urlscan.io logo urlscan.io
SecurityTrails logo

wes-idp.six-group.com Open in urlscan Pro
153.46.107.142  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://billing.six-group.com/
Effective URL: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3...
Submission: On November 22 via manual from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 153.46.107.142, located in Zurich, Switzerland and belongs to SIX SIX Group Services AG, CH. The main domain is wes-idp.six-group.com. The Cisco Umbrella rank of the primary domain is 391442.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2022 - 1 on April 30th 2024. Valid for: a year.
This is the only time wes-idp.six-group.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 153.46.250.112 9042 (SIX SIX G...)
10 153.46.107.142 9042 (SIX SIX G...)
10 1
Apex Domain
Subdomains		 Transfer
13 six-group.com
billing.six-group.com — Cisco Umbrella Rank: 500325
wes-idp.six-group.com — Cisco Umbrella Rank: 391442
533 KB
10 1
Domain Requested by
10 wes-idp.six-group.com wes-idp.six-group.com
3 billing.six-group.com 3 redirects
10 2

This site contains no links.

Subject Issuer Validity Valid
wes-idp.six-group.com
SwissSign RSA TLS OV ICA 2022 - 1		 2024-04-30 -
2025-04-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Frame ID: 2D543C2ED41F7EA7DA2D0A094E3052F2
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SIX-Anmeldung

Page URL History Show full URLs

  1. http://billing.six-group.com/ HTTP 307
    https://billing.six-group.com/ HTTP 302
    https://billing.six-group.com/directdebit-customer-portal/ HTTP 302
    https://billing.six-group.com/directdebit-customer-portal/ui/ HTTP 302
    https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

531 kB
Transfer

521 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://billing.six-group.com/ HTTP 307
    https://billing.six-group.com/ HTTP 302
    https://billing.six-group.com/directdebit-customer-portal/ HTTP 302
    https://billing.six-group.com/directdebit-customer-portal/ui/ HTTP 302
    https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wes-idp.six-group.com/sixwes/authorize/
Redirect Chain
  • http://billing.six-group.com/
  • https://billing.six-group.com/
  • https://billing.six-group.com/directdebit-customer-portal/
  • https://billing.six-group.com/directdebit-customer-portal/ui/
  • https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atr...
4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
8af1b1c85b6012cdf0d63b955ba7ae0e3d7827491ab7e192a921f086ee59c066
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Content-Type
text/html;charset=utf-8
Date
Fri, 22 Nov 2024 08:35:56 GMT
Expires
Thu, 1 Jan 1970 00:00:00 GMT
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
Keep-Alive
timeout=5, max=100
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Transfer-ID
75ff9f7833a9dd442a26e7a21a1bcc85.b726f31cdfa7bead
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Connection
close
Content-Length
851
Content-Type
text/html; charset=utf-8
Date
Fri, 22 Nov 2024 08:35:56 GMT
Location
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Transfer-ID
0b958378c99a595ce1f7448096830802.b564a653acd17a44
X-XSS-Protection
1; mode=block
main.css
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/ 		109 KB
110 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
23fc04f8e68ac84e6d8b91aaa6257bc990718f16af8d662cefaaeed544cfe6e0
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=99
Date
Fri, 22 Nov 2024 08:35:56 GMT
Content-Type
text/css;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
e5b1996a3bcc73335d617028d994a6b5.8fc2ef8105de0b81
Content-Length
111188
X-XSS-Protection
1; mode=block
Server
Apache
six-logo.svg
wes-idp.six-group.com/resources/ 		977 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wes-idp.six-group.com/resources/six-logo.svg
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
4f517ca9054727024c3535f428db0f7c6440eaa59a1c0fd6b96d948e1183d955
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
image/svg+xml;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
Last-Modified
Wed, 03 Mar 2021 17:46:44 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
8ab9c1213eb44a402193d019af95c0df.d3de1318b445a682
X-XSS-Protection
1; mode=block
Server
Apache
main.js
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/scripts/ 		179 KB
180 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/scripts/main.js?1356d16f37
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
e3526ae341298eecec4d84af7012b37e3417c31e177385688f9a7825076ddfd2
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=100
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
application/javascript;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
039eb1dc43d4454df020a20e24719c86.4c38938d3831e02b
Content-Length
183626
X-XSS-Protection
1; mode=block
Server
Apache
jquery-3.6.3.min.js
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/ 		88 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/jquery-3.6.3.min.js
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=99
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
application/javascript;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
82b6b84484d65aaa32a1267116337136.f39b9bd2712fd22c
Content-Length
89947
X-XSS-Protection
1; mode=block
Server
Apache
swissId.png
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/images/logos/ 		616 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/images/logos/swissId.png
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
ea38c66bfecad1578e6bb3de346e34d2df236770c499c5c135be89b59c840cc9
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=98
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
image/png;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
d7f07540915206977f0c1e283965e305.f461643dc7f097ff
Content-Length
616
X-XSS-Protection
1; mode=block
Server
Apache
noto-sans-v7-latin-ext_latin-regular.woff2
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/noto-sans-v7-latin-ext_latin/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/noto-sans-v7-latin-ext_latin/noto-sans-v7-latin-ext_latin-regular.woff2
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
a1074351ac6df432e365ab5d53e2cf590968f5c8f0681b3d4e55bb018dbdeab5
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://wes-idp.six-group.com
Referer
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=97
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
font/woff2;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
54c9f0450f099680ababfe08f2eb466d.39134cf2a5475240
Content-Length
40216
X-XSS-Protection
1; mode=block
Server
Apache
noto-sans-v7-latin-ext_latin-700.woff2
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/noto-sans-v7-latin-ext_latin/ 		39 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/noto-sans-v7-latin-ext_latin/noto-sans-v7-latin-ext_latin-700.woff2
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
7e92a2edfad1a82e2c576a165534b9b2d9444b754e329dc0a412e4ee80ec014a
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://wes-idp.six-group.com
Referer
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=100
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
font/woff2;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
71df2c55b1e5f76f35f747f8d72ceee3.3bc8d27a77e84c50
Content-Length
40420
X-XSS-Protection
1; mode=block
Server
Apache
MaterialIcons-Regular.woff2
wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/materialdesign/ 		59 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/fonts/materialdesign/MaterialIcons-Regular.woff2
Requested by
Host: wes-idp.six-group.com
URL: https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
0c9a3f7fdc13a3ff04b74e9b982c28fa738fa9373bd43bd24dbca5f2dc360f24
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://wes-idp.six-group.com
Referer
https://wes-idp.six-group.com/static/nevislogrend/applications/oidc-op-sixwes-realm/webdata/resources/styles/main.css?6e4de8c9d4

