Evidence

Deutsche Bank AG is a German multinational investment bank and financial services company headquartered in Frankfurt. It is dual-listed on the Frankfurt Stock Exchange and the New York Stock Exchange.

LEI 7LTWFZYICNSX8D621K86 — DEUTSCHE BANK AKTIENGESELLSCHAFT — Taunusanlage 12, 60325 Frankfurt am Main, DE — HRB 30000 — Legal form 6QQB — Created 1952-11-10 — Status ACTIVE — FULLY_CORROBORATED — S&P 410467 — 73 BIC codes including DEUTDEFFXXX, DEUTUS33XXX, DEUTGB22XXX, DEUTHKHHXXX, DEUTJPJTXXX, DEUTSGSGXXX, DEUTINBBXXX, DEUTCHZZXXX, DEUTKYKXXXX, DEUTAEAAXXX, etc.

DB.COM — Registrar: CSC Corporate Domains Inc. (IANA 299) — Registered 1997-09-02 — Expires 2026-09-01 — Status: client/server transfer prohibited, server delete/update prohibited — Nameservers: NS8.DB.COM through NS17.DB.COM — DNSSEC delegationSigned: false — Registrant org per VT WHOIS: Deutsche-Bank Group (DE)

db.com SPF: v=spf1 ip4:160.83.0.0/16 ~all | DMARC: v=DMARC1; p=reject; sp=reject; adkim=s; fo=1; ri=3600 (Proofpoint-fronted RUA/RUF) | MX: smtp13/14/15/22/24.db.com pri 10, smtp23.db.com pri 15

CertSpotter enumeration of *.db.com — 280 unique subdomains across 100 sampled certs. Key surfaces: cidp-eu, autodiscover, cas-hybrid.de, cashmanager (+ sng/uk/us), dbsurface, dbras, dbvideokyc.uat, dbdigitalonboarding.sit/uat, jss-sit/uat, securewebmail (+ uat), miles-and-more-kreditkarte, autobahnfx (+ staging), push.autobahn, seal.autobahn, sg-teams-01, video, collab-edge.video, ecmsyndicate, ideal2-acquirer-signing-live, edge2016-1..10, hybrid-de, exp-e-cluster.uk/us, frainexchb/p1..5.de,...

34.98.101.189 — NetRange 34.64.0.0/10 GOOGL-2 — Google LLC, 1600 Amphitheatre Parkway, Mountain View CA 94043 — Direct Allocation 2018-09-28 — POC google-cloud-compliance@google.com — Comment: 'The IP addresses under this Org-ID are in use by Google Cloud customers'

34.98.101.189 — noise: false, riot: true, classification: benign, name: Google Cloud, last_seen: 2026-05-26 — Classification: RIOT-listed benign service

34.98.101.189 — ASN 396982 Google LLC GOOGLE-CLOUD-PLATFORM — 0/0/55/36 malicious/suspicious/harmless/undetected — JARM 29d3fd00029d29d00042d43d00041d6f940079659edb62e1c38c38bd26ee84 — TLS cert subject: O=DEUTSCHE BANK AG, CN=www.db.com, STREET=Taunusanlage 12, HRB 30000, C=DE

34.98.101.189 — US, Missouri, Kansas City — lat 39.0997 lon -94.5785 — Google LLC, Google Cloud, AS396982

160.83.0.1,8373,160.83.0.0/19,DEUBA-NET Germany, DE

AS8373 DEUBA-NET — RIPE registered 2002-09-23 — Org = Deutsche Bank AG, Taunusanlage 12, 60325 Frankfurt — Tech: DB IP Services (dns.admin@db.com, Taunusanlage 12) — Admin: Reiner Schaefer (Postfach 65760 Eschborn) — Abuse-C: Alfred-Herrhausen-Allee 16-24, 65760 Eschborn; dns.admin@db.com

AS15769 — RIPE — Remark: 'Deutsche Bank Internet Operations, London' — Org = Deutsche Bank AG Taunusanlage 12 Frankfurt — Tech: Anna Grasser (Alfred-Herrhausen-Allee 16-24, 65760 Eschborn, GTO IES Network Engineering) and Joerg Schwarzwaelder (Taunusanlage 12 60325 Frankfurt) — Last changed 2021-07-05

