ebcidp.benefits.ch Open in urlscan Pro
212.243.178.76 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://veolia.benefits.ch/
Effective URL:
https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3...
Submission: On July 06 via api (July 6th 2024, 12:15:30 pm UTC) from US — Scanned from CH

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 1 domains to perform 32 HTTP transactions. The main IP is 212.243.178.76, located in Rothrist, Switzerland and belongs to MOBILIAR, CH. The main domain is ebcidp.benefits.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2021 - 1 on July 31st 2023. Valid for: a year.

This is the only time ebcidp.benefits.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	212.243.178.83 212.243.178.83	212777 (MOBILIAR) (MOBILIAR)
10	212.243.178.78 212.243.178.78	212777 (MOBILIAR) (MOBILIAR)
9	212.243.178.76 212.243.178.76	212777 (MOBILIAR) (MOBILIAR)
32	4

11 212.243.178.83 (Rothrist, Switzerland) 1 redirects

ASN212777 (MOBILIAR, CH)

veolia.benefits.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 212.243.178.78 (Rothrist, Switzerland)

ASN212777 (MOBILIAR, CH)

ebcapi.benefits.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 212.243.178.76 (Rothrist, Switzerland)

ASN212777 (MOBILIAR, CH)

ebcidp.benefits.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	benefits.ch 1 redirects veolia.benefits.ch ebcapi.benefits.ch ebcidp.benefits.ch Failed	7 MB
32	1

	Domain	Requested by
11	veolia.benefits.ch	1 redirects veolia.benefits.ch
10	ebcapi.benefits.ch	veolia.benefits.ch ebcidp.benefits.ch
9	ebcidp.benefits.ch	veolia.benefits.ch ebcidp.benefits.ch
32	3

This site contains no links.

Subject Issuer	Validity	Valid
*.benefits.ch SwissSign RSA TLS OV ICA 2021 - 1	`2023-07-31` - `2024-07-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Frame ID: 2BB18A4168D95D58642D944B400FCB5E
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

EbcLogin

Page URL History Show full URLs

https://veolia.benefits.ch/ HTTP 302
https://veolia.benefits.ch/portal/ Page URL
https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%... Page URL

Page Statistics

32
Requests

91 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

4
IPs

1
Countries

7621 kB
Transfer

8521 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://veolia.benefits.ch/ HTTP 302
https://veolia.benefits.ch/portal/ Page URL
https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://veolia.benefits.ch/ HTTP 302
https://veolia.benefits.ch/portal/

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
veolia.benefits.ch/portal/
Redirect Chain

https://veolia.benefits.ch/
https://veolia.benefits.ch/portal/

18 KB
6 KB

74ms
31ms

Document
text/html

212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

a90c367af0c4f49b0dd23e15b7360a9a4d4b1924b75d688972d40c5c6c68e4d8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ebc.benefits.ch
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 4044
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Content-Type: text/html
Date: Sat, 06 Jul 2024 12:15:24 GMT
ETag: "051e488c5c7da1:0:dtagent10291240606133530VLU+"
Keep-Alive: timeout=5, max=100
Last-Modified: Wed, 26 Jun 2024 12:36:57 GMT
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-468460917"
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-OneAgent-JS-Injection: true
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block
X-ruxit-JS-Agent: true

Redirect headers

Cache-Control: no-cache
Connection: close
Content-Length: 281
Content-Type: text/html; charset=utf-8
Date: Sat, 06 Jul 2024 12:15:24 GMT
Location: /portal/
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ruxitagentjs_ICA7NVfqrux_10291240606133530.js Show response
veolia.benefits.ch/portal/ 214 KB
83 KB 31ms
30ms Script
text/javascript 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

fc1556e3b58ffeda88ec40e828c62aeb61fc6b45b95b9d50cd5e081a8e2b2078

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Content-Encoding: gzip
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 82951
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Mar 2010 07:01:40 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: https://ebc.benefits.ch
Cache-Control: public, max-age=31536000, immutable
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Keep-Alive: timeout=5, max=99
Expires: Sun, 06 Jul 2025 12:15:23 GMT

