urlscan.io logo urlscan.io
SecurityTrails logo

www.bcge.ch Open in urlscan Pro
193.222.70.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://connect.bcge.ch/o/js_resolve_modules
Effective URL: https://www.bcge.ch/authen/login
Submission Tags: falconsandbox
Submission: On July 14 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 193.222.70.28, located in Vezia, Switzerland and belongs to SWISSCOM Swisscom Switzerland Ltd, CH. The main domain is www.bcge.ch.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 13th 2023. Valid for: a year.
This is the only time www.bcge.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 23 193.222.70.28 3303 (SWISSCOM ...)
18 2
Apex Domain
Subdomains		 Transfer
23 bcge.ch
connect.bcge.ch
www.bcge.ch
support.bcge.ch
510 KB
18 1
Domain Requested by
17 www.bcge.ch 2 redirects www.bcge.ch
3 support.bcge.ch www.bcge.ch
3 connect.bcge.ch 3 redirects
18 3

This site contains no links.

Subject Issuer Validity Valid
www.bcge.ch
DigiCert SHA2 Extended Validation Server CA		 2023-02-13 -
2024-02-27		 a year crt.sh
support.bcge.ch
DigiCert EV RSA CA G2		 2023-06-06 -
2024-06-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bcge.ch/authen/login
Frame ID: 5682B58B5AB8680887A10A8F6701307F
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Willkommen auf der neuen login-Seite Ihres Kundenbereichs

Page URL History Show full URLs

  1. https://connect.bcge.ch/o/js_resolve_modules HTTP 303
    https://connect.bcge.ch/authen/check-login?Location=https%3A%2F%2Fconnect%2Ebcge%2Ech%2Fo%2Fjs%5Fres... HTTP 302
    https://connect.bcge.ch/authen/login HTTP 302
    https://www.bcge.ch/authen/SSORedirect/metaAlias/idp?SAMLRequest=nZNPb9pAEMXv%2BRTW3sH%2FcFFXgOS... HTTP 302
    https://www.bcge.ch/authen/check-login?spEntityID=iamConnect&goto=https%3A%2F%2Fwww.bcge.ch%2Fau... HTTP 302
    https://www.bcge.ch/authen/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

