urlscan.io logo urlscan.io
SecurityTrails logo

www.bahn.de Open in urlscan Pro
104.111.225.123  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bahn.de/railandfly
Effective URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Submission: On February 07 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 7 countries across 10 domains to perform 48 HTTP transactions. The main IP is 104.111.225.123, located in Netherlands and belongs to AKAMAI-AS, US. The main domain is www.bahn.de.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 10th 2020. Valid for: a year.
This is the only time www.bahn.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 29 104.111.225.123 16625 (AKAMAI-AS)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2.20.132.142 20940 (AKAMAI-ASN1)
1 4 54.76.175.152 16509 (AMAZON-02)
5 37.157.4.24 198622 (ADFORM)
1 52.30.105.51 16509 (AMAZON-02)
2 15.188.105.205 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
1 104.17.209.240 13335 (CLOUDFLAR...)
2 2600:9000:205... 16509 (AMAZON-02)
2 85.14.248.71 24961 (MYLOC-AS)
1 178.250.2.151 44788 (ASN-CRITE...)
2 34.227.153.53 14618 (AMAZON-AES)
48 12
29    104.111.225.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-225-123.deploy.static.akamaitechnologies.com
www.bahn.de
1    2a02:26f0:6c00:183::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
cdn.optimizely.com
1    2.20.132.142 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-132-142.deploy.static.akamaitechnologies.com
www.static-bahn.de
4    54.76.175.152 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-175-152.eu-west-1.compute.amazonaws.com
dpm.demdex.net
5    37.157.4.24 (Denmark)

ASN198622 (ADFORM, DK)
dmp.adform.net
track.adform.net
1    52.30.105.51 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
deutschebahn.demdex.net
2    15.188.105.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-105-205.eu-west-3.compute.amazonaws.com
st.bahn.de
1    66.117.28.86 (United States)

ASN15224 (OMNITURE, US)
cm.everesttech.net
1    104.17.209.240 (United States)

ASN13335 (CLOUDFLARENET, US)
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
2    2600:9000:2057:3800:1e:7aca:b8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.m-pathy.com
2    85.14.248.71 (Meerbusch, Germany)

ASN24961 (MYLOC-AS, DE)
m.exactag.com
1    178.250.2.151 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
2    34.227.153.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-153-53.compute-1.amazonaws.com
errors.client.optimizely.com
Domain Requested by
29 www.bahn.de 2 redirects www.bahn.de
4 dpm.demdex.net 1 redirects www.bahn.de
3 track.adform.net www.bahn.de
track.adform.net
2 errors.client.optimizely.com cdn.optimizely.com
2 m.exactag.com www.bahn.de
m.exactag.com
2 cdn.m-pathy.com www.bahn.de
cdn.m-pathy.com
2 st.bahn.de www.bahn.de
2 dmp.adform.net www.bahn.de
dmp.adform.net
1 sslwidget.criteo.com www.bahn.de
1 zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com www.bahn.de
1 cm.everesttech.net 1 redirects
1 deutschebahn.demdex.net www.bahn.de
1 www.static-bahn.de www.bahn.de
1 cdn.optimizely.com www.bahn.de
48 14
Subject Issuer Validity Valid
www.bahn.de
DigiCert SHA2 Extended Validation Server CA		 2020-01-10 -
2021-04-07		 a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2020-01-20 -
2021-03-20		 a year crt.sh
subsites.bahn.de
Let's Encrypt Authority X3		 2020-01-25 -
2020-04-24		 3 months crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2019-09-16 -
2021-09-20		 2 years crt.sh
st.bahn.de
DigiCert SHA2 High Assurance Server CA		 2019-01-27 -
2020-05-01		 a year crt.sh
*.qualtrics.com
DigiCert SHA2 Secure Server CA		 2018-10-08 -
2021-01-06		 2 years crt.sh
*.m-pathy.com
Amazon		 2020-01-28 -
2021-02-28		 a year crt.sh
*.exactag.com
Sectigo ECC Domain Validation Secure Server CA		 2019-08-28 -
2021-09-13		 2 years crt.sh
*.criteo.com
DigiCert ECC Secure Server CA		 2019-12-05 -
2021-04-08		 a year crt.sh
errors.client.optimizely.com
DigiCert SHA2 High Assurance Server CA		 2018-09-24 -
2020-09-28		 2 years crt.sh

This page contains 5 frames:

Primary Page: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Frame ID: 9C252C044ABF0272A3AEDDD1AE976623
Requests: 44 HTTP requests in this frame

Frame: https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Frame ID: 3D6934F92A0C1255E06ED213F574F9B2
Requests: 1 HTTP requests in this frame

Frame: https://deutschebahn.demdex.net/dest5.html?d_nsid=0
Frame ID: CD1B4EEF029DB04DA6812F24E7059712
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=OhXeZi3AseUp&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%22%7D
Frame ID: 8D5F43DA75910151A45F1AB53D225C48
Requests: 1 HTTP requests in this frame

Frame: https://m.exactag.com/px.aspx?id=df193d5bbc1a42868061f74131794313
Frame ID: BE667FAADF93B0BF24FF936FB9E8338C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.bahn.de/railandfly HTTP 301
    https://www.bahn.de/railandfly HTTP 301
    https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • headers server /^AmazonS3$/i
Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Page Statistics