GET
H/1.1 200
OK runtime.d7788ef0419ad5fe.js Show response
veolia.benefits.ch/portal/ 3 KB
6 KB 69ms
31ms Script
application/javascript 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/runtime.d7788ef0419ad5fe.js

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

70b219348564a11e20c0cf4692c6dc57b96e60b0245114a94d5e2da836c99d8d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Origin: https://veolia.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-102993116", dtTao;desc="1"
Connection: Keep-Alive
Content-Length: 3512
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:36:50 GMT
Server: Apache
ETag: "09d1f84c5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK polyfills.36cbe6858c9b9f25.js Show response
veolia.benefits.ch/portal/ 33 KB
35 KB 70ms
32ms Script
application/javascript 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/polyfills.36cbe6858c9b9f25.js

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

b83cb8788f0f283a22f9edb18ffd651e0d9b5daf3eb26d22a5a5329260beb30c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Origin: https://veolia.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-320067418", dtTao;desc="1"
Connection: Keep-Alive
Content-Length: 34108
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:36:50 GMT
Server: Apache
ETag: "09d1f84c5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK main.9781a91b9884330d.js Show response
veolia.benefits.ch/portal/ 2 MB
2 MB 73ms
34ms Script
application/javascript 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/main.9781a91b9884330d.js

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

37a18febd42ae90bb094a253d22f022163d5f439579cf36dbb97e9beb5ee806c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Origin: https://veolia.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2051694957", dtTao;desc="1"
Connection: Keep-Alive
Content-Length: 2614977
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:36:50 GMT
Server: Apache
ETag: "09d1f84c5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK styles.86b8ee5eea78fbaa.css
veolia.benefits.ch/portal/ 67 KB
70 KB 30ms
30ms Stylesheet
text/css 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/styles.86b8ee5eea78fbaa.css

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

a495ffae07a93cd7cb22916cbc321876e27e45c14b2a2f2a80e14e75f9538418

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1375458355"
Connection: Keep-Alive
Content-Length: 69060
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:36:50 GMT
Server: Apache
ETag: "09d1f84c5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: https://ebc.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK Metropolis-Regular.1ad48b753d8196af.ttf
veolia.benefits.ch/portal/ 75 KB
77 KB 138ms
138ms Font
application/octet-stream 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/Metropolis-Regular.1ad48b753d8196af.ttf

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

3e6dbf17949a34f0845226e694b22f8ac328b8e89372204c4655196167fff1a4

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Origin: https://veolia.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1491226593", dtTao;desc="1"
Connection: Keep-Alive
Content-Length: 76504
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:36:49 GMT
Server: Apache
ETag: "09d1f84c5c7da1:0:dtagent10291240606133530VLU+"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Timing-Allow-Origin: *
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK environment.json Show response
veolia.benefits.ch/portal/assets/ 694 B
3 KB 29ms
29ms XHR
application/json 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/assets/environment.json

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

51b33991f7c3d9744d2ee5018227586e8dfed3023a6a53f6e269d8e456c31030

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-dtpc: 5$68124550_424h2vASMUUMKMQCACCQBOLPMANHHDLHMLLGLG-0e0
Accept: application/json, text/plain, */*
Referer: https://veolia.benefits.ch/portal/
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1269235513"
Connection: Keep-Alive
Content-Length: 694
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 15:39:25 GMT
Server: Apache
ETag: "e2507b6dfc7da1:0:dtagent10291240606133530VLU+"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://ebc.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97

GET
H/1.1 200
OK favicon.ico
veolia.benefits.ch/portal/ 4 KB
6 KB 39ms
39ms Other
image/x-icon 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