1
Countries

503 kB
Transfer

860 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://connect.bcge.ch/o/js_resolve_modules HTTP 303
    https://connect.bcge.ch/authen/check-login?Location=https%3A%2F%2Fconnect%2Ebcge%2Ech%2Fo%2Fjs%5Fresolve%5Fmodules HTTP 302
    https://connect.bcge.ch/authen/login HTTP 302
    https://www.bcge.ch/authen/SSORedirect/metaAlias/idp?SAMLRequest=nZNPb9pAEMXv%2BRTW3sH%2FcFFXgOSCqiKljYNpDrkN6yGsZO%2B6O%2BtAv313DSFUiThwHc%2FOvPd74wlBU7c87%2BxOrfBPh2SD4NDUinj%2FZco6o7gGksQVNEjcCl7mP%2B95Mox4a7TVQtfsbrmYMkqybCTiFGJMxhkkmG2z%2BMso%2ByrGcRRnkIo0ERsYjzcseEJDUqspc2NYsCTqcKnIgrKuFCXpIBoP4tE6inga8zh5ZsHCSZMKbP9qZ21LPAz3%2B%2F1wI15wKHYhOA%2BowrJ8WGElDQobNmghryVQKKuWBd%2B1EdhbnbIt1IR%2BcwFE8hXPleLk6ZtUlVQv1wFsjk3Ef6zXxaB4KNcsyInQeJlzrahr0JRoXqXA36v7d%2BFCK%2BUUfhBf5ILY7G7i4fMei7mI47oYeFvMZhKa%2BXHDJLwYdRrc8l%2Fu8XJR6FqKv7fk7VE2YK93%2B4qsBtu%2BlVsDiiQqy4Ky8PsfO6jlVqKZsne5Dl9d6%2F3cIFiXiTUdstnRw%2F%2Bqz1ZOV4tVH6wbY%2FFgb7E0100LRpK%2FLzyA0zI7xnA5eF47yivc3hLK1TbBhR%2Ftyv4g99pU%2FhAdEazWnlyrzVuWn%2Bk5M%2FoUh4MVfvzRZ%2F8A&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ffYuXlid0kYrwGTYmHsHllGwmplLHXfQOjbpsvL00VysMZJQKYx2w2fFAcmz9pHif2KBkP9y7WXAt3jy73RbeoW9N1lSOEgaU88cTcuqrv7DN3kmNKLE%2FeOvuE45eLIlH1JWMbPthqAfSRqqOXZUrQLhP49L0vPE7ArcLgXmnq7WwcJhrdpyJdxdHuxwY8Owa1ULGezpiPDjqy57QLISiIIKTjyLguf1FHL3ZxrtTL0acyikEiJ7Xvnv26ESyCKN8QXvr4wEsLeKmS3bmutAa7t4rHYo6Uzi4x7EjGyNxxsV9SwM7Gc88X%2Fg9QkoCgKmGwJTJMP2RKKF2l2JSjCY9KYOVUgGPLQhvTpuIkbT7FLxplvIRYtFWzKNwfHXO6XmzCNBQTponq5oaphRlvL9ow8UKYLYBi84ExX%2FKF7MXaoZBPo7g9R8KNPTxM%2BAPhGSFAkwccQJKB0Mb3dM3l6iGD4AoN7TIFQEHdhPye%2F3Ezge6E%2BuXq%2Bt30urwKKfjp6VQ5j6tcSvehPWFw%2BI601ouZt57CPuMsbgC5OPovR4nqObulINsFLrSozBPMkEvny%2BREe8wt6ldJ77xWDZ4PE%2F4jg3fcCw%2Ffb9dVusDc5TcWJge6cL5cmzsUR3udIkoduExTn%2FAUeUAKUz4jRFE2hH78u9dylW9gG2LdQCbcGe1Uc%3D HTTP 302
    https://www.bcge.ch/authen/check-login?spEntityID=iamConnect&goto=https%3A%2F%2Fwww.bcge.ch%2Fauthen%2FSSORedirect%2FmetaAlias%2Fidp%3FReqID%3Ds2554c13a1e275a2e5f516459c71015a3c32cba77b HTTP 302
    https://www.bcge.ch/authen/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
www.bcge.ch/authen/
Redirect Chain
  • https://connect.bcge.ch/o/js_resolve_modules
  • https://connect.bcge.ch/authen/check-login?Location=https%3A%2F%2Fconnect%2Ebcge%2Ech%2Fo%2Fjs%5Fresolve%5Fmodules
  • https://connect.bcge.ch/authen/login
  • https://www.bcge.ch/authen/SSORedirect/metaAlias/idp?SAMLRequest=nZNPb9pAEMXv%2BRTW3sH%2FcFFXgOSCqiKljYNpDrkN6yGsZO%2B6O%2BtAv313DSFUiThwHc%2FOvPd74wlBU7c87%2BxOrfBPh2SD4NDUinj%2FZco6o7gGksQVNEjcCl...
  • https://www.bcge.ch/authen/check-login?spEntityID=iamConnect&goto=https%3A%2F%2Fwww.bcge.ch%2Fauthen%2FSSORedirect%2FmetaAlias%2Fidp%3FReqID%3Ds2554c13a1e275a2e5f516459c71015a3c32cba77b
  • https://www.bcge.ch/authen/login
15 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
c8f9468fc55465c58b4eb181baceec1c8c9c9289b1bc8efd5b654a5b4877ad1b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://support.bcge.ch data:; style-src 'unsafe-inline' 'self'; base-uri 'none'; frame-ancestors https://www.bcge.ch https://connect.bcge.ch;
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Length
14971
Content-Security-Policy
default-src 'self'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://support.bcge.ch data:; style-src 'unsafe-inline' 'self'; base-uri 'none'; frame-ancestors https://www.bcge.ch https://connect.bcge.ch;
Content-Type
text/html;charset=UTF-8
Date
Fri, 14 Jul 2023 00:31:12 GMT
Expires
01/01/99 20:00:00 GMT
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Keep-Alive
timeout=10, max=498
Pragma
no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=16070400
Vary
User-Agent
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://support.bcge.ch data:; style-src 'unsafe-inline' 'self'; base-uri 'none'; frame-ancestors https://www.bcge.ch https://connect.bcge.ch;
Content-Type
text/plain;charset=utf-8
Date
Fri, 14 Jul 2023 00:31:12 GMT
Expires
01/01/99 20:00:00 GMT
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Keep-Alive
timeout=10, max=499
Location
/authen/login
Pragma
no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=16070400
Vary
User-Agent
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
main.css
www.bcge.ch/authen/css/ 		350 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/css/main.css?r=7100ff94-4706-4dd0-a832-d434b245b9f3
