urlscan.io logo urlscan.io
SecurityTrails logo

ebanking.bgsuissebank.ch Open in urlscan Pro
217.26.33.18  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ebanking.bgsuissebank.ch/
Effective URL: https://ebanking.bgsuissebank.ch/auth/login
Submission: On November 08 via automatic, source certstream-suspicious — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 217.26.33.18, located in Switzerland and belongs to BSOURCE-AS, CH. The main domain is ebanking.bgsuissebank.ch.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 17th 2023. Valid for: a year.
This is the only time ebanking.bgsuissebank.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 17 217.26.33.18 197312 (BSOURCE-AS)
13 1
Apex Domain
Subdomains		 Transfer
17 bgsuissebank.ch
ebanking.bgsuissebank.ch
3 MB
13 1
Domain Requested by
17 ebanking.bgsuissebank.ch 4 redirects ebanking.bgsuissebank.ch
13 1

This site contains links to these domains. Also see Links.

Domain
www.bgsuissebank.ch
Subject Issuer Validity Valid
ebanking.bgsuissebank.ch
Sectigo RSA Organization Validation Secure Server CA		 2023-11-17 -
2024-11-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ebanking.bgsuissebank.ch/auth/login
Frame ID: 48ABB187AF2014C9C06F3919EB61B085
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BG Suisse e-banking

Page URL History Show full URLs

  1. https://ebanking.bgsuissebank.ch/ HTTP 303
    https://ebanking.bgsuissebank.ch/gench/wb/ui/ HTTP 303
    https://ebanking.bgsuissebank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Ebgsuissebank%2Ech%2Fgench... HTTP 302
    https://ebanking.bgsuissebank.ch/auth/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

3315 kB
Transfer

3302 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ebanking.bgsuissebank.ch/ HTTP 303
    https://ebanking.bgsuissebank.ch/gench/wb/ui/ HTTP 303
    https://ebanking.bgsuissebank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Ebgsuissebank%2Ech%2Fgench%2Fwb%2Fui%2F HTTP 302
    https://ebanking.bgsuissebank.ch/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://ebanking.bgsuissebank.ch/auth/images/favicon/favicon.ico HTTP 303
  • https://ebanking.bgsuissebank.ch/error_path/404.html?al_req_id=Zy4JBkLEvJSx1Ny7Ys-e0AAAAbc

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
ebanking.bgsuissebank.ch/auth/
Redirect Chain
  • https://ebanking.bgsuissebank.ch/
  • https://ebanking.bgsuissebank.ch/gench/wb/ui/
  • https://ebanking.bgsuissebank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Ebgsuissebank%2Ech%2Fgench%2Fwb%2Fui%2F
  • https://ebanking.bgsuissebank.ch/auth/login
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
2874937ab4e3383a3a187b8d2189a19d55cc34884ae5bbc2c37496c7808d858f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Language
de
Content-Length
6676
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Content-Type
text/html;charset=UTF-8
Date
Fri, 08 Nov 2024 12:50:12 GMT
Expires
01/01/99 20:00:00 GMT
Keep-Alive
timeout=10, max=497
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Content-Type
text/plain;charset=utf-8
Date
Fri, 08 Nov 2024 12:50:12 GMT
Expires
01/01/99 20:00:00 GMT
Keep-Alive
timeout=10, max=498
Location
login
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-XSS-Protection
1; mode=block
afpaas-iam.css
ebanking.bgsuissebank.ch/auth/css/ 		58 KB
59 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
c2b7985abe74d5e8c7df9bb04f71cbb15d85cda212b3122474f1a08f880822c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

ETag
W/"58959-1719678312988"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=496
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:12 GMT
Content-Type
text/css;charset=UTF-8
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
58959
X-XSS-Protection
1; mode=block
Server
Apache
jquery-3.5.1.min.js
ebanking.bgsuissebank.ch/auth/js/airlock/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/js/airlock/jquery-3.5.1.min.js
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

ETag
W/"89476-1673967301000"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=500
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Tue, 17 Jan 2023 14:55:01 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
89476
X-XSS-Protection
1; mode=block
Server
Apache
main.js
ebanking.bgsuissebank.ch/auth/js/airlock/ 		870 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/js/airlock/main.js?r=901c65ee-5971-4d0e-8cb2-8f2f09de66c8
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
e33008091af980090e595f8749b1dac1bb49dcc7a69d68fed428ba124db3db2a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

ETag
W/"870-1673967301000"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=500
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Tue, 17 Jan 2023 14:55:01 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
870
X-XSS-Protection
1; mode=block
Server
Apache
afpaas.js
ebanking.bgsuissebank.ch/auth/js/ 		524 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/js/afpaas.js
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
216e6e555c8a0dac93d29405b0116d50b246473db7b72a6ded7e42124bc41b9d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

