bahn.de
1	a791773171.cdn.optimizely.com	cdn.optimizely.com
1	www.static-bahn.de	www.bahn.de
1	cdn3.optimizely.com	cdn.optimizely.com
1	vis.optimizely.com	cdn.optimizely.com
1	cdn.optimizely.com	www.bahn.de
63	18

This site contains links to these domains. Also see Links.

Domain
www.bahn.com
wl.hrs.de
fahrkarten.bahn.de
www.db-gruppen.de
reiseauskunft.bahn.de
bauinfos.deutschebahn.com
www.der-kleine-ice.de
inside.bahn.de
www.bahnbonus-freizeitwelt.de
www.youtube.com
www.facebook.com
twitter.com
www.instagram.com
youtube.com
community.bahn.de
itunes.apple.com
play.google.com
www.deutschebahn.com
bahnshop.de

Subject Issuer	Validity	Valid
www.bahn.de DigiCert SHA2 Extended Validation Server CA	`2020-01-10` - `2021-04-07`	a year	crt.sh
cdn.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
vis.optimizely.com Amazon	`2020-05-26` - `2021-06-26`	a year	crt.sh
*.optimizely.com DigiCert SHA2 Secure Server CA	`2020-01-20` - `2021-03-20`	a year	crt.sh
subsites.bahn.de Let's Encrypt Authority X3	`2020-07-13` - `2020-10-11`	3 months	crt.sh
*.cdn.optimizely.com GeoTrust RSA CA 2018	`2020-03-05` - `2021-06-04`	a year	crt.sh
st.bahn.de DigiCert SHA2 High Assurance Server CA	`2020-03-02` - `2021-06-09`	a year	crt.sh
ps.bahn.de Let's Encrypt Authority X3	`2020-08-24` - `2020-11-22`	3 months	crt.sh
www.img-bahn.de DigiCert SHA2 Secure Server CA	`2020-02-19` - `2021-04-14`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.qualtrics.com DigiCert SHA2 Secure Server CA	`2018-10-08` - `2021-01-06`	2 years	crt.sh
*.m-pathy.com Amazon	`2020-01-28` - `2021-02-28`	a year	crt.sh
*.criteo.com DigiCert ECC Secure Server CA	`2020-06-22` - `2020-09-20`	3 months	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2020-01-22` - `2022-04-21`	2 years	crt.sh
logx.optimizely.com DigiCert SHA2 High Assurance Server CA	`2018-10-01` - `2020-10-05`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Frame ID: ECC12A213978FE0C9EF95BEE0FA3F687
Requests: 60 HTTP requests in this frame

Frame: https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Frame ID: A89C81E02193726C46C2514313ED010A
Requests: 1 HTTP requests in this frame

Frame: https://a791773171.cdn.optimizely.com/client_storage/a791773171.html
Frame ID: DD00982FD579674FB47100D02E3C0888
Requests: 1 HTTP requests in this frame

Frame: https://ps.bahn.de/common/content/html/lmiframe.html
Frame ID: 6F22587598EEAFB30BC025D1B1549B5E
Requests: 5 HTTP requests in this frame

Frame: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=wcYQm7cnNwOI&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D
Frame ID: 243540BEE664D66024261B3CF5557DDE
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/px.aspx?id=5fb34e7333734e6b87a1248b6c19c10a
Frame ID: 0DB12753B9E00C7508E85EA85E682C5F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01 Page URL

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

63
Requests

100 %
HTTPS

12 %
IPv6

9
Domains

18
Subdomains

18
IPs

6
Countries

1174 kB
Transfer

3402 kB
Size

24
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bahn.com/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.bahn.com/cs/view/index.shtml#slc
Title: Český

Search URL Search Domain Scan URL

URL: https://www.bahn.com/da/view/index.shtml#slc
Title: Dansk

Search URL Search Domain Scan URL

URL: https://www.bahn.com/en/view/index.shtml#slc
Title: English

Search URL Search Domain Scan URL

URL: https://www.bahn.com/es/view/index.shtml#slc
Title: Español

Search URL Search Domain Scan URL

URL: https://www.bahn.com/fr/view/index.shtml#slc
Title: Français

Search URL Search Domain Scan URL

URL: https://www.bahn.com/it/view/index.shtml#slc
Title: Italiano

Search URL Search Domain Scan URL

URL: https://www.bahn.com/nl/view/index.shtml#slc
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://www.bahn.com/pl/view/index.shtml#slc
Title: Polski

Search URL Search Domain Scan URL

URL: https://wl.hrs.de/?code=ec95c0a4-f433-4ac4-bde5-6c8a9b3a0458&customerid=1060886022&lang=de
Title: Jetzt neu: Hotel buchen und für 1 Euro Umsatz = 1 BahnBonus Punkt sammeln

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/privatkunde/start/start.post?scope=meinebahn&lang=de&country=DEU&dbkanal_007=L01_S01_D001_KIN0004_TOP-NAVI-MEINE-BAHN_LZ01
Title: Meine Bahn

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?lang=de&scope=login&dbkanal_007=L01_S01_D001_KIN0004_TOP-NAVI-LOGIN_LZ01
Title: Login

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?scope=pwvergessen&lang=de
Title: Login-Daten vergessen?

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/cache/start/start.post?scope=bahnreg&lang=de
Title: Erstmalig anmelden

Search URL Search Domain Scan URL

URL: https://fahrkarten.bahn.de/grosskunde/start/kmu_start.post?scope=pwvergessen&lang=de
Title: Login-Daten vergessen?

Search URL Search Domain Scan URL

URL: https://www.db-gruppen.de/klassenfahrten?dbkanal_007=L01_S01_D001_KIN_-ta-NAVIGATION-gruppenreisen-klassenfahrten_LZ01
Title: Klassenfahrten mit Übernachtung

Search URL Search Domain Scan URL

URL: https://www.db-gruppen.de/gruppenreisen?dbkanal_007=L01_S01_D001_KIN_-ta-NAVIGATION-gruppenreisen-mituebernachtung_LZ01
Title: Gruppenreisen mit Übernachtung

Search URL Search Domain Scan URL

URL: https://reiseauskunft.bahn.de/bin/bhftafel.exe/dn?dbkanal_007=L01_S01_D001_KIN0011_-_rs_auskunft_NAVIGATION-bahnhofstafel_LZ01
Title: Bahnhofstafel online

Search URL Search Domain Scan URL

URL: https://bauinfos.deutschebahn.com/?dbkanal_007=L01_S01_D001_KIN0011_-_rs_auskunft_NAVIGATION-bauinfos_LZ01
Title: Baustellen-Infos

Search URL Search Domain Scan URL

URL: https://www.der-kleine-ice.de/?dbkanal_007=L01_S01_D001_KIN0011_-_KINDER-NAVIGATION-der-kleine-ICE_LZ01
Title: Der kleine ICE

Search URL Search Domain Scan URL

URL: https://inside.bahn.de/tag/kinder/?dbkanal_007=L01_S01_D001_KIN0011_-_KINDER-NAVIGATION-Inside-Bahn_LZ01
Title: Inside Bahn

Search URL Search Domain Scan URL

URL: https://www.bahnbonus-freizeitwelt.de/
Title: BahnBonus FreizeitWelt

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=tUAnvMm_U5Q
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/DBPersonenverkehr/
Title: Deutsche Bahn auf Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/db_bahn
Title: Deutsche Bahn auf Twitter

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dbpersonenverkehr/
Title: Deutsche Bahn auf Instagram

Search URL Search Domain Scan URL

URL: https://youtube.com/DBBahn
Title: YouTube Kanal der Deutsche Bahn

Search URL Search Domain Scan URL

URL: https://inside.bahn.de/
Title: Inside Bahn

Search URL Search Domain Scan URL

URL: https://community.bahn.de/
Title: Service Community der Deutsche Bahn

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/de/app/db-navigator/id343555245?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=de.hafas.android.db