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
115b681adc1e8ec70de5f760dd0c4f844c5461d9dbe4a7781e249024ca1e4ee0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:38:31 GMT
Server
Apache
ETag
W/"358147-1682203111527-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=UTF-8
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=497
CSRFT759.js
www.bcge.ch/ 		9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/CSRFT759.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
f77ff63acbf16f596c2c45704ff4a3dcf4a88b0d585216de0ef42742483fd2dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Last-Modified
Fri, 22 Apr 2022 10:08:54 GMT
Server
Apache
ETag
"221b-5dd3b69fc49e9"
Vary
User-Agent
Content-Type
application/javascript
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
8731
jquery-3.5.1.min.js
www.bcge.ch/authen/js/airlock/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/airlock/jquery-3.5.1.min.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Thu, 11 May 2023 06:48:42 GMT
Server
Apache
ETag
W/"89476-1683787722000-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
main.js
www.bcge.ch/authen/js/airlock/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/airlock/main.js?r=7100ff94-4706-4dd0-a832-d434b245b9f3
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
184341fdf79e5068bb9d40b05ad360934e67d12e4d32e36b953d624114f671df
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Thu, 11 May 2023 06:48:42 GMT
Server
Apache
ETag
W/"3236-1683787722000-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
cronto-sms-link-form.js
www.bcge.ch/authen/js/ 		289 B
904 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/cronto-sms-link-form.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
ca2d54594c9ea4384164d91a5d8b0c2aa622a789136a2f5aa7e7593c34ab34ca
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"289-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
input.js
www.bcge.ch/authen/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/input.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
1a1860ad8cda57e15d5ca01ae483c9efcd66034c8832b21e61dd13002b35a2b7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"1434-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
message.js
www.bcge.ch/authen/js/ 		334 B
920 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/message.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
16217a2f69d883db6e25845c0ddd40bfdafac6f5b0e68dc3947255cc4149c54e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"334-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=496
password-change.js
www.bcge.ch/authen/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/password-change.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
61cb62bad06279810d648379f93cf3b1d12c280422cfa103159aa741b7a953f6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"1991-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
contro-challenge-gif.js
www.bcge.ch/authen/js/ 		205 B
871 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/contro-challenge-gif.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
babfa470e32ba2c1cc99a7a9a0b8e21c922d9d6d3db0a241cf3d8cc81c11d99e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"205-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
maintenance-display.js
www.bcge.ch/authen/js/ 		149 B
853 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/maintenance-display.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
64837a671cb40eb80cc89764591b6262cfe425b4211e2e526704d74791a5c28b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"149-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
touch.js
www.bcge.ch/authen/js/ 		709 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/touch.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
e5465f8b5b9c4b8dad0aa80862a72e97d10df6149487e19df5f0410a70bb3638
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"709-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
crontoadd.js
www.bcge.ch/authen/js/ 		757 B
984 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/crontoadd.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
ddf14973c75c100c1ef61c54dddc707738028c54091f39496ddb0ab57e31cb98