Response headers

X-Content-Type-Options
nosniff
Expires
Fri, 22 Nov 2024 08:36:14 GMT
Keep-Alive
timeout=5, max=98
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
font/woff2;charset=utf-8
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
9f12bb41165c3ab8f537b52ab829a9ff.0561d998c9ba3b64
Content-Length
60840
X-XSS-Protection
1; mode=block
Server
Apache
favicon.png
wes-idp.six-group.com/resources/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://wes-idp.six-group.com/resources/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
153.46.107.142 Zurich, Switzerland, ASN9042 (SIX SIX Group Services AG, CH),
Reverse DNS
wes-idp.six-group.com
Software
Apache /
Resource Hash
02bc65607eff564bb218e99dccf7cb96fbabee82156ba9518c3af706bd319e37
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://wes-idp.six-group.com/sixwes/authorize/?scope=openid+roles&claims=%7B%22id_token%22%3A%7B%22acr%22%3A%7B%22values%22%3A%5B%223%3Acertificate%22%2C%222%3Aswissid%22%5D%2C%22essential%22%3Atrue%7D%7D%7D&response_type=code&redirect_uri=https%3A%2F%2Fbilling.six-group.com%2Fdirectdebit-customer-portal%2Fui%2F&state=7FMwlsBDdbKLhotkpdLXicZPODWlHVYrijctsQ_1FbA&nonce=pyPgwJEaCDi-Ok8A7JlyuOdHrqDVGYop6uuWcR9fcak&client_id=bbsweb-billing&response_mode=query&unit=pns&valid_before=2024-11-22T08%3A40%3A56.728528570Z&prompt=select_account

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Fri, 22 Nov 2024 08:35:57 GMT
Content-Type
image/png
Feature-Policy
layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'
Last-Modified
Sun, 16 Jan 2022 10:04:21 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000
Content-Security-Policy
base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Cache-Control
public, max-age=3600
Connection
Keep-Alive
Referrer-Policy
strict-origin-when-cross-origin
Permissions-Policy
layout-animations=(none), unoptimized-images=(none), oversized-images=(none), sync-script=(none), sync-xhr=(none), unsized-media=(none)
X-Transfer-ID
0b3c3c1ff6592fb72db910c7c0a489b9.d7f598f7728129b6
X-XSS-Protection
1; mode=block
Server
Apache

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __core-js_shared__ object| core function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
billing.six-group.com/ Name: __Host-Session_web-realm
Value: 3822f00a0e2aeU6h3NjYvs7XnUAZCX9U0WxX8d6TfNJAzq2VpLluH7AHti
wes-idp.six-group.com/ Name: LANG
Value: de
wes-idp.six-group.com/ Name: __Host-Session_oidc-op-sixwes
Value: 38e4f00a0e2aRDMDSAMYd7T75OUnF8dJwmdUkEBoii7mjWiMY8gQE5AR1C

17 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'sync-script'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.
security warning
Message:
Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: sync-xhr. Values defined in Permissions-Policy header will be used.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature layout-animations. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature unoptimized-images. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature oversized-images. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature sync-script. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature sync-xhr. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Invalid allowlist item(none) for feature unsized-media. Allowlist item must be *, self or quoted url.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'sync-script'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'unsized-media'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block