Search URL Search Domain Scan URL

URL: http://www.deutschebahn.com/?dbkanal_007=L01_S01_D001_KIN0001_footer-deutschebahn_LZ01
Title: Konzern

Search URL Search Domain Scan URL

URL: https://bahnshop.de/?dbkanal_007=L01_S01_D001_KIN0001_footer-bahnshop_LZ01
Title: Bahnshop

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/bahncard HTTP 301
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://dmp.adform.net/audiencetag/adformat.js HTTP 301
https://s2.adform.net/banners/scripts/audiencetag/adformat.js

Request Chain 53

https://a1.adform.net/serving/scripts/trackpoint/async/ HTTP 301
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

63 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.shtml Show response
www.bahn.de/p/view/bahncard/
Redirect Chain

http://www.bahn.de/bahncard
https://www.bahn.de/bahncard
https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

65 KB
13 KB

130ms
130ms

Document
text/html

104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

567f0201fa0ee3b5a8537aaa0362ef646bd61ac9be49701850050517924c2429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.bahn.de
:scheme: https
:path: /p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html
server: AmazonS3
x-amz-id-2: lUekg9I+HTnPdWcwB1yLZFHel9PUgVW/CX83RZWx4C63tpn7XuDj+ThBuGAvJdUbatSa2kAwGoY=
x-amz-request-id: 3530F9EECF1A88BD
last-modified: Thu, 20 Aug 2020 08:19:14 GMT
etag: "a2539b3efdf497563551965fed2ad412"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=600
date: Tue, 25 Aug 2020 06:55:24 GMT
content-length: 13002
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload

Redirect headers

status: 301
content-type: text/html; charset=iso-8859-1
content-length: 306
server: Apache
x-sp: 2950
location: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
cache-control: max-age=600
date: Tue, 25 Aug 2020 06:55:24 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload

GET
H2 200 portal.min.css
www.bahn.de/common/view/static/58afb948/responsive/css/ 470 KB
98 KB 28ms
26ms Stylesheet
text/css 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 573CBCC9A4C17FEB
status: 200
vary: Accept-Encoding
content-length: 99778
x-amz-id-2: q3Nuvba8Jj/T63QexUXzCEWpnMkTOM6wTG9z7DO1DUgxcnat+d87T6ctZetdgwxl7duK9B3SPvo=
last-modified: Mon, 10 Aug 2020 06:33:30 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "cd49343dce1d376767f5e6ecb4f62323"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/css
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 softlogin.min.js Show response
www.bahn.de/common/view/static/58afb948/responsive/js/ 63 KB
19 KB 47ms
46ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 63901B64DE6581A4
status: 200
vary: Accept-Encoding
content-length: 18289
x-amz-id-2: CqBzB6YCLbVJQtkt4mKgn9i2FPbFPVgpP+yBHCMGTHa1bn2n+UtON0JZdm4fntzjbIqlR36g6J4=
last-modified: Mon, 10 Aug 2020 06:33:33 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "e05b454dfa1d1468d94e0f903a8099f6"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 8033263973.js Show response
cdn.optimizely.com/js/ 842 KB
181 KB 21ms
6ms Script
text/javascript 2a02:26f0:f1:281::13b8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.optimizely.com/js/8033263973.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:f1:281::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e3f23ebfed96cebaa9f25baefb3391e862e36efcf75c1dfc4bee3c5e1e519101

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-meta-pci_enabled: False
x-amz-version-id: g10iRSHMJIFK63DXcRv4mwm29ujalmTN
content-encoding: gzip
etag: "80130d64c31e1ab71e5ee29608666118"
x-amz-request-id: 523AF91B47EE18EA
status: 200
x-amz-replication-status: COMPLETED
access-control-allow-methods: GET, HEAD
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:f1:281::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
vary: Accept-Encoding
content-length: 184759
x-amz-id-2: I+JSWGa7XWgmi7Kw078jw98RvrrvqmQAQMUz3kU0Hn13gRY13bZZre4xsfiIcRL1wlzDPj+YnRQ=
last-modified: Mon, 24 Aug 2020 14:37:31 GMT
server: AmazonS3
date: Tue, 25 Aug 2020 06:55:24 GMT
access-control-max-age: 86400
strict-transport-security: max-age=15768000
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: x-amz-meta-revision
cache-control: max-age=1200
x-amz-meta-revision: 16972
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: *

GET
H2 200 modernizr-2.8.3.min.js Show response
www.bahn.de/common/view/static/58afb948/js/lib/modernizr/ 11 KB
5 KB 55ms
54ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/js/lib/modernizr/modernizr-2.8.3.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: A3A7FDCD346DD0A5
status: 200
vary: Accept-Encoding
content-length: 4530
x-amz-id-2: YA/8GLKvCFSZmzqZt4KG0eAnduOUiHk5L54dFw1GE2YtorPbTi1zLJfSOQ+AlFMMHHzT1nDwPG0=
last-modified: Mon, 10 Aug 2020 06:33:29 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "e5e402607e45feccd78c4f49b96938c3"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 db_em_rgb_100px.svg
www.bahn.de/common/view/static/v8/img/ 828 B
1 KB 40ms
37ms Image
image/svg+xml 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/v8/img/db_em_rgb_100px.svg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 5FBF621F78FEF418
status: 200
vary: Accept-Encoding
content-length: 480
x-amz-id-2: ym35LsROPFYNOaPMcPiL0bUMEwYdeClGUdq8djo0VaJ0lDapjEb8WosK3X4u6agGogAD2Iz+4Js=
last-modified: Sat, 19 May 2018 09:41:10 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "595cfbce732795e1d7cb8cbec1934345"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 mdb_317089_header_bc_uebersicht_980x245_980x245.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/visuals_redesign_2020/ 26 KB
27 KB 40ms
37ms Image
image/jpeg 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/visuals_redesign_2020/mdb_317089_header_bc_uebersicht_980x245_980x245.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

afeb8024551f3f8dfff758fcf65a03b6aeb2554f6b5f15e874f4b1c52cb4525d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 21:51:54 GMT
server: Akamai Image Manager
etag: "f81cac4fb3111a287a7be9af7c5e0feb"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
status: 200
cache-control: private, no-transform, max-age=485818
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 26813
x-xss-protection: 1; mode=block
expires: Sun, 30 Aug 2020 21:52:22 GMT

GET
H2 200 mdb_315353_bc25_2kl_280x140.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/ 6 KB
6 KB 50ms
48ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/mdb_315353_bc25_2kl_280x140.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

dce7defaf00939f249d9bae2165fea347628fd6dab0314c1b474b0fee028147e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 21:51:55 GMT
server: Akamai Image Manager
etag: "6a638878aec69ac61740e660ae3fe4c3"
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=485731
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 5986
x-xss-protection: 1; mode=block
expires: Sun, 30 Aug 2020 21:50:55 GMT

GET
H2 200 mdb_315330_bc50_2kl_280x140.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/ 6 KB
6 KB 51ms
48ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/mdb_315330_bc50_2kl_280x140.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

0b2e62af28f304c3771bfa2c374b3034e865abde64e36d8070208b0670e86b35

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jul 2020 21:51:54 GMT
server: Akamai Image Manager
etag: "2573d8d0ee7aea38882fc86fc7887ccc"
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=485844
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 5816
x-xss-protection: 1; mode=block
expires: Sun, 30 Aug 2020 21:52:48 GMT

GET
H2 200 mdb_317223_bahncard_faecher02_280x140.png
www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/ 9 KB
10 KB 67ms
65ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/abbildungen_2020/redesign_2020/mdb_317223_bahncard_faecher02_280x140.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

e978dcd58e844eabc0aee8fc980853ee5f840502280ef2ddc7322d44f07b3e5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
status: 200
content-length: 9154
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 08:26:35 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
etag: "1d7b704515ed99c8b18d8390c8dbf973"
x-serial: 1454
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/webp
cache-control: private, no-transform, max-age=696653
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
expires: Wed, 02 Sep 2020 08:26:17 GMT