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"757-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=495
capslock.js
www.bcge.ch/authen/js/ 		341 B
926 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bcge.ch/authen/js/capslock.js
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
7f1bee1939ffe101c4b9311deafd40444f7c1f4863b82d4c395a3daceba2a1ca
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Encoding
br
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"341-1682202245992-br"
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=498
Netbanking_Danger+et+Cronto_noir.svg
support.bcge.ch/documents/40303/88639/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support.bcge.ch/documents/40303/88639/Netbanking_Danger+et+Cronto_noir.svg
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
a43299baeb34ecbaf1815a2f18c30ca3b3f066cdc5348b53bb516e69178c53b9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Strict-Transport-Security max-age=16070400
X-Content-Security-Policy default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Content-Disposition
attachment; filename="Netbanking_Danger et Cronto_noir.svg"
Connection
Keep-Alive
Content-Length
3001
X-XSS-Protection
1
Referrer-Policy
same-origin
Last-Modified
Sun, 05 Feb 2023 07:27:08 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
private
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Keep-Alive
timeout=10, max=500
X-Content-Security-Policy
default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Netbanking_Danger+et+Tel_noir.svg
support.bcge.ch/documents/40303/88639/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support.bcge.ch/documents/40303/88639/Netbanking_Danger+et+Tel_noir.svg
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
a7b7d2a7d1a9bfd76a4d93d179de6961bd93f152cbb66d851cc80424efd35ec5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Strict-Transport-Security max-age=16070400
X-Content-Security-Policy default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Content-Disposition
attachment; filename="Netbanking_Danger et Tel_noir.svg"
Connection
Keep-Alive
Content-Length
1335
X-XSS-Protection
1
Referrer-Policy
same-origin
Last-Modified
Sun, 05 Feb 2023 07:27:07 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
private
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Keep-Alive
timeout=10, max=500
X-Content-Security-Policy
default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Netbanking_Danger+et+Portable_noir.svg
support.bcge.ch/documents/40303/88639/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://support.bcge.ch/documents/40303/88639/Netbanking_Danger+et+Portable_noir.svg
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
d800e1c1e4b57d42242c3488f63fa91e2767a3f46cee5eee3bec8b891709d5d0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Strict-Transport-Security max-age=16070400
X-Content-Security-Policy default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; font-src 'self' https://fonts.gstatic.com data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
Content-Disposition
attachment; filename="Netbanking_Danger et Portable_noir.svg"
Connection
Keep-Alive
Content-Length
1358
X-XSS-Protection
1
Referrer-Policy
same-origin
Last-Modified
Sun, 05 Feb 2023 07:27:06 GMT
Server
Apache
Vary
User-Agent,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
private
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Keep-Alive
timeout=10, max=500
X-Content-Security-Policy
default-src 'self'; font-src 'self' data:; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://secure.adnxs.com https://snap.licdn.com https://googleads.g.doubleclick.net https://code.createjs.com https://px.ads.linkedin.com ; style-src https: 'self' 'unsafe-inline' https://www.google.com; img-src 'self' data: https: https://www.googletagmanager.com; frame-src 'self' https://www.google.com https://cdn.unblu.com https://www.netcetera.com https://b2c-prod.netcetera.ch https://bid.g.doubleclick.net; connect-src https: 'self';object-src 'none';
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9accd63006f65556c3d692a3e440b04637db648689d9476db7a329d19e596a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		230 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5005375153dda1550de133c2efbb8f5d79dd4726cc03f70132c94e6a04df1528