48
Requests

100 %
HTTPS

15 %
IPv6

10
Domains

14
Subdomains

12
IPs

7
Countries

1040 kB
Transfer

3092 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bahn.de/railandfly HTTP 301
    https://www.bahn.de/railandfly HTTP 301
    https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
Request Chain 31
  • https://cm.everesttech.net/cm/dd?d_uuid=22992390660440243420810357821404673442 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xj1TTgAAAdTQPRTJ

48 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request rail_und_fly.shtml
www.bahn.de/p/view/service/buchung/flug/
Redirect Chain
  • http://www.bahn.de/railandfly
  • https://www.bahn.de/railandfly
  • https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
65 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
43c32df7b2ffac36043447d99608569c516db76b13e27bccd42dc59bf54b5a17
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.bahn.de
:scheme
https
:path
/p/view/service/buchung/flug/rail_und_fly.shtml
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

status
200
content-type
text/html
server
AmazonS3
x-amz-id-2
mhhzcCqI6aiSqU+iZGkqg0ILAgfzhlAspNlWVoG19NBjMlFdxKNFZQQNYp4U0LsaebxQDUD8MQw=
x-amz-request-id
8196BCE54C4D5850
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cache-control
max-age=600
date
Fri, 07 Feb 2020 12:08:46 GMT
content-length
13506
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload

Redirect headers

status
301
content-type
text/html; charset=iso-8859-1
content-length
274
server
Apache
x-sp
3580
location
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
cache-control
max-age=600
date
Fri, 07 Feb 2020 12:08:46 GMT
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
portal.min.css
www.bahn.de/common/view/static/889fe8b4/responsive/css/ 		470 KB
98 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
95387086a4c2196fa396290be93bc611fba4adfb435d071fcbfceacfbae69cff
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
C311EC07589B4B16
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
99770
x-amz-id-2
6OsVxw+lyFLBILAIMAn8Nb6vnLD4Ff7/EvFo7Vdk4qhy461SUCS1tQbmPtqmaSvBTDOSknRqIQE=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
softlogin.min.js
www.bahn.de/common/view/static/889fe8b4/responsive/js/ 		63 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/js/softlogin.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
57320665957488E6
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
18289
x-amz-id-2
oQcjeOSvyzbV9qa10FQghfxS/eY6MSET9ewGSvTk1YUdY5OoF88FZpk4wUvA7T5AzRmWm4WSSOw=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
8033263973.js
cdn.optimizely.com/js/ 		827 KB
185 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/8033263973.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:183::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4386203feaa16bd7ddf4c02d5fb9a3023fdf47ac10c8613bff7ff878c82ba2f9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
wrFnXfkMeL_wsXftMz2H2fECVoIA.r_h
content-encoding
gzip
x-amz-request-id
D6485004F2875C37
status
200
access-control-max-age
86400
date
Fri, 07 Feb 2020 12:08:46 GMT
x-amz-replication-status
PENDING
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="4";dur=0,cdnip;desc="2a02:26f0:6c00:183::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
content-length
188158
x-amz-id-2
OCig1PScwJ5ZpPjiuW7/czZQZVgoJRIIuUlZg2ZVQCDguiBxn5tykxIi4HzCRrslJ66XbBhAjJU=
last-modified
Thu, 06 Feb 2020 23:01:06 GMT
server
AmazonS3
etag
"664404b9acb7a6e36e2201047fdafb28"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=1200
x-amz-meta-revision
14542
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
modernizr-2.8.3.min.js
www.bahn.de/common/view/static/889fe8b4/js/lib/modernizr/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/js/lib/modernizr/modernizr-2.8.3.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
797810E549C5A068
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
4530
x-amz-id-2
sOSYAaMZbb2kEphuf2QLUwN5XPHPJ9bTiJ6+LFtgRYjg75LEOnS6vExe+0ug7llHrUzxue+YsCI=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
db_em_rgb_100px.svg
www.bahn.de/common/view/static/v8/img/ 		828 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/v8/img/db_em_rgb_100px.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
F78171A7A588B501
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
480
x-amz-id-2
ofmKSKp/TMgndFsIGwOyadi5tRO3+5KytJq1TgNH4vjv6hZDDurncTSDY1tijV87PJ2E/TPlh+w=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
mdb_227355_db_bahn_ice_03_08_har_e88_05_20023_a5_980x245_cp_0x149_980x394.jpg
www.bahn.de/p/view/mdb/bahnintern/services/mobilitaet_service/rail_fly_airrail/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/p/view/mdb/bahnintern/services/mobilitaet_service/rail_fly_airrail/mdb_227355_db_bahn_ice_03_08_har_e88_05_20023_a5_980x245_cp_0x149_980x394.jpg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Akamai Image Server /
Resource Hash
d19a0ce8f23bdd7796c58a453bfff44efa93ee7e9a8da6e17c2a4ec762573cb2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
x-content-type-options
nosniff
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
Akamai Image Server
date
Fri, 07 Feb 2020 12:08:46 GMT
x-frame-options
SAMEORIGIN
content-type
image/jpeg
status
200
cache-control
private, max-age=485
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
46588
x-xss-protection
1; mode=block
expires
Fri, 07 Feb 2020 12:16:51 GMT
portal-content.min.js
www.bahn.de/common/view/static/889fe8b4/responsive/js/ 		320 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/js/portal-content.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
783cd752ba1e87c0471b0e26653bcce2b862037e6be45bf45a73ae831bb845d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
D6A1BFF0D39C6A82
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
97284
x-amz-id-2
HSxWAUew9ie0lnd6Ea/oqX8LI4U46Szzyd5zgOEA2pjRsCCNk5gx6aBJgKzEZ5mFLxbY6NqA0Ho=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
s_code.min.js
www.bahn.de/common/view/static/889fe8b4/js/lib/omniture/ 		78 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/js/lib/omniture/s_code.min.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5b03f55a43355d95971131165e39b07f1d461dba9066aa202ea3c30760828438
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
FA628D9EB63F702D
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
29694
x-amz-id-2
QMheh4JXXqQ6+EVSw2RA53llSbPn0y2yf5OBnNOrmC+hTcygFBJq2OzEFpG/s3n3LlTBgjfCMRQ=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
svg-sprites.svg
www.bahn.de/common/view/static/889fe8b4/responsive/img/ 		324 KB
88 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/img/svg-sprites.svg
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-request-id
19557B82BAD1F884
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
89114
x-amz-id-2
RHAU1i4k/r5tYGQbPSeElHm6SnZTjX+10l3imWVuMgrT+ggjMjLMvRwpSlbQC/SzgDFOprEKz3E=
server
AmazonS3
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
icon-s73bc5bf69c.png
www.bahn.de/common/view/static/889fe8b4/responsive/img/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/img/icon-s73bc5bf69c.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
E45763B2BF4CD8F8
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
54236
x-amz-id-2
yE5QZTpikksRctbvIPQhH6bzvvdoTPWam7qNgIn+85g7+XIzGqZEa9JQxcR+wLKBVQJYoTEPfV0=
bg_nav_active_left.png
www.bahn.de/common/view/static/889fe8b4/responsive/img/ 		132 B
681 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/img/bg_nav_active_left.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
F416320CEFDB9E52
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
132
x-amz-id-2
2/M60tT0BclSuOYutSLCLV/TCWxo4/IyaIMuRXXwMUNvdTVpSK7HzdpHA4B3KH473UIlTaQtvpo=
bg_nav_active_right.png
www.bahn.de/common/view/static/889fe8b4/responsive/img/ 		132 B
682 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/img/bg_nav_active_right.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
4340C04DAACECF79
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
132
x-amz-id-2
U9IhbKZ+yXPGZQscymT1/AKbgB6IUWgRmaGCSSNoVO2XN37hRk8FV+nPDAtfdmIleWYjRi/ZAc8=
dbsan03-webfont.woff
www.bahn.de/common/view/static/889fe8b4/responsive/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/fonts/dbsan03-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
C06BF7D9299D6C9A
x-frame-options
SAMEORIGIN
content-type
binary/octet-stream
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
48820
x-amz-id-2
/GKRatXnhm/x0KB/HN3u31XD1m6CydKpPtB3pvlTcb1dYUex5X6YDNiVUH5IRZZcpru0G3XM73M=
db-icons.woff
www.bahn.de/common/view/static/889fe8b4/responsive/fonts/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/fonts/db-icons.woff?de5f8900bd1b6298cc0ca94466418537
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
23DF51985C565AC0
x-frame-options
SAMEORIGIN
content-type
binary/octet-stream
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
29320
x-amz-id-2
+lObe/N3j1Mcbsc3KFFkbKsKD3v2C4WXrrFoULjC2BR3R5vqvo+MoneUNH1q9k8ij3dWANe49UA=
dbsan06-webfont.woff
www.bahn.de/common/view/static/889fe8b4/responsive/fonts/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/fonts/dbsan06-webfont.woff
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
Origin
https://www.bahn.de

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
48BB7AAE4667F182
x-frame-options
SAMEORIGIN
content-type
binary/octet-stream
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
48880
x-amz-id-2
b6YzBZf6GKyQSrsQkVcH2BvOOcMAUNdS7bpRWoEvbG/BjdCTjuX8URO8Se+A0qtUhZjx/NsOxdU=
skyscraper.html
www.static-bahn.de/media/view/mdb/media/w/skyscraper/ Frame 3D69 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.static-bahn.de/media/view/mdb/media/w/skyscraper/skyscraper.html
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.20.132.142 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-20-132-142.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload

Request headers

Host
www.static-bahn.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml

Response headers

Content-Type
text/html
Server
Apache
Last-Modified
Thu, 19 Dec 2019 11:16:01 GMT
ETag
"fe-59a0cafaa1e40"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
186
Cache-Control
max-age=600
Date
Fri, 07 Feb 2020 12:08:46 GMT
Connection
keep-alive
Strict-Transport-Security
max-age=15768000 ; includeSubDomains ; preload
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
  • https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.175.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-175-152.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Location
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
X-TID
j2psXCtRSD0=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.bahn.de
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.bahn.de
X-TID
j2psXCtRSD0=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.js
www.bahn.de/media/view/tms/ 		194 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
56df6b113212713437827f99755496b4a0c34f2119646fec7edd224630a0ba1c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
54171
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"308b9-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
logo-s56974c59c7.png
www.bahn.de/common/view/static/889fe8b4/responsive/img/ 		87 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bahn.de/common/view/static/889fe8b4/responsive/img/logo-s56974c59c7.png
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/889fe8b4/responsive/js/portal-content.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/common/view/static/889fe8b4/responsive/css/portal.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
AmazonS3
x-amz-request-id
2A1D054ADE9E9D80
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
x-xss-protection
1; mode=block
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
accept-ranges
bytes
content-length
89271
x-amz-id-2
h15ma0kI9N4IOBQe3hlQe1+ddOh2JSOeby947W63NhH1ceLFa+gjXuB/SQAJrY2hAAoeC8r5zdU=
getjson.pl
www.bahn.de/pbin/ 		106 KB
17 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/pbin/getjson.pl?name=nav_p&callback=jQuery111008242601577116813_1581077326633&_=1581077326634
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/889fe8b4/responsive/js/portal-content.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
45aaf488d95720257047a03205c37852f14c039a0302f1f810944285b612ee82
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
max-age=180
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
vary
Accept-Encoding
content-length
16445
x-xss-protection
1; mode=block
utag.140.js
www.bahn.de/media/view/tms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.45.201910290813
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a0099069e5f4d78353d1069292708e1a9c5294d799a9c5b42a16e8f61689cedd
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1412
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"ba7-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.139.js
www.bahn.de/media/view/tms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.139.js?utv=ut4.45.201912030818
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f3937bb9728c1422c6e7c85028485324a29e7caeb3d6b94b4c882d0fa5dc9bbe
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1359
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"ba0-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.85.js
www.bahn.de/media/view/tms/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.45.201904151138
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
aed9b6fa0638d88a150efbc1033151a54dfa08951b98ad0f7ac49f6e8235b251
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1391
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"ae0-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.41.js
www.bahn.de/media/view/tms/ 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.41.js?utv=ut4.45.201910290813
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fe725353555553dbe76a6a2105539f48abcfadd28a99b9856c60ce6a31f56e5c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5535
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"613b-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.33.js
www.bahn.de/media/view/tms/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.33.js?utv=ut4.45.201912190703
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c80b75425347842acf996c44affc38e74fde25d8ae32fb53663f2ea0981e4398
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
4159
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"4aca-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.14.js
www.bahn.de/media/view/tms/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.14.js?utv=ut4.45.201908130813
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
db564764fc0896e26285a669dd0d187a2d845aad7ef19688037ecc6bc35f7137
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1842
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"14f0-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
utag.74.js
www.bahn.de/media/view/tms/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.45.201907291243
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8200668425cb30d25438c4e04c697a14e7d2070e56185f3eaa22fd6b73c56d70
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
1059
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"813-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
adformat.js
dmp.adform.net/audiencetag/ 		1 KB
827 B 		Script
General
Check archive.org
Download Go to
Full URL
https://dmp.adform.net/audiencetag/adformat.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.140.js?utv=ut4.45.201910290813
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b98613bf63c8e2f84acde8c8c8de598bc3ece8c15fc353f27c33f85f07074b76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
last-modified
Thu, 23 Jan 2020 09:58:16 GMT
server
nginx
vary
Accept-Encoding, Origin
content-type
application/x-javascript
status
200
strict-transport-security
max-age=31536000; includeSubDomains
rd
dpm.demdex.net/id/ 		371 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&d_nsid=0&ts=1581077326644
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.175.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-175-152.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
15ec81d169373c4729d3ed0b9ce830dde50eb8081ff542acad62fbf72acf9a7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v059-0df3f9fd8.edge-irl1.demdex.com 5.65.0.20200204084552 2ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
VmZ6HaHTSsE=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.bahn.de
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
307
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cookie set dest5.html
deutschebahn.demdex.net/ Frame CD1B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://deutschebahn.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/889fe8b4/js/lib/omniture/s_code.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
deutschebahn.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Accept-Encoding
gzip, deflate, br
Cookie
demdex=22992390660440243420810357821404673442
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Tue, 04 Feb 2020 14:05:43 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=22992390660440243420810357821404673442;Path=/;Domain=.demdex.net;Expires=Wed, 05-Aug-2020 12:08:47 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
JG+Ahx+CTj0=
Content-Length
2785
Connection
keep-alive
id
st.bahn.de/ 		49 B
468 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://st.bahn.de/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&mid=22974267080681357350807385620244381827&ts=1581077326839
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/common/view/static/889fe8b4/js/lib/omniture/s_code.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.105.205 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-105-205.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
7d8f4385fa2bf1976fa18852b0278236722eca9082099c25f23c0e8519a8e19b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-5d944dff5f-bg8v5
vary
Origin
x-c
master-1135.I1e15b2.M0-337
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.bahn.de
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript
content-length
49
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Xj1TTgAAAdTQPRTJ
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=22992390660440243420810357821404673442
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xj1TTgAAAdTQPRTJ
42 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xj1TTgAAAdTQPRTJ
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.175.152 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-175-152.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v059-0e50a4add.edge-irl1.demdex.com 5.65.0.20200204084552 1ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
D8CpUx5cQJ4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Fri, 07 Feb 2020 12:08:46 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Xj1TTgAAAdTQPRTJ
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
/
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/ 		70 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0lxkzEthotizcTX&Q_LOC=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml&t=1581077326882
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.85.js?utv=ut4.45.201904151138
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6a6188dbec0fae652796aa0e5f964b81f7648511c883cc7c77a786e8cc0382a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
295918
cf-polished
origSize=73027
status
200
edge-control
max-age=604800
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-bgj
minify
server
cloudflare
x-powered-by
Express
etag
W/"11d43-2VRZ7dNS5MOlcooAhKZTDZ5MHWE"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=60, s-maxage=604800
cf-ray
5615404d58e4bf37-AMS
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cookiesegments
dmp.adform.net/audiencetag/ 		2 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmp.adform.net/audiencetag/cookiesegments?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJBZGZvcm0uRE1QLkNsYWltczo6RGF0YVByb3ZpZGVycyI6IlsxMDU4MV0iLCJpc3MiOiJkbXAtYXBpLmFkZm9ybS5jb20iLCJhdWQiOiJhdWRpZW5jZV90YWdfY29uc3VtZXJfdjEiLCJleHAiOjE4NDY0NzkyOTksIm5iZiI6MTUzMTExOTIzOX0.FJQj3NEIHLPLagWbUeSDroGlMNqPApSp4JsfF5qhvxA
Requested by
Host: dmp.adform.net
URL: https://dmp.adform.net/audiencetag/adformat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
application/json
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
server
nginx
status
200
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.bahn.de
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-length
2
/
track.adform.net/serving/scripts/trackpoint/async/ 		76 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/scripts/trackpoint/async/
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
public, max-age=604800
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
30712
expires
Fri, 14 Feb 2020 12:08:46 GMT
exactag.js
www.bahn.de/media/view/tms/js/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/js/exactag.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5428
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"321a-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
criteo.js
www.bahn.de/media/view/tms/js/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bahn.de/media/view/tms/js/criteo.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.225.123 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-225-123.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
Security Headers
Name Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200
strict-transport-security
max-age=15768000 ; includeSubDomains ; preload
content-length
5403
x-xss-protection
1; mode=block
last-modified
Thu, 19 Dec 2019 11:16:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
etag
"3802-59a0cafaa1e40"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=2592000
content-security-policy
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
accept-ranges
bytes
a2987.js
cdn.m-pathy.com/js/ 		22 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.m-pathy.com/js/a2987.js
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/utag.74.js?utv=ut4.45.201907291243
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:3800:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
69d241b402301b41aad891b31d8e5e70b9afadbaade26b9d20be25ee54a67e90