GET
H2 200 mdb_264140_05_comfort_portal_280x140_cp_31x0_397x183.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bc_100/ 8 KB
9 KB 68ms
65ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bc_100/mdb_264140_05_comfort_portal_280x140_cp_31x0_397x183.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

301fd4fb64fd7b976c74679c79de83e17e44e415540bba5b114c1dd53141b1fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 504
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=263128
last-modified: Fri, 05 Jun 2020 07:59:51 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 8172
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Fri, 28 Aug 2020 08:00:52 GMT

GET
H2 200 mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 5 KB
6 KB 78ms
76ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270907_db_bb_marketingteaser_980x300_v2_280x140_cp_380x0_980x300.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 07:59:50 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=263244
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 5202
x-xss-protection: 1; mode=block
expires: Fri, 28 Aug 2020 08:02:48 GMT

GET
H2 200 mdb_270611_db_bb_partnerseite_700x214_280x140_cp_334x15_700x198.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 7 KB
7 KB 78ms
76ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270611_db_bb_partnerseite_700x214_280x140_cp_334x15_700x198.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

8dd962317f64f8aa72e57ab1ed1d821a807ac759a210f18eaa31ee8feeca22cd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1409
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=263093
last-modified: Thu, 02 Jul 2020 08:00:12 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 6686
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Fri, 28 Aug 2020 08:00:17 GMT

GET
H2 200 mdb_308406_playbutton_1000x500_980x490.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/ 51 KB
52 KB 83ms
81ms Image
image/jpeg 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/mdb_308406_playbutton_1000x500_980x490.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

ad98aafd7af2044e0613833a78c1377adbfa9d7df89d5109e8abe60ab2b9db97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1106
x-frame-options: SAMEORIGIN
content-type: image/jpeg
status: 200
cache-control: private, no-transform, max-age=324373
last-modified: Sat, 06 Jun 2020 00:47:21 GMT
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 52319
x-xss-protection: 1; mode=block
server: Akamai Image Manager
expires: Sat, 29 Aug 2020 01:01:37 GMT

GET
H2 200 mdb_270742_180427_ly_bahnbonus_bahn_de_startseite_980x300_980x300_cp_0x0_980x300.jpg
www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/ 33 KB
34 KB 88ms
86ms Image
image/webp 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/p/view/mdb/bahnintern/bahncard/bahnbonus/bahnbonus_relaunch/mdb_270742_180427_ly_bahnbonus_bahn_de_startseite_980x300_980x300_cp_0x0_980x300.jpg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

39469dcff773f11dc4d1672200d83e6f68ab0c95cca33c7a7cc38cff4c0b3968

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 05 Jun 2020 07:56:47 GMT
server: Akamai Image Manager
x-frame-options: SAMEORIGIN
content-type: image/webp
status: 200
cache-control: private, no-transform, max-age=262913
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-length: 34046
x-xss-protection: 1; mode=block
expires: Fri, 28 Aug 2020 07:57:17 GMT

GET
H2 200 portal-index.min.js Show response
www.bahn.de/common/view/static/58afb948/responsive/js/ 323 KB
93 KB 25ms
24ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 87C402CEA12F272C
status: 200
vary: Accept-Encoding
content-length: 94604
x-amz-id-2: iXqVbESsI91ntTbswFhcnninkXedBzTPaBvT+ljS40yFvm2FrROe2gKnJw27PZeoBzWlh36O+EE=
last-modified: Mon, 10 Aug 2020 06:33:33 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "4d21ea9768ec8730d87f447509346a86"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 s_code.min.js Show response
www.bahn.de/common/view/static/58afb948/js/lib/omniture/ 111 KB
38 KB 28ms
27ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: 02ED5044FEF6DD41
status: 200
vary: Accept-Encoding
content-length: 37926
x-amz-id-2: mJsF1YIsDuydrn7VByHwRbCWg3Ou+dg2H/Q/gwpQglZg0K8+gR27d8cRl06h6qdHDdycdbBdYRk=
last-modified: Mon, 10 Aug 2020 06:33:29 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "c12f54903e3a0b802d70539124a34902"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H/1.1 200
OK oeu1598338524793r0.28836227367863176 Show response
vis.optimizely.com/api/targeting/8033263973/8512265067/ 1 KB
621 B 448ms
116ms XHR
application/json 52.207.49.197
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://vis.optimizely.com/api/targeting/8033263973/8512265067/oeu1598338524793r0.28836227367863176
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.207.49.197 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-207-49-197.compute-1.amazonaws.com
Software: nginx / Express
Resource Hash: c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Content-Encoding: gzip
ETag: W/"-1045647723"
Server: nginx
X-Powered-By: Express
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 284

GET
H/1.1 200
OK geo2.js Show response
cdn3.optimizely.com/js/ 292 B
699 B 85ms
29ms Script
application/javascript 23.37.32.235
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.optimizely.com/js/geo2.js
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.32.235 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-32-235.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 4b708a93b4ae2d1f04089be6f053e0ac3029c552820a92930ba1b3d943024199

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Y1BKPK.c9lIaZx2uYj8JMWZye_vJfrh9
Server: AmazonS3
x-amz-request-id: 0C0611D4BAE5A557
ETag: "adadfc5d7afd13e353d9d52cec1c7827"
Content-Type: application/javascript
Cache-Control: max-age=15501
Date: Tue, 25 Aug 2020 06:55:24 GMT
Connection: keep-alive
Content-Length: 292
x-amz-id-2: 7v0jVdsDaVuFkloSm87Qp6eTjuyP3PKOTOeNPgoo0dISWdPFABuwtcQ1rnDyYMzNGxMcwJUf2zw=

GET
H2 200 svg-sprites.svg
www.bahn.de/common/view/static/58afb948/responsive/img/ 324 KB
88 KB 90ms
89ms Other
image/svg+xml 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/img/svg-sprites.svg

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-request-id: BFD6B3ECACAADF83
status: 200
vary: Accept-Encoding
content-length: 89114
x-amz-id-2: zVTUiBKVNMZVt2PN1CK7HVB4KmjTyrj5su6hrHvk9WKXKJeo2J2mLfh4ThvbAs8K8z6FeTIxHdU=
last-modified: Mon, 10 Aug 2020 06:33:33 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "5897c322752528b7f1b3c668589924bb"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/svg+xml
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 icon-s73bc5bf69c.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 53 KB
54 KB 105ms
104ms Image
image/png 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/img/icon-s73bc5bf69c.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-amz-request-id: 407160CD5E1072E3
status: 200
content-length: 54236
x-amz-id-2: C4WPa9vDH/4dW92IzEdymCtWNaWcUofCyhP5h3xzhBx6V6YTxAU6+o9QF17xYFAJkALxsu0RUXI=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "aeea28ca3930a6dcf8000d07b505436f"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 bg_nav_active_left.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 132 B
734 B 106ms
106ms Image
image/png 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/img/bg_nav_active_left.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-amz-request-id: 74E49C05FBA6A3F9
status: 200
content-length: 132
x-amz-id-2: 4W3SPABRzvgAnr1CC58kZpVi10NHwhmY79C3DQom6zOX0DT4XxdQgWLuK+6VKvT3dBc7wXju9ks=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "098d59e7f12383ee5f816b3ae8c12453"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 bg_nav_active_right.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 132 B
734 B 107ms
107ms Image
image/png 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/img/bg_nav_active_right.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-amz-request-id: D08C34AB65390A3D
status: 200
content-length: 132
x-amz-id-2: jI8UlZBYgv/xO16cQCW4oSr9HUatZI0GUVw9qqx1IQAtawKj2qPtp4Kn1WBKtl+ipVfDdy82pR4=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "157df68f54b882b853b4d0efe4d1b688"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 538 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdd715407bbcb2c0325bb1e1466715b9ec9dcd2e7e662e647fddf74d92ba4150