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		571 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
444e2724428218e0de2437f312c092c12d9cddf0fc1cb690713407672e54dfef

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f8d94ae413b9818c7c130fd6af6587f0eaa90b9c7aa3e353956d3ef9355839b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
login_background.jpg
www.bcge.ch/authen/images/ 		381 KB
381 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bcge.ch/authen/images/login_background.jpg
Requested by
Host: www.bcge.ch
URL: https://www.bcge.ch/authen/css/main.css?r=7100ff94-4706-4dd0-a832-d434b245b9f3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
193.222.70.28 Vezia, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software
Apache /
Resource Hash
c923d1ff621b9b48fc1e73da9beb12e5f079e51f655e3dafbb981eaecb248538
Security Headers
Name Value
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.bcge.ch/authen/css/main.css?r=7100ff94-4706-4dd0-a832-d434b245b9f3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Fri, 14 Jul 2023 00:31:13 GMT
Strict-Transport-Security
max-age=16070400
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
389839
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Sat, 22 Apr 2023 22:24:05 GMT
Server
Apache
ETag
W/"389839-1682202245993"
Vary
User-Agent
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Feature-Policy
autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; xr-spatial-tracking 'self'
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=497

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend boolean| _CSRFT759 function| $ function| jQuery object| iam function| checkSubmit string| defaultMessage object| browserList string| ua object| tem object| result number| version string| browser string| errorMessage undefined| errorDisplay

6 Cookies

Domain/Path Name / Value
connect.bcge.ch/ Name: AL_SESS-S
Value: AZ!_kOVt6xWfCdAcTHj1V7jUrXB5W561!sDuk2tJ8mVLZhfAL7Te62v3cpaQa!x6CsyW
connect.bcge.ch/ Name: CSRFT759-S
Value: _GmKQLRSbKALHs05dDVflw
www.bcge.ch/ Name: AL_SESS-S
Value: AduzGE72vaarCAigwP!eOCu0a!P2sBTs1ELqFjCL92xv!uYroEdnXqQQHcQXY0OsxNS0
www.bcge.ch/ Name: CSRFT759-S
Value: xiPtQ94sUFhsN6LSW6xYyQ
support.bcge.ch/ Name: AL_SESS-S
Value: AYPgcZHwGEKVS9iGbMggn5GxVTD8muEk9dKXtGKTHZKv!cOAaV16_JopZaA3yWxB2Azu
support.bcge.ch/ Name: CSRFT759-S
Value: cHajIKTXssvD_YN4l5VbZA

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' https://support.bcge.ch data:; style-src 'unsafe-inline' 'self'; base-uri 'none'; frame-ancestors https://www.bcge.ch https://connect.bcge.ch;
Strict-Transport-Security max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.bcge.ch
support.bcge.ch
www.bcge.ch
193.222.70.28
115b681adc1e8ec70de5f760dd0c4f844c5461d9dbe4a7781e249024ca1e4ee0
16217a2f69d883db6e25845c0ddd40bfdafac6f5b0e68dc3947255cc4149c54e
184341fdf79e5068bb9d40b05ad360934e67d12e4d32e36b953d624114f671df
1a1860ad8cda57e15d5ca01ae483c9efcd66034c8832b21e61dd13002b35a2b7
3f8d94ae413b9818c7c130fd6af6587f0eaa90b9c7aa3e353956d3ef9355839b
444e2724428218e0de2437f312c092c12d9cddf0fc1cb690713407672e54dfef
5005375153dda1550de133c2efbb8f5d79dd4726cc03f70132c94e6a04df1528
61cb62bad06279810d648379f93cf3b1d12c280422cfa103159aa741b7a953f6
64837a671cb40eb80cc89764591b6262cfe425b4211e2e526704d74791a5c28b
7f1bee1939ffe101c4b9311deafd40444f7c1f4863b82d4c395a3daceba2a1ca
a43299baeb34ecbaf1815a2f18c30ca3b3f066cdc5348b53bb516e69178c53b9
a7b7d2a7d1a9bfd76a4d93d179de6961bd93f152cbb66d851cc80424efd35ec5
babfa470e32ba2c1cc99a7a9a0b8e21c922d9d6d3db0a241cf3d8cc81c11d99e
c8f9468fc55465c58b4eb181baceec1c8c9c9289b1bc8efd5b654a5b4877ad1b
c923d1ff621b9b48fc1e73da9beb12e5f079e51f655e3dafbb981eaecb248538
ca2d54594c9ea4384164d91a5d8b0c2aa622a789136a2f5aa7e7593c34ab34ca
d800e1c1e4b57d42242c3488f63fa91e2767a3f46cee5eee3bec8b891709d5d0
ddf14973c75c100c1ef61c54dddc707738028c54091f39496ddb0ab57e31cb98
e5465f8b5b9c4b8dad0aa80862a72e97d10df6149487e19df5f0410a70bb3638
e9accd63006f65556c3d692a3e440b04637db648689d9476db7a329d19e596a6
f77ff63acbf16f596c2c45704ff4a3dcf4a88b0d585216de0ef42742483fd2dd
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d