AS2824 DB-NA-1 — ARIN registered 1993-08-17 — Org = Deutsche Bank AG, 2 Peekay Drive, Clifton NJ 07014 US (Digital Realty NJ EWR21 datacenter — operator wikidata Q5275969) — POC: DNS ADMIN Taunusanlage 12 Frankfurt 60325 (dns.admin@db.com) — Admin: Reiner Schaefer reiner.schaefer@db.com Theodor-Heuss-Allee 72 Frankfurt — Registration comment http://www.db.com

db.com — 0/0/60/31 malicious/suspicious/harmless/undetected verdicts — reputation -1 — TLS cert SHA256 b3e3478b3e61e75b8f71513f455a8561cc30c97955cc8e576c25692d1e4be285 — issuer DigiCert EV RSA CA G2 — validity 2026-04-12 to 2026-10-27 — JARM 29d3fd00029d29d00042d43d00041d6f940079659edb62e1c38c38bd26ee84 — popularity rank Cisco Umbrella 18606 Cloudflare Radar 10000 Majestic 4618

LEI 529900VM3464806ERS69 — DWS Group GmbH & Co. KGaA — Mainzer Landstraße 11-17, 60329 Frankfurt am Main — HRB 111128 — Legal form T0YJ — Created 2016-06-29 — Status ACTIVE — S&P 538321028 — OCID de/M1201_HRB111128

DWS Group GmbH & Co. KGaA, commonly known as DWS, is a German asset management company. It previously operated as part of Deutsche Bank until 2018 where it became a separate entity through an initial public offering on the Frankfurt Stock Exchange. It is currently headquartered in Frankfurt, Germany and is a constituent member of the MDAX index.

326 direct LEI children of Deutsche Bank AG across 40+ jurisdictions. Top countries: US (91), DE (66), GB (27), LU (25), KY (17), NZ (7), IN (7), IT (7), SG (6), JP (5). Includes DWS Group, Deutsche Bank Europe GmbH, norisbank GmbH, DB Capital Markets (Deutschland) GmbH, Deutsche Bank Contingent Capital Trust III/IV, RREEF entities, DB ASTER LLC/INC, Azurix Corp., 87 LEONARD DEVELOPMENT LLC, NEW 87 LEONARD LLC, CINDA-DB NPL SECURITIZATION TRUST 2003-1, Deutsche Cayman Ltd., DEUTSCHE ALTERNATI...

LEI 529900WMBOJTFWCJ6Z71 — norisbank GmbH — Bundeskanzlerplatz 4, 53113 Bonn, NRW (moved 2025-03-31) — HRB 21185 Bonn — Legal form 2HBR (GmbH) — Created 1957-04-08 — Status ACTIVE — BIC NORSDE51XXX — S&P 44297176

LEI 213800QILIUD4ROSUO03 — Deutsche Bank Europe GmbH — Taunusanlage 12, 60325 Frankfurt — HRB 87506 — Legal form 2HBR (GmbH) — Created 2010-02-17 — Status ACTIVE — BIC DEUTDE5XXXX — S&P 224020398

Wikidata P749 (subsidiary of) Q66048 returns: Deutsche Postbank (Q708835, 1989), DB Privat- und Firmenkundenbank (Q1202176, 1995), Norisbank (Q1999153, 1965), Deutsche Bank Polska (Q9206601, 1995), Numis (Q55627117), Deutsche Beamten-Zentralbank (Q107102864, 1924), Aktiengesellschaft für Vermögensverwertung (Q107150954), Deutsche Bank Trust Company Americas (Q110016607)

NUMIS.COM — Registrar Network Solutions LLC (IANA 2) — Registered 1996-01-02 — Expires 2032-01-01 — Status client transfer prohibited — NS5/NS6.WORLDNIC.COM — DNSSEC false

LEI 529900PLMCWKG4WW7813 — Deutsche Cayman Ltd. — c/o INTERTRUST CORPORATE SERVICES (CAYMAN) LIMITED, One Nexus Way, Camana Bay, George Town, Grand Cayman KY1-9005 — Cayman company 64883 — Created 1996-03-11 — Status ACTIVE but LEI LAPSED 2024-01-15 — S&P 228698026

Taunusanlage 12, 60325 Frankfurt am Main — Resolved to 'Deutsche-Bank-Hochhaus' (Q701538) at 50.1137472, 8.6679963 — Deutsche Bank Twin Towers, built 1984, 22m height, glass mirror building. Wikipedia de:Deutsche-Bank-Hochhaus

Mainzer Landstraße 11-17, 60329 Frankfurt am Main — Resolved to 'Deutsche Bank Campus' at 50.1118044, 8.6670655 — 8-level glass office building, opened 2016-09-01. DWS Group HQ.