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 824 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e1a71dbeac14ad724fd5bf1f63d833a2cea06c7de8f9173b6d2a3bad0fbc7bf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd45e3a7a55ce6d15988606f79657a593097ac40f0d29bff151fdd10b0438b88

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1019 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5db9108016c62906c987c432fab8efb55a0c92425c9cace3793c536fa2aafcde

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d765be61f3668f58a9fee31185882edaf07d31b79ef37e1305b23fd01d6aef

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff458e01b24643b5a0d6b8a21452f5a582ac28527a05c36aa0ff6f37c5186214

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 logo-s56974c59c7.png
www.bahn.de/common/view/static/58afb948/responsive/img/ 87 KB
88 KB 113ms
112ms Image
image/png 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/img/logo-s56974c59c7.png

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-amz-request-id: D162544BA1E73AF7
status: 200
content-length: 89271
x-amz-id-2: I9xK1p396WZ4+5ZThEvgoGlnMfv4nchZpl9j+WbV3PGx60hGXBYdNQyZ8nrZnH+qEGbhcAb6GBQ=
last-modified: Mon, 10 Aug 2020 06:33:32 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "16c145f3dc47144568268b324ce7d863"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 dbsan03-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 48 KB
48 KB 101ms
100ms Font
binary/octet-stream 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan03-webfont.woff

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.bahn.de
Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
x-content-type-options: nosniff
x-amz-request-id: F267E3EBC2E54D77
status: 200
content-length: 48820
x-amz-id-2: /zDrxa/xOKYCCWE4dKR7vC7XZYtaNrKD/3FkevwOHglnwLP4HFTy30VUUVwNYYb9S8Yt3KbWGD8=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "ee22058781511177b60092028f12eea2"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: binary/octet-stream
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 db-icons.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 29 KB
29 KB 104ms
104ms Font
binary/octet-stream 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/fonts/db-icons.woff?de5f8900bd1b6298cc0ca94466418537

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.bahn.de
Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
x-content-type-options: nosniff
x-amz-request-id: F0F875985E377712
status: 200
content-length: 29320
x-amz-id-2: Yvj6ABlI6EefDs7i8l05ADaxv6P5+wxVXC4q04sAlO4UA9FWLgD8TdOpukPy7SEJU8BTtBs2ixE=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "2ee679e77cd50b24e96de14b9e9f44fa"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: binary/octet-stream
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 dbsan06-webfont.woff
www.bahn.de/common/view/static/58afb948/responsive/fonts/ 48 KB
48 KB 112ms
112ms Font
binary/octet-stream 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/common/view/static/58afb948/responsive/fonts/dbsan06-webfont.woff

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.bahn.de
Referer: https://www.bahn.de/common/view/static/58afb948/responsive/css/portal.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
x-content-type-options: nosniff
x-amz-request-id: 6E2793C912DEF457
status: 200
content-length: 48880
x-amz-id-2: IsQ4RZe3cOx4ZXFf/270V6G5w3ISjgnOYmnF5DbyypJCQqYrN0Jtcu8zZ7DxroMf9XZuWZowJws=
last-modified: Mon, 10 Aug 2020 06:33:31 GMT
server: AmazonS3
x-frame-options: SAMEORIGIN
etag: "df5cd4cd4e41ddfaf7017f95765d6308"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: binary/octet-stream
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 skyscraper.html
www.static-bahn.de/media/view/mdb/media/w/skyscraper/ Frame A89C 0
0 73ms
21ms Document
text/html 184.86.103.204
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.86.103.204 , United States, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a184-86-103-204.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload

Request headers

:method: GET
:authority: www.static-bahn.de
:scheme: https
:path: /media/view/mdb/media/w/skyscraper/skyscraper.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

status: 200
content-type: text/html
server: Apache
last-modified: Thu, 19 Dec 2019 11:16:01 GMT
etag: "fe-59a0cafaa1e40"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 186
cache-control: max-age=600
date: Tue, 25 Aug 2020 06:55:25 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload

GET
H2 200 a791773171.html
a791773171.cdn.optimizely.com/client_storage/ Frame DD00 0
0 90ms
41ms Document
text/html 2.17.191.240
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://a791773171.cdn.optimizely.com/client_storage/a791773171.html

Requested by

Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.17.191.240 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-17-191-240.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: a791773171.cdn.optimizely.com
:scheme: https
:path: /client_storage/a791773171.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

status: 200
x-amz-id-2: Lo3l5eqFCCBIVYtZjBi5Gi0lLKFzwPW8bFTBp288OufBPBLrByIRBRx0v8Ppz0n6gCiOtBJvQmE=
x-amz-request-id: DAF39F347035269F
x-amz-replication-status: COMPLETED
last-modified: Mon, 24 Aug 2020 14:37:09 GMT
etag: "b3e825fb408bd6a2648065b0f3ecec39"
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: 5o1mfm2ilF8dM7XV52jAkFJif8LIyFTg
accept-ranges: bytes
content-type: text/html; charset=utf-8
content-length: 773
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
date: Tue, 25 Aug 2020 06:55:25 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="6";dur=0,cdnip;desc="2.17.191.240";dur=0,cdnmap;desc="a4343.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000

GET
H2 200 id Show response
st.bahn.de/ 48 B
482 B 104ms
25ms XHR
application/x-javascript 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://st.bahn.de/id?d_visid_ver=4.6.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=44872459399040329784288669842704414114&ts=1598338525001

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/js/lib/omniture/s_code.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

4a8613b63ef092474a24f37684b2bd5e398dfc99b92168c1715eb41dfdd06995

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b958987b-8bwqm
vary: Origin
x-c: master-1337.If22631.M0-435
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.bahn.de
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 200 utag.js Show response
www.bahn.de/media/view/tms/ 51 KB
15 KB 25ms
25ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 14477
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "cae1-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 getjson.pl Show response
www.bahn.de/pbin/ 104 KB
16 KB 84ms
83ms XHR
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/pbin/getjson.pl?name=nav_p&callback=jQuery111004178994244807104_1598338524984&_=1598338524985

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/portal-index.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1529681792397819c7474b86a078038f3516aa0c15297279b57d9b1ef21cfde9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: max-age=180
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
vary: Accept-Encoding
content-length: 15896
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK Cookie set lmiframe.html Show response
ps.bahn.de/common/content/html/ Frame 6F22 2 KB
3 KB 104ms
28ms Document
text/html 81.200.197.91
BAHN-AS-BLN

General

Check archive.org

Show headers Download Go to

Full URL

https://ps.bahn.de/common/content/html/lmiframe.html

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/58afb948/responsive/js/softlogin.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),

Reverse DNS

Software

Apache /

Resource Hash

a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Host: ps.bahn.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: optimizelyEndUserId=oeu1598338524793r0.28836227367863176; bahn-cmf=dbkanal_004%7CL01_S01_D001_FKPM0020_redirect-bc_LZ01; AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg=-408604571%7CMCIDTS%7C18500%7CMCMID%7C44872459399040329784288669842704414114%7CvVersion%7C4.6.0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 2209
Connection: keep-alive
Set-Cookie: AWSALB=641ZV0qprftYWDvCzGah8WKRmA9DW+upo/ebu8W3cjfdFAcyAVsA5sO/3fyHO66szq09Wq0au1QaqyeItkMp1sPKrEOfWhaOTRXQEKG5xqV4UMH8zRE0hJ0tPirZ; Expires=Tue, 01 Sep 2020 06:55:25 GMT; Path=/ AWSALBCORS=641ZV0qprftYWDvCzGah8WKRmA9DW+upo/ebu8W3cjfdFAcyAVsA5sO/3fyHO66szq09Wq0au1QaqyeItkMp1sPKrEOfWhaOTRXQEKG5xqV4UMH8zRE0hJ0tPirZ; Expires=Tue, 01 Sep 2020 06:55:25 GMT; Path=/; SameSite=None; Secure
Server: Apache
Last-Modified: Tue, 18 Aug 2020 07:01:38 GMT
Accept-Ranges: bytes
Strict-Transport-Security: max-age=16070400; includeSubDomains