12d7fec776b660e82115ac08e37d978db9b0981c6dae689a02bdcb566df5a880

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://veolia.benefits.ch/portal/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:24 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Server-Timing: dtSInfo;desc="0", dtRpid;desc="361799162"
Connection: Keep-Alive
Content-Length: 4286
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:32:54 GMT
Server: Apache
ETag: "0df74f7c4c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Access-Control-Allow-Origin: https://ebc.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96

GET
H/1.1 200
OK veolia.benefits.ch Show response
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/configuration/ebcPortal/domain/ 459 B
874 B 149ms
45ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/configuration/ebcPortal/domain/veolia.benefits.ch

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

de8f70ce9aa1b83de7248fd1109d86555fcf6d8326fc676e85d2290b6f1cb628

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://veolia.benefits.ch/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:25 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

OPTIONS
H/1.1 204
No Content veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/ 0
0 26ms
26ms Preflight
text/plain 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL: https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/veolia.benefits.ch
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: applicationid
Access-Control-Request-Method: GET
Origin: https://veolia.benefits.ch
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Access-Control-Allow-Headers, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Language, Content-Type, request-id, redirect-disabled, languagecode, applicationid, MobileRequest, MTAMobileRememberMe, MyTrianonAppVersion, MTAMobileLogin, MTAMobileLogout, MTAMobileLogoutOnError, DeviceUuid, X-CLIENTGUID, x-tenantdatabase, X-TENANTSERVER, X-USERID, X-SIMU, EmployerId, Tenant, X-SignalR-User-Agent, X-Requested-With, x-pr-tag
Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT,DELETE
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Max-Age: 7200
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Jul 2024 12:15:25 GMT
Server: nginx

OPTIONS
H/1.1 204
No Content veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/ 0
0 43ms
19ms Preflight
text/plain 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL: https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/veolia.benefits.ch
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: applicationid
Access-Control-Request-Method: GET
Origin: https://veolia.benefits.ch
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Access-Control-Allow-Headers, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Language, Content-Type, request-id, redirect-disabled, languagecode, applicationid, MobileRequest, MTAMobileRememberMe, MyTrianonAppVersion, MTAMobileLogin, MTAMobileLogout, MTAMobileLogoutOnError, DeviceUuid, X-CLIENTGUID, x-tenantdatabase, X-TENANTSERVER, X-USERID, X-SIMU, EmployerId, Tenant, X-SignalR-User-Agent, X-Requested-With, x-pr-tag
Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT,DELETE
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Max-Age: 7200
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Jul 2024 12:15:25 GMT
Server: nginx

GET
H/1.1 200
OK veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/ 3 MB
3 MB 3230ms
3208ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/veolia.benefits.ch

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://veolia.benefits.ch/
applicationId: ed361637-dc33-4267-98cc-658e67ba1004

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

GET
H/1.1 200
OK veolia.benefits.ch Show response
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/ 14 KB
14 KB 47ms
47ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/veolia.benefits.ch

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

d3edbed1d343eed704a3f0015b1b1e1a2b827e84f3e76cd76966503f33901ed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://veolia.benefits.ch/
applicationId: ed361637-dc33-4267-98cc-658e67ba1004

Response headers

Date: Sat, 06 Jul 2024 12:15:25 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

GET sign-in
ebcidp.benefits.ch/login/ 0
0

POST
H/1.1 200
OK rb_bf08489kms
veolia.benefits.ch/portal/ 118 B
2 KB 28ms
28ms Ping
text/plain 212.243.178.83
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://veolia.benefits.ch/portal/rb_bf08489kms?type=js3&sn=v_4_srv_5_sn_B3319A4D3FFB9FA254425E857DF0839F_perc_100000_ol_0_mul_1_app-3A0b6969c5876cc86b_1_rcs-3Acss_0&svrid=5&flavor=post&vi=ASMUUMKMQCACCQBOLPMANHHDLHMLLGLG-0&modifiedSince=1720177209309&rf=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&bp=3&app=0b6969c5876cc86b&crc=1724199460&en=trbeqjli&end=1