ETag
W/"524-1719678313415"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=500
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
524
X-XSS-Protection
1; mode=block
Server
Apache
login-background-hd-2x.jpg
ebanking.bgsuissebank.ch/auth/images/afpaas/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ebanking.bgsuissebank.ch/auth/images/afpaas/login-background-hd-2x.jpg
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
2dd3e68a462cc739abe3c2e83d94771b25829416cfb025df71b78287d957fddb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"3030363-1719678313360"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=499
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
image/jpeg
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
3030363
X-XSS-Protection
1; mode=block
Server
Apache
logo-2x.png
ebanking.bgsuissebank.ch/auth/images/afpaas/logos/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ebanking.bgsuissebank.ch/auth/images/afpaas/logos/logo-2x.png
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
f7793f86acfea3769ec277b3deb9ede93638f0d4685ad5b3de63c95c4d38dc6d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"40922-1719678313369"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=495
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
40922
X-XSS-Protection
1; mode=block
Server
Apache
fontawesome-webfont.woff2
ebanking.bgsuissebank.ch/auth/fonts/font-awesome/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/fonts/font-awesome/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://ebanking.bgsuissebank.ch
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"77160-1719678313151"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=499
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
font/woff2
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
77160
X-XSS-Protection
1; mode=block
Server
Apache
Roboto-Regular-webfont.woff
ebanking.bgsuissebank.ch/auth/fonts/roboto/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/fonts/roboto/Roboto-Regular-webfont.woff
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
a1e5b0dd9cd90fe3ef3e24aea202819ee74693d62c00bac8e3fb7c837d8adbfe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://ebanking.bgsuissebank.ch
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"25020-1719678313349"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=499
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
25020
X-XSS-Protection
1; mode=block
Server
Apache
Roboto-Light-webfont.woff
ebanking.bgsuissebank.ch/auth/fonts/roboto/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/fonts/roboto/Roboto-Light-webfont.woff
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
94e3c960e7ac7a42aac1f0a681c9e4d497c626c0ee7593de6450410b6d4b26fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://ebanking.bgsuissebank.ch
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"24576-1719678313272"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=500
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
24576
X-XSS-Protection
1; mode=block
Server
Apache
Roboto-Medium-webfont.woff
ebanking.bgsuissebank.ch/auth/fonts/roboto/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/fonts/roboto/Roboto-Medium-webfont.woff
Requested by
Host: ebanking.bgsuissebank.ch
URL: https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
8ca845a97256742debfc82004246fe03d97da1aae5b41b691b23d90b70df3910
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://ebanking.bgsuissebank.ch
Referer
https://ebanking.bgsuissebank.ch/auth/css/afpaas-iam.css

Response headers

ETag
W/"25048-1719678313316"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=500
Date
Fri, 08 Nov 2024 12:50:12 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
font/woff
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
25048
X-XSS-Protection
1; mode=block
Server
Apache
404.html
ebanking.bgsuissebank.ch/error_path/
Redirect Chain
  • https://ebanking.bgsuissebank.ch/auth/images/favicon/favicon.ico
  • https://ebanking.bgsuissebank.ch/error_path/404.html?al_req_id=Zy4JBkLEvJSx1Ny7Ys-e0AAAAbc
743 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/error_path/404.html?al_req_id=Zy4JBkLEvJSx1Ny7Ys-e0AAAAbc
Protocol
HTTP/1.1
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
0f19d1edd344df35f7f3494b8b5d4b391f449d0eacb672116d1b2b59ca7da1c5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Cache-Control
no-cache
Pragma
no-cache
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=497
Date
Fri, 08 Nov 2024 12:50:14 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/html
Server
Apache

Redirect headers

Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Location
/error_path/404.html?al_req_id=Zy4JBkLEvJSx1Ny7Ys-e0AAAAbc
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options
nosniff
Content-Length
123
Keep-Alive
timeout=10, max=498
Date
Fri, 08 Nov 2024 12:50:14 GMT
X-XSS-Protection
1; mode=block
Content-Type
text/html
Server
Apache
favicon-32x32.png
ebanking.bgsuissebank.ch/auth/images/favicon/ 		417 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ebanking.bgsuissebank.ch/auth/images/favicon/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.18 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
e034392e9e61395a8978adeeee7fb18ebd403d7dc29309bbdda51501de0e4a86
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://ebanking.bgsuissebank.ch/auth/login

Response headers

ETag
W/"417-1719678313379"
X-Content-Type-Options
nosniff
Keep-Alive
timeout=10, max=496
Date
Fri, 08 Nov 2024 12:50:14 GMT
Last-Modified
Sat, 29 Jun 2024 16:25:13 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Content-Security-Policy
default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
Accept-Ranges
bytes
Content-Length
417
X-XSS-Protection
1; mode=block
Server
Apache

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| event function| $ function| jQuery object| iam function| toggleLanguageMenu function| togglePasswordChange function| toggleDisclaimer function| toggleClassOnElement

1 Cookies

Domain/Path Name / Value
ebanking.bgsuissebank.ch/ Name: AL_SESS-S
Value: AcgG5qGChVNrOPv6H1ZOKBWhbYwY9rajj9H_sDezQJr!6KcPt4Ky6OUTJntevbQBKV3q

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://ebanking.bgsuissebank.ch/auth/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://ebanking.bgsuissebank.ch/error_path/404.html?al_req_id=Zy4JBkLEvJSx1Ny7Ys-e0AAAAbc
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; media-src 'self'
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self'; img-src 'self' data:; font-src 'self' data:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block