GET
H2 200 s49528086837996
st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/ 43 B
550 B 26ms
25ms Image
image/gif 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://st.bahn.de/b/ss/dbbahnprod/1/JS-2.20.0/s49528086837996?AQB=1&ndh=1&pf=1&t=25%2F7%2F2020%208%3A55%3A25%202%20-120&mid=44872459399040329784288669842704414114&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=BAHN_PVE_DEU_DE_bahncard_index&g=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&c.&Rendering=Desktop&Orientierung=Landscape&page_info=0%7C0%2C0x0%2C0x0%2C0%2C&first_page_of_visit=true&dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01&persistent_campaign=L01_S01_D001_FKPM0020_redirect-bc_LZ01&load_time=5&.c&cc=EUR&ch=BAHN_PVE_DEU_DE&v0=L01_S01_D001_FKPM0020_redirect-bc_LZ01&events=event45%2Cevent46&c1=D%3Dv0&v1=D%3Dv0&h1=PVE%3Ebahncard&c4=BAHN_PVE_DEU_DE&v4=BAHN_PVE_DEU_DE&c14=D%3Dv14&v14=L01_S01_D001_FKPM0020_redirect-bc_LZ01&c22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&v22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&c24=D%3DpageName&v24=D%3DpageName&c47=L01_S01_D001_FKPM0020_redirect-bc_LZ01%3EBAHN_PVE_DEU_DE_bahncard_index&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:24 GMT
x-content-type-options: nosniff
x-c: master-1337.If22631.M0-435
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 26 Aug 2020 06:55:25 GMT
server: jag
xserver: anedge-7b958987b-rhn5k
etag: 3432405846491234304-4614403734883020224
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 24 Aug 2020 06:55:25 GMT

GET
H2 200 utag.140.js Show response
www.bahn.de/media/view/tms/ 3 KB
2 KB 29ms
28ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1366
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "a82-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.85.js Show response
www.bahn.de/media/view/tms/ 3 KB
2 KB 30ms
28ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1337
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "a5f-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.74.js Show response
www.bahn.de/media/view/tms/ 2 KB
2 KB 32ms
30ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1134
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "8d2-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.138.js Show response
www.bahn.de/media/view/tms/ 4 KB
2 KB 32ms
31ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.138.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 1968
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "11fe-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.163.js Show response
www.bahn.de/media/view/tms/ 15 KB
4 KB 33ms
32ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.163.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 3634
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "3db7-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.160.js Show response
www.bahn.de/media/view/tms/ 16 KB
5 KB 34ms
33ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.160.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 4291
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "3e8f-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 utag.159.js Show response
www.bahn.de/media/view/tms/ 11 KB
4 KB 35ms
34ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/utag.159.js?utv=ut4.46.202007280644

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

65cd533a76b7b1b930887d91c9d915d45fc3a2e274884f35123aeb123183ce41

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 3484
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Aug 2020 14:27:40 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "2a29-5abf9f0e06f00"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H/1.1 200
OK es6-promise.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 6F22 32 KB
7 KB 68ms
20ms Script
application/javascript 104.109.92.47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/es6-promise.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-92-47.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Aug 2020 07:05:41 GMT
Server: AmazonS3
x-amz-request-id: 6D2DDA565781956E
ETag: "c833d9c873652af4a666772e9930b031"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6686
x-amz-id-2: V34YJ1XEOhj9J0WDde/wMuwII3RIZaiI16S6rxOKAUEqbUTHdlqCmbhk60LxxVZpxSoyOj/F6xI=
Expires: Tue, 25 Aug 2020 07:10:25 GMT

GET
H/1.1 200
OK common.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 6F22 29 KB
6 KB 70ms
20ms Script
application/javascript 104.109.92.47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/common.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-92-47.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Aug 2020 07:05:41 GMT
Server: AmazonS3
x-amz-request-id: 5AD25B172B0A16FD
ETag: "34057f636668a1f6f1d15a4de2bc090c"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5489
x-amz-id-2: BseMVCfragkLpic6bn4R8yIHICydoeJyQUr/0QMQKJdXRBsD7CnRC1i9awP/og2OzSs9ROxW3EQ=
Expires: Tue, 25 Aug 2020 07:10:25 GMT

GET
H/1.1 200
OK softlogin.js Show response
www.img-bahn.de/s3/prod/es//js/ Frame 6F22 117 KB
21 KB 81ms
32ms Script
application/javascript 104.109.92.47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js
Requested by: Host: ps.bahn.de
URL: https://ps.bahn.de/common/content/html/lmiframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.92.47 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a104-109-92-47.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: aa5d744d0f56d180ccf5dfe010d8d65d82e479134a1ea9208ab7923bed5ce1d0

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Content-Encoding: gzip
Last-Modified: Tue, 18 Aug 2020 07:05:42 GMT
Server: AmazonS3
x-amz-request-id: 3211D37D73847598
ETag: "2963088b532d359e872e4ed9c084ac65"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21164
x-amz-id-2: mK5AAdGlt2OOA7+fJ+F4YGbA4olR+1O4kWJY0brsCC62wpbbr1JYlYFU/qYKrLRodhg+0EeHcbY=
Expires: Tue, 25 Aug 2020 07:10:25 GMT

GET
H2

200

adformat.js Show response
s2.adform.net/banners/scripts/audiencetag/
Redirect Chain

https://dmp.adform.net/audiencetag/adformat.js
https://s2.adform.net/banners/scripts/audiencetag/adformat.js

3 KB
2 KB

90ms
32ms

Script
application/x-javascript

37.157.6.240
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/audiencetag/adformat.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.240 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
last-modified: Thu, 09 Jul 2020 13:08:55 GMT
server: nginx
etag: W/"5f0716e7-c6a"
x-cache-status: HIT
status: 200
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

status: 301
date: Tue, 25 Aug 2020 06:55:25 GMT
server: nginx
location: https://s2.adform.net/banners/scripts/audiencetag/adformat.js
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 / Show response
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/ 52 KB
15 KB 36ms
30ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&t=1598338525260

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.46.202007280644

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9c70dbcf68ff7ddfac4c79dbb728407dce2d5b2c67fecbba1e1060619a5612c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 379188
cf-polished: origSize=54309
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 04c5ff805500000bb58a16d200000001
cf-bgj: minify
server: cloudflare
x-powered-by: Express
etag: W/"d425-wPVX2BrG/kuafx3umeIQUuVh8GE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
cf-ray: 5c836846eefa0bb5-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 a2987.js Show response
cdn.m-pathy.com/js/ 22 KB
6 KB 34ms
11ms Script
application/javascript 2600:9000:2182:7800:1e:7aca:b8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.m-pathy.com/js/a2987.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.46.202007280644
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:7800:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fb5c4d8910262f9be48b251a7185ba6051d0b4b09d45c0d0cc2af28caace8cce

Request headers

Origin: https://www.bahn.de
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:10:13 GMT
content-encoding: gzip
age: 2712
x-cache: Hit from cloudfront
status: 200
content-length: 6082
access-control-allow-origin: *
last-modified: Tue, 25 Aug 2020 06:05:45 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "577a-5adad7e6825f4-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: 0asIWcgVRKQiyPYiyT6t45J3XnNddb39nYOsSjG9NT2xCE3G-jW4SA==
expires: Tue, 25 Aug 2020 07:10:13 GMT

GET
H2 200 exactag.js Show response
www.bahn.de/media/view/tms/js/ 13 KB
6 KB 27ms
26ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/js/exactag.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 5428
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 11:16:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "321a-59a0cafaa1e40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2

200

trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/
Redirect Chain

https://a1.adform.net/serving/scripts/trackpoint/async/
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