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/ruxitagentjs_ICA7NVfqrux_10291240606133530.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.83 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://veolia.benefits.ch/portal/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 118
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://veolia.benefits.ch
Access-Control-Allow-Credentials: true
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Keep-Alive: timeout=5, max=95

GET
H/1.1 200
OK Primary Request sign-in Show response
ebcidp.benefits.ch/login/ 14 KB
16 KB 97ms
33ms Document
text/html 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N

Requested by

Host: veolia.benefits.ch
URL: https://veolia.benefits.ch/portal/main.9781a91b9884330d.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

6f9302eb657607b92fd867e31965cbe07f15312ad67393bc1e7a0a3a8d8f1d2b

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer: https://veolia.benefits.ch/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 14423
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Content-Type: text/html
Date: Sat, 06 Jul 2024 12:15:28 GMT
ETag: "0c8192dc5c7da1:0"
Keep-Alive: timeout=2, max=40
Last-Modified: Wed, 26 Jun 2024 12:34:24 GMT
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Apache
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK runtime.44c4c97e1c493198.js Show response
ebcidp.benefits.ch/login/ 1 KB
3 KB 28ms
28ms Script
application/javascript 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/runtime.44c4c97e1c493198.js

Requested by

Host: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

27f113f013f67c2c2b227b0d8670e1893a9345d497e706ce7c3bd5da23f2e203

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Origin: https://ebcidp.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1164
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=39

GET
H/1.1 200
OK polyfills.a8efcd40883cc8e9.js Show response
ebcidp.benefits.ch/login/ 56 KB
58 KB 69ms
33ms Script
application/javascript 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/polyfills.a8efcd40883cc8e9.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

78448a71f66be0f43657da2f3a78173a77e9c9b4645e037233c406307d5580d0

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Origin: https://ebcidp.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 57559
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40

GET
H/1.1 200
OK scripts.d03012d9af719e7a.js Show response
ebcidp.benefits.ch/login/ 321 KB
323 KB 64ms
28ms Script
application/javascript 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/scripts.d03012d9af719e7a.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

80c69cf2fbd1279c3e53d8a11bce5aa514a475ef4612d69a14098c86e6d7aae1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 329189
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40

GET
H/1.1 200
OK main.2933dcc33a51cc08.js Show response
ebcidp.benefits.ch/login/ 974 KB
976 KB 65ms
29ms Script
application/javascript 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/main.2933dcc33a51cc08.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

5589f6c8aab5ac403af4b612e31aa94365113c643e1e78d1721a22ee71a60483

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Origin: https://ebcidp.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 997530
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40

GET
H/1.1 200
OK styles.0af3ea368e87cdf6.css
ebcidp.benefits.ch/login/ 50 KB
52 KB 66ms
29ms Stylesheet
text/css 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/styles.0af3ea368e87cdf6.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

cde1afa85e25270937b4b5c102772e5d866b9ff9b25eedb0f0912ff5e2624138

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 51555
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=40

GET
H/1.1 200
OK Metropolis-Regular.1ad48b753d8196af.ttf
ebcidp.benefits.ch/login/ 75 KB
77 KB 49ms
29ms Font
application/octet-stream 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/Metropolis-Regular.1ad48b753d8196af.ttf

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

3e6dbf17949a34f0845226e694b22f8ac328b8e89372204c4655196167fff1a4

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Origin: https://ebcidp.benefits.ch
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:28 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 76504
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:34:20 GMT
Server: Apache
ETag: "06eb72ac5c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=38

GET
H/1.1 200
OK environment.json Show response
ebcidp.benefits.ch/login/assets/ 307 B
2 KB 30ms
29ms XHR
application/json 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/assets/environment.json

Requested by

Host: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/polyfills.a8efcd40883cc8e9.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

ea212c7b2a8e28c881239b5accbd52091c890aebf4c68b9f6c9691bbd44f03d8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:29 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 307
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 15:39:16 GMT
Server: Apache
ETag: "b934a70dfc7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=39

GET
H/1.1 200
OK favicon.ico
ebcidp.benefits.ch/login/ 4 KB
6 KB 30ms
29ms Other
image/x-icon 212.243.178.76
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcidp.benefits.ch/login/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

212.243.178.76 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

Apache / ASP.NET

Resource Hash

12d7fec776b660e82115ac08e37d978db9b0981c6dae689a02bdcb566df5a880

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://ebcidp.benefits.ch/login/sign-in?lang=de&redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:29 GMT
Content-Security-Policy: base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;script-src 'self' 'unsafe-inline' about: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com *.benefits.ch;style-src 'self' 'unsafe-inline' *.googleapis.com https://*.google.com *.benefits.ch;font-src 'self' data: fonts.gstatic.com *.benefits.ch;img-src 'self' data: blob: about: *.benefits.ch *.trianon.ch mobiliar-pub.ch *.tdbtrk.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it *.googleapis.com *.gstatic.com;connect-src 'self' wss: about: *.benefits.ch *.trianon.ch *.umobi.mobicorp.test *.mobicorp.test *.mobiliar-int.ch *.mobiliar.ch *.mobiliere.ch *.mobiliare.ch *.mobiliar-preprod.ch *.tdbtrk.com *.doubleclick.net *.google.com *.google.ch *.google.at *.google.it maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.post.ch:17023;frame-src *.google.com *.doubleclick.net https://*.googletagmanager.com *.benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=15724800;includeSubDomains;
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4286
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 26 Jun 2024 12:32:52 GMT
Server: Apache
ETag: "0b243f6c4c7da1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/x-icon
Permissions-Policy: execution-while-not-rendered=(self), execution-while-out-of-viewport=(self)
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=39

GET
H/1.1 200
OK veolia.benefits.ch Show response
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/configuration/ebcLogin/domain/ 459 B
874 B 48ms
48ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/configuration/ebcLogin/domain/veolia.benefits.ch

Requested by

Host: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/polyfills.a8efcd40883cc8e9.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

3e1115f80d3da155618b2620a7e3650913e60238074bf75194d91594bea96340

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept: application/json, text/plain, */*
Referer: https://ebcidp.benefits.ch/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 06 Jul 2024 12:15:29 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ebcidp.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

OPTIONS
H/1.1 204
No Content veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/ 0
0 19ms
19ms Preflight
text/plain 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL: https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/veolia.benefits.ch
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: applicationid
Access-Control-Request-Method: GET
Origin: https://ebcidp.benefits.ch
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Access-Control-Allow-Headers, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Language, Content-Type, request-id, redirect-disabled, languagecode, applicationid, MobileRequest, MTAMobileRememberMe, MyTrianonAppVersion, MTAMobileLogin, MTAMobileLogout, MTAMobileLogoutOnError, DeviceUuid, X-CLIENTGUID, x-tenantdatabase, X-TENANTSERVER, X-USERID, X-SIMU, EmployerId, Tenant, X-SignalR-User-Agent, X-Requested-With, x-pr-tag
Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT,DELETE
Access-Control-Allow-Origin: https://ebcidp.benefits.ch
Access-Control-Max-Age: 7200
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Jul 2024 12:15:29 GMT
Server: nginx

GET
H/1.1 200
OK veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/ 801 KB
0 829ms
828ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/translations/domain/veolia.benefits.ch

Requested by

Host: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/polyfills.a8efcd40883cc8e9.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://ebcidp.benefits.ch/
applicationId: 28595da2-1516-4bb7-9ead-52dbff15c37d

Response headers

Date: Sat, 06 Jul 2024 12:15:30 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ebcidp.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

GET
H/1.1 200
OK veolia.benefits.ch Show response
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/ 12 KB
12 KB 33ms
33ms XHR
application/json 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL

https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/veolia.benefits.ch

Requested by

Host: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/polyfills.a8efcd40883cc8e9.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),

Reverse DNS

Software

nginx / ASP.NET

Resource Hash

255a5ebadabb342bcad3afa653a7e15413f667ed4d1a02a659c78055285e7e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800;includeSubDomains;

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://ebcidp.benefits.ch/
applicationId: 28595da2-1516-4bb7-9ead-52dbff15c37d

Response headers

Date: Sat, 06 Jul 2024 12:15:29 GMT
Strict-Transport-Security: max-age=15724800;includeSubDomains;
Server: nginx
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Origin
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://ebcidp.benefits.ch
Access-Control-Expose-Headers: Content-Disposition,WARNING-Unavailability
Connection: keep-alive

OPTIONS
H/1.1 204
No Content veolia.benefits.ch
ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/ 0
0 19ms
19ms Preflight
text/plain 212.243.178.78
MOBILIAR

General

Check archive.org

Show headers Download Go to

Full URL: https://ebcapi.benefits.ch/api/ebc/public/v1/application/initialize/theme/domain/veolia.benefits.ch
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 212.243.178.78 Rothrist, Switzerland, ASN212777 (MOBILIAR, CH),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: applicationid
Access-Control-Request-Method: GET
Origin: https://ebcidp.benefits.ch
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: Access-Control-Allow-Headers, Authorization, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Language, Content-Type, request-id, redirect-disabled, languagecode, applicationid, MobileRequest, MTAMobileRememberMe, MyTrianonAppVersion, MTAMobileLogin, MTAMobileLogout, MTAMobileLogoutOnError, DeviceUuid, X-CLIENTGUID, x-tenantdatabase, X-TENANTSERVER, X-USERID, X-SIMU, EmployerId, Tenant, X-SignalR-User-Agent, X-Requested-With, x-pr-tag
Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT,DELETE
Access-Control-Allow-Origin: https://ebcidp.benefits.ch
Access-Control-Max-Age: 7200
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 06 Jul 2024 12:15:29 GMT
Server: nginx

OPTIONS veo.jpg
ebcapi.benefits.ch/api/ebc/public/v1/theme/background/byname/ 0
0

GET veo.jpg
ebcapi.benefits.ch/api/ebc/public/v1/theme/background/byname/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ebcidp.benefits.ch
URL: https://ebcidp.benefits.ch/login/sign-in?redirectUrl=https%3A%2F%2Fveolia.benefits.ch%2Fportal%2F&lang=de&code=eEhBGHV1XTv3h6ljRlxAONf2if4VkieJnaL3NOVF7e65I19JWnl0rHyLA6Pjludz0T8tmb9fge4p6UpL0mZxb2cwZ88kC4BGbROR3r32HnWyMXTcLqQxDbE17rSpEg6N

Domain: ebcapi.benefits.ch
URL: https://ebcapi.benefits.ch/api/ebc/public/v1/theme/background/byname/veo.jpg

Domain: ebcapi.benefits.ch
URL: https://ebcapi.benefits.ch/api/ebc/public/v1/theme/background/byname/veo.jpg

