wwwsec.bbobank.ch Open in urlscan Pro
193.223.21.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://wwwsec.bbobank.ch/
Effective URL:
https://wwwsec.bbobank.ch/authen/login
Submission: On November 08 via automatic, source certstream-suspicious (November 8th 2021, 5:09:32 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 193.223.21.20, located in Switzerland and belongs to SWISSCOM Swisscom Switzerland Ltd, CH. The main domain is wwwsec.bbobank.ch.
TLS certificate: Issued by QuoVadis Europe EV SSL CA G1 on November 18th 2020. Valid for: a year.

This is the only time wwwsec.bbobank.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	193.223.21.20 193.223.21.20	3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd)
1	193.222.69.82 193.222.69.82	3303 (SWISSCOM ...) (SWISSCOM Swisscom Switzerland Ltd)
10	2

11 193.223.21.20 (Switzerland) 2 redirects

ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)

wwwsec.bbobank.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.222.69.82 (Therwil, Switzerland)

ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH)

ebanking.esprit-netzwerk.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	bbobank.ch 2 redirects wwwsec.bbobank.ch	447 KB
1	esprit-netzwerk.ch ebanking.esprit-netzwerk.ch	691 KB
10	2

	Domain	Requested by
11	wwwsec.bbobank.ch	2 redirects wwwsec.bbobank.ch
1	ebanking.esprit-netzwerk.ch	wwwsec.bbobank.ch
10	2

This site contains links to these domains. Also see Links.

Domain
www.ebas.ch
bbobank.ch

Subject Issuer	Validity	Valid
wwwsec.bbobank.ch QuoVadis Europe EV SSL CA G1	`2020-11-18` - `2021-11-18`	a year	crt.sh
*.esprit-netzwerk.ch QuoVadis Global SSL ICA G2	`2020-01-30` - `2022-01-30`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://wwwsec.bbobank.ch/authen/login
Frame ID: 4FA4E9603EFCBBB04B30EE0A9571AFD2
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login E-Banking / Kundenportal<fmt:message key="loginpage.metaTitle"/>

Page URL History Show full URLs

https://wwwsec.bbobank.ch/ HTTP 303
https://wwwsec.bbobank.ch/authen/check-login HTTP 302
https://wwwsec.bbobank.ch/authen/login Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1137 kB
Transfer

1132 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ebas.ch/de/
Title: Sicherheit

Search URL Search Domain Scan URL

URL: https://bbobank.ch/de/Info/Zahlungsmittel/BBO_E-Banking
Title: Hilfe / Anleitungen

Search URL Search Domain Scan URL

URL: https://www.ebas.ch/5-schritte-fuer-ihre-digitale-sicherheit/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://wwwsec.bbobank.ch/ HTTP 303
https://wwwsec.bbobank.ch/authen/check-login HTTP 302
https://wwwsec.bbobank.ch/authen/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
wwwsec.bbobank.ch/authen/
Redirect Chain

https://wwwsec.bbobank.ch/
https://wwwsec.bbobank.ch/authen/check-login
https://wwwsec.bbobank.ch/authen/login

6 KB
7 KB

37ms
37ms

Document
text/html

193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

f9b1d65c702edeb410cbc135e3292564b3fdf980dcca1e059e51f5f68e4155c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; object-src 'none'; script-src 'nonce-7RJAeAddAG58P8CVNsxhwBdkfjawCP-TLL6JzQqgG78' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
server: Apache
content-security-policy: default-src 'self'; object-src 'none'; script-src 'nonce-7RJAeAddAG58P8CVNsxhwBdkfjawCP-TLL6JzQqgG78' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
pragma: no-cache
cache-control: private, max-age=0, no-store, no-cache
expires: 01/01/99 20:00:00 GMT
x-envoy-upstream-service-time: 12
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=16070400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: same-origin
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-tnt: 8521
content-type: text/html;charset=UTF-8

Redirect headers

date: Mon, 08 Nov 2021 17:09:27 GMT
server: Apache
content-length: 0
content-security-policy: default-src 'self'; object-src 'none'; script-src 'nonce-QoptVQqS_EyIb9nvZOR0ce4HzsTuqsfR0LbOZCgtRSo' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
pragma: no-cache
cache-control: private, max-age=0, no-store, no-cache
expires: 01/01/99 20:00:00 GMT
location: /authen/login
x-envoy-upstream-service-time: 12
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=16070400
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: same-origin
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-tnt: 8521
content-type: text/plain;charset=utf-8