78 KB
28 KB

85ms
46ms

Script
application/x-javascript

37.157.6.240
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.240 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
last-modified: Thu, 09 Jul 2020 12:14:55 GMT
server: nginx
etag: W/"5f070a3f-13780"
x-cache-status: HIT
status: 200
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

status: 301
date: Tue, 25 Aug 2020 06:55:25 GMT
server: nginx
location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H2 200 criteo.js Show response
www.bahn.de/media/view/tms/js/ 14 KB
6 KB 22ms
21ms Script
text/javascript 104.109.90.218
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bahn.de/media/view/tms/js/criteo.js

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.90.218 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-90-218.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Accept-Encoding
content-length: 5403
x-xss-protection: 1; mode=block
last-modified: Thu, 19 Dec 2019 11:16:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: "3802-59a0cafaa1e40"
strict-transport-security: max-age=15768000 ; includeSubDomains ; preload
content-type: text/javascript
cache-control: max-age=2592000
content-security-policy: default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges: bytes

GET
H2 200 event Show response
sslwidget.criteo.com/ 1 KB
1 KB 88ms
31ms Script
application/x-javascript 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://sslwidget.criteo.com/event?a=16780&v=4.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh%26ui_db_page%3DBAHN_PVE_DEU_DE_bahncard_index&p2=e%3Ddis&adce=1
Requested by: Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/criteo.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: /
Resource Hash: c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Aug 2020 06:55:24 GMT
content-encoding: gzip
content-type: application/x-javascript
vary: Accept-Encoding
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
status: 200
cache-control: no-cache
server-processing-duration-in-ticks: 7621
timing-allow-origin: *
content-length: 863
expires: 0

GET
H2 200 loader.js Show response
cdn.m-pathy.com/modules/4.16-164/ 43 KB
15 KB 13ms
12ms Script
application/javascript 2600:9000:2182:7800:1e:7aca:b8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.m-pathy.com/modules/4.16-164/loader.js
Requested by: Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2182:7800:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062

Request headers

Origin: https://www.bahn.de
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:36:36 GMT
content-encoding: gzip
age: 1129
x-cache: Hit from cloudfront
status: 200
content-length: 15101
access-control-allow-origin: *
last-modified: Mon, 02 Mar 2020 12:42:50 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "acff-59fde8666e680-gzip"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
cache-control: max-age=2419200
x-amz-cf-pop: DUS51-C1
accept-ranges: bytes
x-amz-cf-id: rni_6hLvQ2ShiFLmY9VoNLbodPVxz2n25xE5JTvjbKUqgtu1u60UDw==
expires: Tue, 22 Sep 2020 06:36:36 GMT

GET
H/1.1 200
OK pi.aspx Show response
m.exactag.com/ Frame 2435 7 KB
4 KB 90ms
33ms Script
text/javascript 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=wcYQm7cnNwOI&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D

Requested by

Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/exactag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d06122808fee5f6ffb1107cb56cde384d48c49b2afad0a1832ab4f47e849cacf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR", policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Di, 25 Aug 2020 06:55:25 GMT,Di, 25 Aug 2020 06:55:25 GMT
Server: Microsoft-IIS/8.5
Date: Tue, 25 Aug 2020 06:55:24 GMT
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
X-ET-Camp: 1053
Expires: -1

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 31 KB
4 KB 137ms
137ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0lxkzEthotizcTX&Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web

Requested by

Host: zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
URL: https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01&t=1598338525260

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d377f3542de71dce1501f47c86da1a8b0ce97b5277ee571ba7605350e2c5ce35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
status: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: https://www.bahn.de
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 5c8368475f940bb5-AMS
vary: Accept-Encoding
cf-request-id: 04c5ff809800000bb58a172200000001

GET
H/1.1 200
OK Texte Show response
ps.bahn.de/webservices/rest/resource/ Frame 6F22 1 KB
2 KB 28ms
27ms XHR
application/json 81.200.197.91
BAHN-AS-BLN

General

Check archive.org

Show headers Download Go to

Full URL

https://ps.bahn.de/webservices/rest/resource/Texte?r=4056abf3

Requested by

Host: www.img-bahn.de
URL: https://www.img-bahn.de/s3/prod/es//js/softlogin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

81.200.197.91 , Germany, ASN34156 (BAHN-AS-BLN, DE),

Reverse DNS

Software

Apache /

Resource Hash

3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ps.bahn.de/common/content/html/lmiframe.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 25 Aug 2020 06:55:25 GMT
Server: Apache
Connection: keep-alive
Content-Length: 1333
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/json

GET
H/1.1 200
OK px.aspx
m.exactag.com/ Frame 0DB1 0
0 69ms
18ms Document
text/html 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/px.aspx?id=5fb34e7333734e6b87a1248b6c19c10a

Requested by

Host: m.exactag.com
URL: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=wcYQm7cnNwOI&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fbahncard%2Findex.shtml%22%2C%22search%22%3A%22%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Startseite%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_bahncard_index%22%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

213.202.235.10 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: m.exactag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: exactag_new_gk=9a8e2549432849a2bd5496db5841aca4%7c24.10.2020+06%3a55%3a25; exactag_new_uk=668907c30fef4fd1be21c262b4b3351c%7c; session_session=84c1e05968c44752a7c767e0; exactag_new_user=1053%7c2%7c84c1e05968c44752a7c767e0%7c01.01.0001+00%3a00%3a00%7c25.08.2020+06%3a55%3a25%7c84c1e05968c44752a7c767e0%7c68537%7c1753%7cFalse
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01

Response headers

Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
X-ET-Code: 0
X-ET-Camp: 1053
Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 25 Aug 2020 06:55:24 GMT
Connection: close
Transfer-Encoding: chunked
Content-Encoding: gzip

GET
H2 200 cookiesegments Show response
dmp.adform.net/audiencetag/ 2 B
236 B 28ms
27ms XHR
application/json 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://dmp.adform.net/audiencetag/cookiesegments?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBZGZvcm0uRE1QLkNsYWltczo6RGF0YVByb3ZpZGVycyI6IlsxMDU4MV0iLCJpc3MiOiJkbXAtYXBpLmFkZm9ybS5jb20iLCJhdWQiOiJhdWRpZW5jZV90YWdfY29uc3VtZXJfdjEiLCJleHAiOjE4NDY0NzkyOTksIm5iZiI6MTUzMTExOTIzOX0.FJQj3NEIHLPLagWbUeSDroGlMNqPApSp4JsfF5qhvxA

Requested by

Host: dmp.adform.net
URL: https://dmp.adform.net/audiencetag/adformat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json
Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.bahn.de
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 / Show response
a1.adform.net/Serving/TrackPoint/ 164 B
630 B 29ms
29ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.adform.net/Serving/TrackPoint/?pm=646062&ADFPageName=%7Bwww.bahn.de%7D%7C%7BBAHN_PVE_DEU_DE%7D%7C%7BBAHN_PVE_DEU_DE_bahncard_index%7D&ADFdivider=%7C&ord=29030838240&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfYmFobmNhcmRfaW5kZXh9In0&loc=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01

Requested by

Host: a1.adform.net
URL: https://a1.adform.net/serving/scripts/trackpoint/async/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

61175726d0a2de2cae41ad18d5eb5df94d23bbf156f9a6fed2c98fe31d731449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: gzip
server: nginx
status: 200
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 224
expires: -1

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 87 KB
26 KB 26ms
26ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

a78aab08cc0a0c45a86513f65a7dab8aea267191220c9f3d1857fdc0347beb97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 379194
cf-polished: origSize=90284
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 04c5ff812500000bb58a178200000001
last-modified: Thu, 20 Aug 2020 19:55:43 GMT
server: cloudflare
x-powered-by: Express
etag: W/"160ac-1740d70fe18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
cf-ray: 5c83684838e30bb5-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 12.e6c6f9aa65272bcbcd07.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
869 B 29ms
29ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.e6c6f9aa65272bcbcd07.chunk.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

bec0f3f150d8e0190fb939925cf22fabd025f124ad28d53a141434c4552ac6ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 379194
cf-polished: origSize=2639
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 04c5ff815600000bb58a17c200000001
last-modified: Thu, 20 Aug 2020 19:55:43 GMT
server: cloudflare
x-powered-by: Express
etag: W/"a4f-1740d70fe18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
cf-ray: 5c83684889500bb5-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