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de

Response headers

date
Fri, 07 Feb 2020 11:12:18 GMT
content-encoding
gzip
age
3388
x-cache
Hit from cloudfront
status
200
content-length
5949
via
1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
last-modified
Fri, 07 Feb 2020 08:51:16 GMT
server
Apache/2.4.7 (Ubuntu)
etag
"5698-59df87e1c1bbf-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
k4rTsIIuev6V0EybEuWDQoxu74g8vPg3BHjG8wXS06lgGiA8WxtfDA==
expires
Fri, 07 Feb 2020 12:12:18 GMT
s62425053823115
st.bahn.de/b/ss/dbbahnprod/1/JS-2.1.0/ 		43 B
619 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://st.bahn.de/b/ss/dbbahnprod/1/JS-2.1.0/s62425053823115?AQB=1&ndh=1&pf=1&t=7%2F1%2F2020%2013%3A8%3A46%205%20-60&mid=22974267080681357350807385620244381827&aamlh=6&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly&g=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml&c.&Rendering=Desktop&Orientierung=Landscape&page_info=0%7C0%2C0x0%2C0x0%2C0%2C&first_page_of_visit=true&load_time=3&.c&cc=EUR&ch=BAHN_PVE_DEU_DE&events=event45%2Cevent46&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=PVE%3Eservice%3Ebuchung%3Eflug&c4=BAHN_PVE_DEU_DE&v4=BAHN_PVE_DEU_DE&c22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml&v22=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml&c24=D%3DpageName&v24=D%3DpageName&c69=logout&v69=logout&v74=D%3DpageName&c75=D%3Dv75&v75=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5FA50A5953FB37E50A4C98BC%40AdobeOrg&AQE=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.105.205 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-105-205.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Fri, 07 Feb 2020 12:08:46 GMT
x-content-type-options
nosniff
x-c
master-1135.I1e15b2.M0-337
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 08 Feb 2020 12:08:46 GMT
server
jag
xserver
anedge-5d944dff5f-lh9tf
etag
3395337703893860352-4619715560747936951
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 06 Feb 2020 12:08:46 GMT
/
track.adform.net/Serving/TrackPoint/ 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/TrackPoint/?pm=646062&ADFPageName=%7Bwww.bahn.de%7D%7C%7BBAHN_PVE_DEU_DE%7D%7C%7BBAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%7D&ADFdivider=%7C&ord=154923748442&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfc2VydmljZV9idWNodW5nX2ZsdWdfcmFpbC11bmQtZmx5fSJ9&loc=https%3A%2F%2Fwww.bahn.de%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
c18c597b7e918209fe10ee079e2dbd4f56392a5fd398e1cf0ab9fadcf7295f32
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
8995
expires
-1
pi.aspx
m.exactag.com/ Frame 8D5F 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=OhXeZi3AseUp&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%22%7D
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/exactag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.71 Meerbusch, Germany, ASN24961 (MYLOC-AS, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
522cd1767179a263183d47fc28288dd742c2dcbc84b348df48441ca9ff3367db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
P3P
policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR", policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Last-Modified
Fr, 07 Feb 2020 12:08:46 GMT,Fr, 07 Feb 2020 12:08:46 GMT
Connection
close
Pragma
no-cache
X-ET-Code
0
Server
Microsoft-IIS/8.5
Date
Fri, 07 Feb 2020 12:08:46 GMT
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
X-ET-Camp
1053
Expires
-1
event
sslwidget.criteo.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sslwidget.criteo.com/event?a=16780&v=4.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh%26ui_db_page%3DBAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly&p2=e%3Ddis&adce=1
Requested by
Host: www.bahn.de
URL: https://www.bahn.de/media/view/tms/js/criteo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 Feb 2020 12:08:46 GMT
content-encoding
gzip
content-type
application/x-javascript
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
status
200
cache-control
no-cache
timing-allow-origin
*
content-length
863
expires
0
loader.js
cdn.m-pathy.com/modules/4.14-157/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.m-pathy.com/modules/4.14-157/loader.js
Requested by
Host: cdn.m-pathy.com
URL: https://cdn.m-pathy.com/js/a2987.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:3800:1e:7aca:b8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.7 (Ubuntu) /
Resource Hash
819871c09a1671a3da156377569e56775ebfb4d51b2226878e64499ad5bcb4da