GET
H2 200 main.css
wwwsec.bbobank.ch/authen/css/ 260 KB
262 KB 26ms
26ms Stylesheet
text/css 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

a60e29511e2c2403e869062098755267df5e59d9d0ff9b183906f6f6622f16d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://wwwsec.bbobank.ch/authen/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Tue, 05 Oct 2021 21:54:15 GMT
server: Apache
etag: W/"266234-1633470855000"
x-frame-options: SAMEORIGIN
content-type: text/css;charset=UTF-8
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 266234
x-content-type-options: nosniff

GET
H2 200 jquery-3.5.1.min.js Show response
wwwsec.bbobank.ch/authen/js/airlock/ 87 KB
88 KB 38ms
37ms Script
application/javascript 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/js/airlock/jquery-3.5.1.min.js

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://wwwsec.bbobank.ch/authen/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Mon, 31 May 2021 06:28:42 GMT
server: Apache
etag: W/"89476-1622442522000"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 89476
x-content-type-options: nosniff

GET
H2 200 main.js Show response
wwwsec.bbobank.ch/authen/js/airlock/ 3 KB
3 KB 38ms
38ms Script
application/javascript 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/js/airlock/main.js?r=1b358e64-5ef5-4e82-99e9-32090a714674

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

184341fdf79e5068bb9d40b05ad360934e67d12e4d32e36b953d624114f671df

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://wwwsec.bbobank.ch/authen/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Mon, 31 May 2021 06:28:42 GMT
server: Apache
etag: W/"3236-1622442522000"
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 3236
x-content-type-options: nosniff

GET
H2 200 utils.js Show response
wwwsec.bbobank.ch/authen/scripts/ 226 B
642 B 26ms
26ms Script
application/javascript 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/scripts/utils.js

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

2058fb465e7c03f2dc6e5894c57c86deaa8b92d04949ceedd2ae54165bf14df6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; object-src 'none'; script-src 'nonce-YvXL2RYhbRHC99WWU7Qr1VxuNgqhlHjdFtE2kWELyHE' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://wwwsec.bbobank.ch/authen/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src 'self'; object-src 'none'; script-src 'nonce-YvXL2RYhbRHC99WWU7Qr1VxuNgqhlHjdFtE2kWELyHE' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-tnt: 8521
content-length: 226
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Tue, 09 Feb 2021 22:49:11 GMT
server: Apache
x-frame-options: SAMEORIGIN
etag: W/"226-1612910951000"
strict-transport-security: max-age=16070400
content-type: application/javascript
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
accept-ranges: bytes
date: Mon, 08 Nov 2021 17:09:27 GMT

GET
H2 200 logo.png
wwwsec.bbobank.ch/authen/images/ 23 KB
23 KB 28ms
27ms Image
image/png 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wwwsec.bbobank.ch/authen/images/logo.png

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

fa6b7fcd3f17b80d60c26101920692e9ef042ca2d20528b2fb858e4b3e83440a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://wwwsec.bbobank.ch/authen/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Tue, 09 Feb 2021 22:49:11 GMT
server: Apache
etag: W/"23578-1612910951000"
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 23578
x-content-type-options: nosniff

GET
H/1.1 200
OK ebas
ebanking.esprit-netzwerk.ch/api/image/ 690 KB
691 KB 71ms
20ms Image
image/jpeg 193.222.69.82
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ebanking.esprit-netzwerk.ch/api/image/ebas?language=de&image=SafeBanking_160x133
Requested by: Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/login
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.222.69.82 Therwil, Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 6c3def131ef6bb3cb51ed1f728d711a805edd32a5a86424ba123bf229a389114

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 08 Nov 2021 17:09:27 GMT
api-supported-versions: 1.0
X-Powered-By: ASP.NET
Content-Length: 706795
Content-Disposition: attachment; filename=SafeBanking_160x133_de.jpg; filename*=UTF-8''SafeBanking_160x133_de.jpg
Server: Microsoft-IIS/10.0
Content-Type: image/jpeg; v=1.0

GET
H2 200 StoneSansITC-Medium.woff2
wwwsec.bbobank.ch/authen/fonts/ 20 KB
20 KB 27ms
27ms Font
font/woff2 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/fonts/StoneSansITC-Medium.woff2