GET
H2 200 1.fe6ee5251dbb499b909e.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 25 KB
6 KB 27ms
27ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.fe6ee5251dbb499b909e.chunk.js?Q_CLIENTVERSION=1.32.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fbead1fc3f1c3bd20a58377fef40173b37b012fff0883126cbcc8ba87991e17a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 25 Aug 2020 06:55:25 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 379194
cf-polished: origSize=26961
status: 200
edge-control: max-age=604800
vary: Accept-Encoding
cf-request-id: 04c5ff815600000bb58a17d200000001
last-modified: Thu, 20 Aug 2020 19:55:43 GMT
server: cloudflare
x-powered-by: Express
etag: W/"6951-1740d70fe18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
cf-ray: 5c83684889530bb5-AMS
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-bgj: minify

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 382ms
96ms XHR
text/plain 52.55.64.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.55.64.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 25 Aug 2020 06:55:26 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 96ac369b-59ea-4a0a-84e2-67ab41fcae0a

POST
H/1.1 204
No Content events Show response
logx.optimizely.com/v1/ 0
356 B 97ms
97ms XHR
text/plain 52.55.64.227
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.55.64.227 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.17.2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.bahn.de/p/view/bahncard/index.shtml?dbkanal_004=L01_S01_D001_FKPM0020_redirect-bc_LZ01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Tue, 25 Aug 2020 06:55:26 GMT
Server: nginx/1.17.2
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.bahn.de
Access-Control-Expose-Headers: X-Results-Data-Source
Access-Control-Allow-Credentials: true
Connection: keep-alive
Timing-Allow-Origin: *
X-Request-Id: 0f31b131-637b-43e5-812c-f08495c23ab8

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.exactag.com/	1970-01-19 14:08:34	Name: exactag_new_gk Value: 9a8e2549432849a2bd5496db5841aca4%7c24.10.2020+06%3a55%3a25
ps.bahn.de/	1970-01-19 12:09:03	Name: AWSALBCORS Value: IqL25kBTLkcyMZsuDQOYcxNB7m7kNwk41x5i3XLv0ppJ7DvXgTEkyJ4bbpneXJrxNJNP9TYz0HnVMyhVWRoJJFhe0sLHownDG7QUgrIBaJ3IecmyYJAOBQ0kh4gT
.bahn.de/	1969-12-31 23:59:59	Name: s_ppvl Value: BAHN_PVE_DEU_DE_bahncard_index%2C37%2C37%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/	1969-12-31 23:59:59	Name: s_cc Value: true
www.bahn.de/	1969-12-31 23:59:59	Name: QSI_HistorySession Value: https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fbahncard%2Findex.shtml%3Fdbkanal_004%3DL01_S01_D001_FKPM0020_redirect-bc_LZ01~1598338525473
.bahn.de/	1970-01-19 12:09:03	Name: mpt_vid Value: 159833852536729676\|1661410525367
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 84c1e05968c44752a7c767e0
.bahn.de/	1970-01-19 12:09:03	Name: mpt_followpage Value: 0\|1599548125365
.bahn.de/	1970-01-19 12:09:03	Name: mpt_cookieForErrSites Value: 0\|1599548125364
.bahn.de/	1970-01-19 20:44:34	Name: utag_main Value: v_id:0174246667c3000b8b35ffec29ef00078006207000b08$_sn:1$_se:1$_ss:1$_st:1598340325124$ses_id:1598338525124%3Bexp-session$_pn:1%3Bexp-session$ls:undefined%3Bexp-session
.bahn.de/	1970-01-19 12:06:10	Name: bahn-cmf Value: dbkanal_004%7CL01_S01_D001_FKPM0020_redirect-bc_LZ01
.bahn.de/	1970-01-19 16:18:10	Name: et_uk Value: 668907c30fef4fd1be21c262b4b3351c
m.exactag.com/	1970-01-19 16:18:10	Name: exactag_new_user Value: 1053%7c2%7c84c1e05968c44752a7c767e0%7c01.01.0001+00%3a00%3a00%7c25.08.2020+06%3a55%3a25%7c84c1e05968c44752a7c767e0%7c68537%7c1753%7cFalse
.bahn.de/	1970-01-20 05:30:10	Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg Value: -408604571%7CMCIDTS%7C18500%7CMCMID%7C44872459399040329784288669842704414114%7CMCAID%7CNONE%7CMCOPTOUT-1598345725s%7CNONE%7CvVersion%7C4.6.0
.bahn.de/	1969-12-31 23:59:59	Name: sc_pcmp Value: L01_S01_D001_FKPM0020_redirect-bc_LZ01
.bahn.de/	1969-12-31 23:59:59	Name: s_ppv Value: BAHN_PVE_DEU_DE_bahncard_index%2C38%2C38%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/	1969-12-31 23:59:59	Name: sc_vis Value: true
.bahn.de/	1970-01-19 14:08:34	Name: et_gk Value: 9a8e2549432849a2bd5496db5841aca4\|24.10.2020 06:55:25
.bahn.de/	1969-12-31 23:59:59	Name: sc_var14 Value: L01_S01_D001_FKPM0020_redirect-bc_LZ01
.bahn.de/	1970-01-20 05:30:10	Name: s_ecid Value: MCMID%7C44872459399040329784288669842704414114
.bahn.de/	1970-01-19 12:09:03	Name: mpt_rate_comparator_3372 Value: 41.13790531482899\|1600930525357
ps.bahn.de/	1970-01-19 12:09:03	Name: AWSALB Value: IqL25kBTLkcyMZsuDQOYcxNB7m7kNwk41x5i3XLv0ppJ7DvXgTEkyJ4bbpneXJrxNJNP9TYz0HnVMyhVWRoJJFhe0sLHownDG7QUgrIBaJ3IecmyYJAOBQ0kh4gT
.bahn.de/	1969-12-31 23:59:59	Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg Value: 1
.bahn.de/	1970-01-20 05:30:10	Name: optimizelyEndUserId Value: oeu1598338524793r0.28836227367863176