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de

Response headers

date
Wed, 05 Feb 2020 12:18:03 GMT
content-encoding
gzip
age
172243
x-cache
Hit from cloudfront
status
200
content-length
14799
via
1.1 df86e917220bc08caa68b0eb8ddabe91.cloudfront.net (CloudFront)
last-modified
Wed, 05 Feb 2020 12:15:46 GMT
server
Apache/2.4.7 (Ubuntu)
etag
"aab4-59dd31dbae080-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2419200
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
Q0g3zr7iSSQvEE9dHGze9ohpyk4vlhRgJKylC78BDonib2XIgX8kXQ==
expires
Wed, 04 Mar 2020 12:18:03 GMT
/
track.adform.net/wpf/v2/.la44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMVGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dTpjCEN8gyjMqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZR... 		183 B
749 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/wpf/v2/.la44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXWMVGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2dTpjCEN8gyjMqgXK_Pmtd0SHp815LyjaY2.rINj.rINM6uJ6o6e0T.5yjaY1WMsiZRPrwXC_JEkNgvlE4yy2XElgebiYMpztNKscKs3Us_43wuZPup_nH2t05oaYAhrcpMxE6DBUr5xj6KkuMhQnIq1QEfpxf7_OLgiPFMtrs1OeyjaY1vSiwujAUrtnf5jaY2ftckuyPBDjaY2.rIN87gq1au_W__u8NK.iLs2dI_AIQjvEodUW2vqCRc7L1eLY6RcQs.BN1eNJS9Re4JDvmjsTfwBjjNpp0iJ3A0KFgBFY5BNlrAp5BNlVn_hs1Y5CCsGrilSHlF4XVA4.L9.gJ0Nc1lF1f4.90PgJ.e_elFCUC68mlFCUC68mlF1VLf4.90PgJ.huy.9YE/serving/trackpoint/?pm=646062&ADFPageName=%7bwww.bahn.de%7d%7c%7bBAHN_PVE_DEU_DE%7d%7c%7bBAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%7d&ADFdivider=%7c&ord=154923748442&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&itm=eyJzdjkiOiJ7d3d3LmJhaG4uZGV9fHtCQUhOX1BWRV9ERVVfREV9fHtCQUhOX1BWRV9ERVVfREVfc2VydmljZV9idWNodW5nX2ZsdWdfcmFpbC11bmQtZmx5fSJ9&loc=https%3a%2f%2fwww.bahn.de%2fp%2fview%2fservice%2fbuchung%2fflug%2frail_und_fly.shtml&catdt=0
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8a0eed036667f1445f1c3adf6904a618842e349197b2af721bb4af4cac2bbc41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 Feb 2020 12:08:47 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
246
expires
-1
log
errors.client.optimizely.com/ 		13 B
403 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/8033263973.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.153.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-153-53.compute-1.amazonaws.com
Software
/
Resource Hash
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

Request headers

Access-Control-Request-Method
POST
Origin
https://www.bahn.de
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Fri, 07 Feb 2020 12:08:47 GMT
Allow
POST,OPTIONS
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Max-Age
1800
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With,Content-Type,Accept,Origin
Content-Length
13
px.aspx
m.exactag.com/ Frame BE66 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://m.exactag.com/px.aspx?id=df193d5bbc1a42868061f74131794313
Requested by
Host: m.exactag.com
URL: https://m.exactag.com/pi.aspx?campaign=4bb3a5de3602f335b9ba113928205e62&pitype=Content&convtype=&rnd=OhXeZi3AseUp&items=%7B%22type%22%3A%22Content%22%2C%22conversiontype%22%3A%22%22%2C%22referrer%22%3A%22%22%2C%22host%22%3A%22www.bahn.de%22%2C%22site%22%3A%22%2Fp%2Fview%2Fservice%2Fbuchung%2Fflug%2Frail_und_fly.shtml%22%2C%22search%22%3A%22%22%2C%22protocol%22%3A%22https%3A%22%2C%22campaign%22%3A%224bb3a5de3602f335b9ba113928205e62%22%2C%22screensize%22%3A%22%22%2C%22pitype%22%3A%22%22%2C%22uk%22%3A%22%22%2C%22trackingURL%22%3A%22%2F%2Fm.exactag.com%22%2C%22cdnURL%22%3A%22%2F%2Fcdn.exactag.com%22%2C%22sitegroup%22%3A%22Content%22%2C%22category_name%22%3A%22BAHN_PVE_DEU_DE%22%2C%22page_name%22%3A%22BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%22%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
85.14.248.71 Meerbusch, Germany, ASN24961 (MYLOC-AS, DE),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Host
m.exactag.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Accept-Encoding
gzip, deflate, br
Cookie
exactag_new_uk=29c1476ba4e14042a657683146177404%7c; session_session=ea458724ce82408b9b17f7be; exactag_new_user=1053%7c2%7cea458724ce82408b9b17f7be%7c01.01.0001+00%3a00%3a00%7c07.02.2020+12%3a08%3a46%7cea458724ce82408b9b17f7be%7c68537%7c1753%7cFalse
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml

Response headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Server
Microsoft-IIS/8.5
X-ET-Code
0
X-ET-Camp
1053
Strict-Transport-Security
max-age=31536000
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Fri, 07 Feb 2020 12:08:46 GMT
Connection
close
Transfer-Encoding
chunked
Content-Encoding
gzip
log
errors.client.optimizely.com/ 		0
237 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.227.153.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-227-153-53.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bahn.de/p/view/service/buchung/flug/rail_und_fly.shtml
Origin
https://www.bahn.de
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type
application/json

Response headers

Access-Control-Allow-Origin
https://www.bahn.de
Access-Control-Expose-Headers
Access-Control-Allow-Credentials
true
Connection
keep-alive
Date
Fri, 07 Feb 2020 12:08:47 GMT
Content-Type
text/plain

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| DDTools object| digitalData object| bahn object| $jscomp object| de object| ES6Promise object| softlogin undefined| _ object| html5 object| Modernizr number| browserWidth function| createSkyframe object| breakpoints function| BackToTop function| LanguageSelector function| TabNav function| Gallery function| Stage function| Tabs function| Folder function| Datepicker function| Rangeslider function| ResponsiveImage function| Quickfinder function| QuickfinderAuskunft function| QuickfinderSparpreis function| QuickfinderPuenklichkeit function| LoginForm function| MainNav function| Carousel function| Dropdown function| initMap undefined| gscript object| SCRAMBLE object| CMF function| $ function| jQuery object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| parsley object| Mustache string| view string| s_account function| Visitor object| visitor number| inHeadTS object| s function| s_getLoadTime function| AppMeasurement_Module_Media function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in number| s_loadT number| s_objectID number| s_giq function| getCookieValue function| getWebtrackingLoginStatus function| setOmnitureProperties object| utag_data object| jQuery111008242601577116813 string| preSelectionLevel undefined| jQuery111008242601577116813_1581077326633 object| cl object| selected_fields boolean| utag_condload object| data_layer_w3c_converter object| utag function| ParseUserAgent object| gUtil object| gCriteo string| pagename function| AdformAT object| adf object| _adftrack object| exactag object| criteo_q object| Mpathy object| s_Obj string| s_PPVid function| s_PPVevent number| s_PPVi number| s_PPVt string| max_initial_percent string| screen_res string| browser_dim number| pixel_dens string| device_ort object| optimizely object| s_i_dbbahnprod object| Adform object| KJUR object| QSI object| oldQueue boolean| mpathy_loaded object| fortyone

9 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 22992390660440243420810357821404673442
.bahn.de/ Name: AMCV_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1099438348%7CMCIDTS%7C18300%7CMCMID%7C22974267080681357350807385620244381827%7CMCAAMLH-1581682126%7C6%7CMCAAMB-1581682126%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1581084526s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.1.0
.bahn.de/ Name: s_cc
Value: true
.bahn.de/ Name: AMCVS_5FA50A5953FB37E50A4C98BC%40AdobeOrg
Value: 1
.bahn.de/ Name: sc_vis
Value: true
.bahn.de/ Name: s_ecid
Value: MCMID%7C22974267080681357350807385620244381827
.bahn.de/ Name: s_ppv
Value: BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%2C60%2C60%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/ Name: s_ppvl
Value: BAHN_PVE_DEU_DE_service_buchung_flug_rail-und-fly%2C60%2C60%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.bahn.de/ Name: utag_main
Value: v_id:01701f8d6b6d009bbe19f2b484b000078004207000b08$_sn:1$_ss:1$_st:1581079126703$ses_id:1581077326703%3Bexp-session$_pn:1%3Bexp-session$ls:undefined%3Bexp-session