Alfred-Herrhausen-Allee 16-24, 65760 Eschborn — Resolved to 'Technisches Zentrum Eschborn' (Q15131932, TZE) at 50.1325711, 8.5744123 — DB's technical center campus

1 Columbus Circle, New York NY 10019 — Resolved to 40.7674614, -73.9818911 — Manhattan; per SEC EDGAR mailing address: DEUTSCHE BANK AG LEGAL DEPARTMENT 1 COLUMBUS CIRCLE 19TH FLOOR

21 Moorfields, London EC2Y 9AG — Resolved to '21 Moorfields' building at 51.5184022, -0.0895974 — opened 2021-07-05, DB UK HQ in Broadgate/Moorgate City of London

Hudson Rock Cavalier db.com — 4,771 infostealer-infected sessions touching db.com. 344 employees (corp). 3,941 customers. 486 third-parties. Top exposed employee endpoints: ua.intranet.db.com/Citrix/RASweb (81 sessions); sg-kch5.dbrasweb.db.com/Citrix/RASweb/,DanaInfo=ua.intranet.db.com,SSL+ (51); sg-dsj5.dbrasweb.db.com/Citrix/RASweb/,DanaInfo=ua.intranet.db.com,SSL+ (47); sg-kch4.dbrasweb.db.com (36); sg-kch4.dbrasweb.db.com/Citrix/RASweb/,DanaInfo=ua.intranet.db.com,SSL+ (35). dbrasweb.db....

URLScan 7,507 historical scans for db.com. Surfaced services: login.isso.db.com ('Deutsche Bank Authentication Gateway', sso_custom_multi_auth_flex_Logon.sso, IPs 160.83.69.14/59.68/71.24/43.68, ASN15769 DE / AS2824 US); identity.db.com (Keycloak realm 'blueport', OAuth2/OIDC); scfportal.db.com (Salesforce sledge3-fra.slb.sfdcsvc.net 85.222.140.11 AS14340); brand.db.com (Frontify 52.57.26.120 AWS eu-central-1); research.db.com (Markit On Demand AS7334 209.234.234.52); securewebmail.db.com (Ak...

AUTOBAHNFX.COM — Registrar CSC Corporate Domains (IANA 299, same as db.com) — Registered 2002-08-12 — Expires 2026-08-12 — NS DNS1/DNS2.CSCDNS.NET — DNSSEC false — Redirects to login.isso.db.com (Autobahn FX trading platform)

NUMIS.COM RDAP confirms ownership preserved via Network Solutions registrar (Numis was acquired by Deutsche Bank in 2023 for £410M, forming basis of DB UK investment banking arm).

PALAISPOPULAIRE.COM — Registrar CSC Corporate Domains (same as db.com) — Registered 2017-08-22 (PalaisPopulaire opened September 2018 in Berlin) — Expires 2026-08-22 — DNS1/2.CSCDNS.NET

GitHub org 'deutschebank' — 5 public repos: coding-exercises (Java, 16★), deutsche-bank-api-program (Java, 11★, official API tutorials), backstage-plugins (TypeScript, 8★, ARCHIVED), dbMango (C#, 3★), dbcore (ARCHIVED 2018). GitHub org 'dwsgroup' has 1 repo (CARLOS, abandoned). Code search 'org:deutschebank language:Java' returns 11 files from api-program tutorials and coding-exercises — no leaked credentials visible in indexed code.

robert.pettinato@db.com — 'This email address is not associated with a computer infected by an info-stealer.' Total corporate services exposed: 0. Individual MD-level account not in current stealer corpus.

DEUTSCHE BANK AKTIENGESELLSCHAFT CIK 0001159508 ifrs-full:Assets EUR time-series: 2015-12-31 EUR 1,629.1B; 2016 EUR 1,590.5B; 2017 EUR 1,474.7B; 2018 EUR 1,348.1B; 2019 EUR 1,297.7B; 2020 EUR 1,325.0B; 2021 EUR 1,324.7B; 2022 EUR 1,344.2B; 2023 EUR 1,317.3B; 2024 EUR 1,391.0B; 2025-06-30 EUR 1,401.6B; 2025-12-31 EUR 1,440.0B (per 2026 20-F filing).

Serper search confirms CIK 0001159508. SEC mailing address: DEUTSCHE BANK AG - LEGAL DEPARTMENT, 1 COLUMBUS CIRCLE, 19TH FLOOR, New York NY. London Branch per filings: Deutsche Bank AG, London Branch, 21 Moorfields, London EC2Y 9DB. 2025 Form 20-F filed.

Wayback Machine — earliest db.com snapshot: 1996-11-02T02:18:41Z (pre-formal-registration); domain RDAP registered 1997-09-02. Continuous capture through 2026. CDX corpus is heavily polluted with bot-spam percent-encoded crawl noise.

CISA KEV CVE-2024-3094 (XZ-utils backdoor): 0 matches in KEV catalog as of 2026-05-26. Probe confirmed KEV API operational.