32 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.optimizely.com/js/8033263973.js(Line 2797) Message: null
console-api	log	URL: https://cdn.optimizely.com/js/8033263973.js(Line 2797) Message: null - customerID should be set
console-api	log	URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 14) Message: IFr Begin
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Constructing IframeMain
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Reading IframeState from cache: null
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://ps.bahn.de/common/content/html/lmiframe.html(Line 40) Message: IFr End
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Incoming message 'init'
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: init(https://www.bahn.de:443)
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] checkClientOrigin successsful.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Examining cookies...
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] slstat = null
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] hlstat = null
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] LoginState is Anonymous
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Login state remains Anonymous .
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Checking whether resources need to be loaded eagerly.
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Writing IframeState to cache: [object Object]
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Incoming message 'load'
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: load(Texte)
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Connectivity is Connected
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Data is not in cache.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] -> loading it from server.
console-api	info	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 137) Message: [iLogic] Ajax call load(Texte).
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 46) Message: Processing AJAX response for load(Texte)
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [iLogic] response = [object Object]
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [Cache] Wrote Texte to cache (storage): {"login.hardlogin.logout.value":"Logout","meinestrecken.speichern.keine":"Um Strecken zu speichern, geben Sie in den Feldern \"Von\" und \"Nach\" eine Verbindung ein.","login.hardlogin.begruessung":"Sie sind angemeldet, {0} {1} {2}","meinestrecken.loeschen.tooltip":"Strecke löschen","login.hardlogin.logout.tooltip":"Logout","titel.3":"Prof. Dr.","titel.2":"Prof.","titel.1":"Dr.","titel.0":"","login.softlogin.begruessung":"Herzlich Willkommen, {0} {1} {2}!","meinestrecken.keine.anonym":"Sie haben keine Strecken gespeichert. Im Bereich Meine Bahn können Sie Ihre wichtigsten Strecken hinterlegen und hier abrufen.","meinestrecken.via":"Über","anrede.1":"Frau","login.softlogin.logout.link.tooltip":"Hier melden Sie sich von \"Angemeldet bleiben\" ab und verzichten auf persönliche Angebote und Services.","anrede.0":"Herr","meinestrecken.speichern.gespeichert":"Strecke gespeichert","login.softlogin.logout.link.text":"Abmelden","login.softlogin.logout.value":"Sie sind nicht {0} {1} {2}?","login.softlogin.logout.tooltip":"Durch diesen Klick löschen Sie Ihre Cookies zur Personalisierung auf bahn.de. Mehr Informationen erhalten Sie in unseren Datenschutzhinweisen.","meinestrecken.bearbeiten":"Bearbeiten","meinestrecken.speichern":"Strecke speichern","meinestrecken.speichern.max":"Strecke speichern (max. {0} Strecken)"}
console-api	debug	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 114) Message: [StateM] Writing IframeState to cache: [object Object]
console-api	log	URL: https://www.img-bahn.de/s3/prod/es//js/common.js(Line 55) Message: console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://.m-pathy.com
Strict-Transport-Security	max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
a791773171.cdn.optimizely.com
cdn.m-pathy.com
cdn.optimizely.com
cdn3.optimizely.com
dmp.adform.net
logx.optimizely.com
m.exactag.com
ps.bahn.de
s2.adform.net
siteintercept.qualtrics.com
sslwidget.criteo.com
st.bahn.de
vis.optimizely.com
www.bahn.de
www.img-bahn.de
www.static-bahn.de
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
104.109.90.218
104.109.92.47
104.17.208.240
15.188.154.177
178.250.0.163
184.86.103.204
2.17.191.240
213.202.235.10
23.37.32.235
2600:9000:2182:7800:1e:7aca:b8c0:93a1
2a02:26f0:f1:281::13b8
37.157.3.28
37.157.3.30
37.157.6.240
52.207.49.197
52.55.64.227
81.200.197.91
0b2e62af28f304c3771bfa2c374b3034e865abde64e36d8070208b0670e86b35
0eeb1970197799a537566bf5554142fcf91a1b04368c735d6319ed35a2f53f15
1529681792397819c7474b86a078038f3516aa0c15297279b57d9b1ef21cfde9
1c540d0b0157c62f231f4787d5cef5ab466a790b2480bf1d7fa381b50ba16bd0
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
2ab4d9b65ee3153e62d1ce1fdf21a2f54d9d4e4967cfbbe638bd36ea277591ba
2b79c36a7e8a9a7a94b717e60cb5a79976e7ac6c1b899aa02536ee460c9723fa
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
301fd4fb64fd7b976c74679c79de83e17e44e415540bba5b114c1dd53141b1fb
39469dcff773f11dc4d1672200d83e6f68ab0c95cca33c7a7cc38cff4c0b3968
3d851e7348aca9b49ba8bf6d6fc6ac9f3b6722a0d9c28675d848f838f2779878
3e1a71dbeac14ad724fd5bf1f63d833a2cea06c7de8f9173b6d2a3bad0fbc7bf
3ec68785b9f903df013559cf1280ff816b0c3c527168791a1e7c1f3551583337
463fb89d98e79b11dc5a730062c0c81b81454c2ab5be3b1575af45c9c34dfd26
49db29c192d6483c1a023d885acfd928678347cdec9c208d7f78a949c9cf3458
4a8613b63ef092474a24f37684b2bd5e398dfc99b92168c1715eb41dfdd06995
4b708a93b4ae2d1f04089be6f053e0ac3029c552820a92930ba1b3d943024199
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
567f0201fa0ee3b5a8537aaa0362ef646bd61ac9be49701850050517924c2429
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
5db9108016c62906c987c432fab8efb55a0c92425c9cace3793c536fa2aafcde
61175726d0a2de2cae41ad18d5eb5df94d23bbf156f9a6fed2c98fe31d731449
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
65cd533a76b7b1b930887d91c9d915d45fc3a2e274884f35123aeb123183ce41
66227fc364238ca273877dfbe23ba2c093031eb78c22eec7a67d41e03f7eddf3
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
82e5a556f607b2cc1eda8e23198af2925599b002c5c64dc1ae401bd8f50c3708
8b3cec808989d41567109531d70a5c5afdfd4d08594be29a6fc328300f01eaeb
8dd962317f64f8aa72e57ab1ed1d821a807ac759a210f18eaa31ee8feeca22cd
90d765be61f3668f58a9fee31185882edaf07d31b79ef37e1305b23fd01d6aef
9bd75d01213161905c0278231326126f5066ae7753e9b492b999417e0c2cfbef
9c70dbcf68ff7ddfac4c79dbb728407dce2d5b2c67fecbba1e1060619a5612c5
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
a42b9362f2fe150b5cffcb26398b7bd45fd2e694756ada973e6646e820105508
a78aab08cc0a0c45a86513f65a7dab8aea267191220c9f3d1857fdc0347beb97
aa5d744d0f56d180ccf5dfe010d8d65d82e479134a1ea9208ab7923bed5ce1d0
ad98aafd7af2044e0613833a78c1377adbfa9d7df89d5109e8abe60ab2b9db97
afeb8024551f3f8dfff758fcf65a03b6aeb2554f6b5f15e874f4b1c52cb4525d
bd45e3a7a55ce6d15988606f79657a593097ac40f0d29bff151fdd10b0438b88
bdd715407bbcb2c0325bb1e1466715b9ec9dcd2e7e662e647fddf74d92ba4150
bec0f3f150d8e0190fb939925cf22fabd025f124ad28d53a141434c4552ac6ef
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e
c73f83311b82836d1f247cdb6ed7d7132caa7d41a24edfa29ed342ec7143a62e
c79794c138e5fbd4cd7f71ff73fdf314f170a6cccb08b4a9e7180f996f376b24
d06122808fee5f6ffb1107cb56cde384d48c49b2afad0a1832ab4f47e849cacf
d377f3542de71dce1501f47c86da1a8b0ce97b5277ee571ba7605350e2c5ce35
d9ae25abc89c41af37dd531997af5e425b711e1661d1e6a3e66498b565f3ca6b
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
dce7defaf00939f249d9bae2165fea347628fd6dab0314c1b474b0fee028147e
dd481714f00cbe6dced106a6acf686d6955b3e33886d6e36da84af48c7911e40
df3269972a11c7faf8efe845fc3cbf842029d97d917e3e4fe6020260e776ec75
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f23ebfed96cebaa9f25baefb3391e862e36efcf75c1dfc4bee3c5e1e519101
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
e978dcd58e844eabc0aee8fc980853ee5f840502280ef2ddc7322d44f07b3e5d
f06f336560e920dc53969b0e1867da27449b77ffd3f0437b742614de56421062
fb5c4d8910262f9be48b251a7185ba6051d0b4b09d45c0d0cc2af28caace8cce
fbead1fc3f1c3bd20a58377fef40173b37b012fff0883126cbcc8ba87991e17a
ff458e01b24643b5a0d6b8a21452f5a582ac28527a05c36aa0ff6f37c5186214

www.bahn.de Open in urlscan Pro 104.109.90.218 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

63 Requests

100 %HTTPS

12 %IPv6

9 Domains

18 Subdomains

18 IPs

6 Countries

1174 kBTransfer

3402 kBSize

24 Cookies

33 Outgoing links

Page URL History

Redirected requests

63 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bahn.de Open in urlscan Pro
104.109.90.218 Public Scan

Screenshot
Live screenshot

Full Image

63
Requests

100 %
HTTPS

12 %
IPv6

9
Domains

18
Subdomains

18
IPs

6
Countries

1174 kB
Transfer

3402 kB
Size

24
Cookies

63 HTTP transactions
6 data transactions