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.m-pathy.com
cdn.optimizely.com
cm.everesttech.net
deutschebahn.demdex.net
dmp.adform.net
dpm.demdex.net
errors.client.optimizely.com
m.exactag.com
sslwidget.criteo.com
st.bahn.de
track.adform.net
www.bahn.de
www.static-bahn.de
zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com
104.111.225.123
104.17.209.240
15.188.105.205
178.250.2.151
2.20.132.142
2600:9000:2057:3800:1e:7aca:b8c0:93a1
2a02:26f0:6c00:183::13b8
34.227.153.53
37.157.4.24
52.30.105.51
54.76.175.152
66.117.28.86
85.14.248.71
09cd6e2e4909e4ec15b7ca38adbff5b37405b4347b1ce0d7b977aee46b005377
15ec81d169373c4729d3ed0b9ce830dde50eb8081ff542acad62fbf72acf9a7e
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
26ea31e0c6520a6f3e814e67b70d4e70dde85659b3f9184935d265f45bfb1931
298669d559f331c5ac67d881d450cea831ca81576e88cb4663cc315dc91444c7
2d47dd07cd116fce4a58ea5ce7aa349bf5904de7f30d69e131cf4f7be3b088d1
4386203feaa16bd7ddf4c02d5fb9a3023fdf47ac10c8613bff7ff878c82ba2f9
43c32df7b2ffac36043447d99608569c516db76b13e27bccd42dc59bf54b5a17
45aaf488d95720257047a03205c37852f14c039a0302f1f810944285b612ee82
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
522cd1767179a263183d47fc28288dd742c2dcbc84b348df48441ca9ff3367db
56df6b113212713437827f99755496b4a0c34f2119646fec7edd224630a0ba1c
57411817a143622eed003cea060d984b2762a4f8f59031aca3e31d41482bf81e
5b03f55a43355d95971131165e39b07f1d461dba9066aa202ea3c30760828438
63e76adcc0eedb478de832846ba15b4f29791b9caabb9b7ad97ea4f2f72e03f9
69d241b402301b41aad891b31d8e5e70b9afadbaade26b9d20be25ee54a67e90
6a6188dbec0fae652796aa0e5f964b81f7648511c883cc7c77a786e8cc0382a3
6b693b7dadf0949d494f4ad8685ae70f74f20a33a32780ebfd5b0517fceae722
783cd752ba1e87c0471b0e26653bcce2b862037e6be45bf45a73ae831bb845d5
7d8f4385fa2bf1976fa18852b0278236722eca9082099c25f23c0e8519a8e19b
819871c09a1671a3da156377569e56775ebfb4d51b2226878e64499ad5bcb4da
8200668425cb30d25438c4e04c697a14e7d2070e56185f3eaa22fd6b73c56d70
8a0eed036667f1445f1c3adf6904a618842e349197b2af721bb4af4cac2bbc41
95387086a4c2196fa396290be93bc611fba4adfb435d071fcbfceacfbae69cff
a0099069e5f4d78353d1069292708e1a9c5294d799a9c5b42a16e8f61689cedd
a009bf98437ed2e896bfc56f9838b6ca83aac7f96989e971dbc6ad2ccc49b572
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a231b219fd33beeca8baa0abecbb684d31fe0d154a25a092510d607a38637ea8
a39881eeb2cc948083b29f436b57600451670f1d10e390306af0693d2eb44f74
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
aed9b6fa0638d88a150efbc1033151a54dfa08951b98ad0f7ac49f6e8235b251
b98613bf63c8e2f84acde8c8c8de598bc3ece8c15fc353f27c33f85f07074b76
c0ef355534d040550952aac49f300f771c3dcc0d5cd99008015d9d59378bff44
c18c597b7e918209fe10ee079e2dbd4f56392a5fd398e1cf0ab9fadcf7295f32
c2f93fbf0ae7befd0ea3fef64ee9fe1f8addea7c777e4bbe9fd7b862a3942e0e
c80b75425347842acf996c44affc38e74fde25d8ae32fb53663f2ea0981e4398
d19a0ce8f23bdd7796c58a453bfff44efa93ee7e9a8da6e17c2a4ec762573cb2
da1617a9a8adfeacee06c6271bcc53eb9017109ad3e1125488d676190dc5affe
db564764fc0896e26285a669dd0d187a2d845aad7ef19688037ecc6bc35f7137
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e2c4c5288a46af5b587fe4b6ed5c881dfc8faaf4d76a08c5c2c5fcd74238b3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3937bb9728c1422c6e7c85028485324a29e7caeb3d6b94b4c882d0fa5dc9bbe
fe725353555553dbe76a6a2105539f48abcfadd28a99b9856c60ce6a31f56e5c