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefits.ch/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_5_sn_B3319A4D3FFB9FA254425E857DF0839F_perc_100000_ol_0_mul_1_app-3A0b6969c5876cc86b_1_rcs-3Acss_0
.benefits.ch/	1969-12-31 23:59:59	Name: rxVisitor Value: 1720268124552EECP61JEVA0D1OLQ61TSJ07URSSJN4MA
.benefits.ch/	1969-12-31 23:59:59	Name: rxvt Value: 1720269925107\|1720268124555
.benefits.ch/	1969-12-31 23:59:59	Name: dtSa Value: false%7Cxhr%7C5%7Cx%7Cx%7C1720268125084%7C68124550_424%7Chttps%3A%2F%2Fveolia.benefits.ch%2Fportal%2F%7C%7C%7C%7C
.benefits.ch/	1969-12-31 23:59:59	Name: dtPC Value: 5$68124550_424h-vASMUUMKMQCACCQBOLPMANHHDLHMLLGLG-0e0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self';script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;script-src 'self' 'unsafe-inline' about: .google-analytics.com .googletagmanager.com .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com .benefits.ch;style-src 'self' 'unsafe-inline' .googleapis.com https://.google.com .benefits.ch;font-src 'self' data: fonts.gstatic.com .benefits.ch;img-src 'self' data: blob: about: .benefits.ch .trianon.ch mobiliar-pub.ch .tdbtrk.com .google-analytics.com .googletagmanager.com .doubleclick.net .google.com .google.ch .google.at .google.it .googleapis.com .gstatic.com;connect-src 'self' wss: about: .benefits.ch .trianon.ch .umobi.mobicorp.test .mobicorp.test .mobiliar-int.ch .mobiliar.ch .mobiliere.ch .mobiliare.ch .mobiliar-preprod.ch .tdbtrk.com .doubleclick.net .google.com .google.ch .google.at .google.it maps.googleapis.com https://.google-analytics.com https://.googletagmanager.com https://.post.ch:17023;frame-src .google.com .doubleclick.net https://.googletagmanager.com .benefits.ch;form-action;object-src 'none';default-src 'self';block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests
Strict-Transport-Security	max-age=15724800;includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ebcapi.benefits.ch
ebcidp.benefits.ch
veolia.benefits.ch
ebcapi.benefits.ch
ebcidp.benefits.ch
212.243.178.76
212.243.178.78
212.243.178.83
12d7fec776b660e82115ac08e37d978db9b0981c6dae689a02bdcb566df5a880
255a5ebadabb342bcad3afa653a7e15413f667ed4d1a02a659c78055285e7e25
27f113f013f67c2c2b227b0d8670e1893a9345d497e706ce7c3bd5da23f2e203
37a18febd42ae90bb094a253d22f022163d5f439579cf36dbb97e9beb5ee806c
3e1115f80d3da155618b2620a7e3650913e60238074bf75194d91594bea96340
3e6dbf17949a34f0845226e694b22f8ac328b8e89372204c4655196167fff1a4
51b33991f7c3d9744d2ee5018227586e8dfed3023a6a53f6e269d8e456c31030
5589f6c8aab5ac403af4b612e31aa94365113c643e1e78d1721a22ee71a60483
6f9302eb657607b92fd867e31965cbe07f15312ad67393bc1e7a0a3a8d8f1d2b
70b219348564a11e20c0cf4692c6dc57b96e60b0245114a94d5e2da836c99d8d
78448a71f66be0f43657da2f3a78173a77e9c9b4645e037233c406307d5580d0
80c69cf2fbd1279c3e53d8a11bce5aa514a475ef4612d69a14098c86e6d7aae1
a495ffae07a93cd7cb22916cbc321876e27e45c14b2a2f2a80e14e75f9538418
a90c367af0c4f49b0dd23e15b7360a9a4d4b1924b75d688972d40c5c6c68e4d8
b83cb8788f0f283a22f9edb18ffd651e0d9b5daf3eb26d22a5a5329260beb30c
cde1afa85e25270937b4b5c102772e5d866b9ff9b25eedb0f0912ff5e2624138
d3edbed1d343eed704a3f0015b1b1e1a2b827e84f3e76cd76966503f33901ed6
de8f70ce9aa1b83de7248fd1109d86555fcf6d8326fc676e85d2290b6f1cb628
ea212c7b2a8e28c881239b5accbd52091c890aebf4c68b9f6c9691bbd44f03d8
fc1556e3b58ffeda88ec40e828c62aeb61fc6b45b95b9d50cd5e081a8e2b2078

ebcidp.benefits.ch Open in urlscan Pro 212.243.178.76 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

32 Requests

91 %HTTPS

0 %IPv6

1 Domains

3 Subdomains

4 IPs

1 Countries

7621 kBTransfer

8521 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ebcidp.benefits.ch Open in urlscan Pro
212.243.178.76 Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

91 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

4
IPs

1
Countries

7621 kB
Transfer

8521 kB
Size

5
Cookies

32 HTTP transactions
0 data transactions