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

76217e7adc49db04cee4b023c3c28c19b215bec7cbe72e871c513d77adbabdb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674
Origin: https://wwwsec.bbobank.ch
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Tue, 09 Feb 2021 22:49:11 GMT
server: Apache
etag: W/"20660-1612910951000"
x-frame-options: SAMEORIGIN
content-type: font/woff2
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 20660
x-content-type-options: nosniff

GET
H2 200 StoneSans-Semibold.woff2
wwwsec.bbobank.ch/authen/fonts/ 24 KB
25 KB 29ms
29ms Font
font/woff2 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/fonts/StoneSans-Semibold.woff2

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

baa6f0e35cd932fde92b62260eb320109990c3f4dcbcf5d3074a0bb3a15f992e

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674
Origin: https://wwwsec.bbobank.ch
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Tue, 09 Feb 2021 22:49:11 GMT
server: Apache
etag: W/"24860-1612910951000"
x-frame-options: SAMEORIGIN
content-type: font/woff2
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 24860
x-content-type-options: nosniff

GET
H2 200 glyphicons-halflings-regular.woff2
wwwsec.bbobank.ch/authen/fonts/ 18 KB
18 KB 28ms
28ms Font
font/woff2 193.223.21.20
SWISSCOM Swisscom...

General

Check archive.org

Show headers Download Go to

Full URL

https://wwwsec.bbobank.ch/authen/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: wwwsec.bbobank.ch
URL: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.223.21.20 , Switzerland, ASN3303 (SWISSCOM Swisscom Switzerland Ltd, CH),

Reverse DNS

Software

Apache /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wwwsec.bbobank.ch/authen/css/main.css?r=1b358e64-5ef5-4e82-99e9-32090a714674
Origin: https://wwwsec.bbobank.ch
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 08 Nov 2021 17:09:27 GMT
referrer-policy: same-origin
last-modified: Tue, 09 Feb 2021 22:49:11 GMT
server: Apache
etag: W/"18028-1612910951000"
x-frame-options: SAMEORIGIN
content-type: font/woff2
x-xss-protection: 1; mode=block
feature-policy: autoplay 'self'; camera 'self'; display-capture 'self'; document-domain 'self'; encrypted-media 'self'; fullscreen 'self'; geolocation 'self'; microphone 'self'; midi 'self'; payment 'self'; vr 'self'; xr 'self'
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=16070400
accept-ranges: bytes
x-tnt: 8521
content-length: 18028
x-content-type-options: nosniff

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wwwsec.bbobank.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: AQ7pglfXZ_qtR0_7KaYMq7sTZNPoBUp2nUOYm1ETAvKczMDozsrzRv5QdQaoQMAeOJXM

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'xr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; object-src 'none'; script-src 'nonce-7RJAeAddAG58P8CVNsxhwBdkfjawCP-TLL6JzQqgG78' 'strict-dynamic' 'unsafe-inline' 'self'; img-src 'self' https://www.esprit-netzwerk.ch https://*.esprit-netzwerk.ch https://www.bbobank.ch https://api.futurae.com data:; style-src 'unsafe-inline' 'self'; base-uri 'self'; frame-ancestors 'self'; connect-src 'self' https://api.futurae.com wss://api.futurae.com;
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ebanking.esprit-netzwerk.ch
wwwsec.bbobank.ch
193.222.69.82
193.223.21.20
184341fdf79e5068bb9d40b05ad360934e67d12e4d32e36b953d624114f671df
2058fb465e7c03f2dc6e5894c57c86deaa8b92d04949ceedd2ae54165bf14df6
6c3def131ef6bb3cb51ed1f728d711a805edd32a5a86424ba123bf229a389114
76217e7adc49db04cee4b023c3c28c19b215bec7cbe72e871c513d77adbabdb3
a60e29511e2c2403e869062098755267df5e59d9d0ff9b183906f6f6622f16d7
baa6f0e35cd932fde92b62260eb320109990c3f4dcbcf5d3074a0bb3a15f992e
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9b1d65c702edeb410cbc135e3292564b3fdf980dcca1e059e51f5f68e4155c8
fa6b7fcd3f17b80d60c26101920692e9ef042ca2d20528b2fb858e4b3e83440a
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

wwwsec.bbobank.ch Open in urlscan Pro 193.223.21.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

1137 kBTransfer

1132 kBSize

1 Cookies

3 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

wwwsec.bbobank.ch Open in urlscan Pro
193.223.21.20 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1137 kB
Transfer

1132 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions