urlscan.io logo urlscan.io
SecurityTrails logo

id-uat.credit-suisse.com Open in urlscan Pro
198.240.148.201  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ib-br-uat.credit-suisse.com/
Effective URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.co...
Submission: On November 26 via automatic, source certstream-suspicious — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 198.240.148.201, located in Switzerland and belongs to CREDITSUISSEGROUP-AS Credit Suisse Group, CH. The main domain is id-uat.credit-suisse.com.
TLS certificate: Issued by DigiCert QV TLS ICA G1 on June 6th 2024. Valid for: a year.
This is the only time id-uat.credit-suisse.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.240.148.93 3412 (CREDITSUI...)
14 198.240.148.201 3412 (CREDITSUI...)
14 1
Apex Domain
Subdomains		 Transfer
15 credit-suisse.com
ib-br-uat.credit-suisse.com
id-uat.credit-suisse.com
615 KB
14 1
Domain Requested by
14 id-uat.credit-suisse.com id-uat.credit-suisse.com
1 ib-br-uat.credit-suisse.com 1 redirects
14 2

This site contains links to these domains. Also see Links.

Domain
www.credit-suisse.com
Subject Issuer Validity Valid
id-uat.credit-suisse.com
DigiCert QV TLS ICA G1		 2024-06-06 -
2025-06-27		 a year crt.sh

This page contains 1 frames:

Primary Page: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Frame ID: A258050F08C95EF8CA08AEB2F3DB93A6
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Credit Suisse

Page URL History Show full URLs

  1. https://ib-br-uat.credit-suisse.com/ HTTP 302
    https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzy... Page URL
  2. https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

614 kB
Transfer

702 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ib-br-uat.credit-suisse.com/ HTTP 302
    https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1 Page URL
  2. https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ib-br-uat.credit-suisse.com/ HTTP 302
  • https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
logingemini2fa.fcc
id-uat.credit-suisse.com/auth/fed/
Redirect Chain
  • https://ib-br-uat.credit-suisse.com/
  • https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy4...
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Cache-Control
no-store, private, no-cache, no-store, no-transform, max-age=0
Connection
Keep-Alive
Content-Length
3424
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Content-Type
text/html;charset=UTF-8
Date
Tue, 26 Nov 2024 07:35:24 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Unknown
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Origin
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' *.credit-suisse.com data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_reports_/csp
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 26 Nov 2024 07:35:22 GMT
Keep-Alive
timeout=5, max=10
Location
https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1
Server
Unknown
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-Content-Security-Policy
default-src 'self' *.credit-suisse.com data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_reports_/csp
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request startSSO.ping
id-uat.credit-suisse.com/idp/ 		24 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
1a0364aa145efde9bbd8e0d649032d88fbd76d40c1e3db6b930012246ed97ab4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://id-uat.credit-suisse.com/auth/fed/logingemini2fa.fcc?SMQUERYDATA=-SM-9S07SDH1RIVsztI3%2f%2bV23lw5rmzyDCRfQlotirY3ET9IiTFPlo8XUvh8JVzAcRaZ%2f%2bjCw%2fT9owFeLco1sit4RMlZif9%2bMR1pm0GQXRiyXmy438ip%2fvc029X%2f%2f6SnTpme17qAbWuRtDrytO8WRplkOLJ5HuAFGJpHkUGPNSRy1GhO2tddo4BN59HR3BAcckRy6VzBNRHLdxpdi8cOxuyBr8vbcSeoxVHXbqL0L4j6noKdaTKMWFBqQEi8FkncgzAEHD%2baiCA6X6EJUkkdWalAmZiSx2ZHxXMDrF2l1%2fT0L7bMZwScMUvWu6j0d7qt3gZZdCKC%2fZDYY8GTv4d7sVgCe7KDwh3FjYC%2bf5sVEILg%2bf0v22uAH4n0wJmYZkHw8MR%2fQkBMpGAx3NLc85XzPHh7DtYJqCLqKF%2fr%2fGFmHj2eYyRyrGwN%2f2E9N153DdRzi7R1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
24995
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Content-Type
text/html;charset=utf-8
Date
Tue, 26 Nov 2024 07:35:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Referrer-Policy
origin
Server
Unknown
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Origin
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
f99271c5437f4cd453e5.jpg
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		191 KB
193 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/f99271c5437f4cd453e5.jpg
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
8dd81b23f433d47e009918e73922dcd17fb5ef0d4ed1680b621286bbcd2c76ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://id-uat.credit-suisse.com/

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
image/jpeg
Vary
Origin
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Server
Unknown
8944ca6c83af13fe4704.svg
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		11 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/8944ca6c83af13fe4704.svg
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
30e7f1c2cac437fbce69b1a24e2b8f5dd76c6b4e0f42fb2e38362e45bdf44d1d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://id-uat.credit-suisse.com/

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
image/svg+xml
Vary
Origin
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Server
Unknown
jquery-3.7.1.min.js
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		85 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/jquery-3.7.1.min.js
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
7aa6b0e08f48a0f95d8df7ea89e4cbfe1ef3d1e8c0f7373f7f25edfb4e4a325e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
jquery.validate-1.19.5.min.js
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/jquery.validate-1.19.5.min.js
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
e9ed0df9626254a05e4e2b4ad46292c0f8b7adb74fa4bb6ea9a8a2b598de0f6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Tue, 26 Nov 2024 06:53:48 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
login-1fa_head-55b2004c61a0406f960d.js
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/login-1fa_head-55b2004c61a0406f960d.js
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
5cdd1123a68abca61ca0443e990e5b21c85de6f4feaff8dbf6aaf2ebc030dd1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Tue, 26 Nov 2024 07:35:26 GMT
Content-Type
application/x-javascript
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
styles_head-19806bbc2eb005343b07.css
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		24 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/styles_head-19806bbc2eb005343b07.css
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
eafc052f438d6e5433e6cd3094a587ff251c9aa4f20365a404a695a822471930
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

Content-Encoding
gzip
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Tue, 26 Nov 2024 07:35:26 GMT
Content-Type
text/css
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
73a219d2118bb6e963d0.woff2
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		89 KB
91 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/73a219d2118bb6e963d0.woff2
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
a3fd3994284675f7a702d5d45731b2f68488e0ef14ae99d25d8bee239b6b7da6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
application/font-woff2
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
225d5ac4f1bbd12a1b3d.woff2
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		97 KB
99 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/225d5ac4f1bbd12a1b3d.woff2
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
2786aa74ba9a1c80e61c40f206bde77932d786eba1ac87ce7f96de3b7cb38474
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
application/font-woff2
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
416d38eae6f5aeed3ff3.woff2
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/416d38eae6f5aeed3ff3.woff2
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
4b912569df938a49d5393f4597f1870daf139e0f03a17e4f04957557c13cef71
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
application/font-woff2
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
c385ca0d8f5bfcfd7aed.woff2
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/c385ca0d8f5bfcfd7aed.woff2
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
d80a3fc40849a9357fc9defa1757d7074e984c9ca79ac4b65cf04a5f9665374a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://id-uat.credit-suisse.com
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Tue, 26 Nov 2024 07:35:25 GMT
Content-Type
application/font-woff2
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Origin
https://id-uat.credit-suisse.com
X-XSS-Protection
1; mode=block
Server
Unknown
logoff.json
id-uat.credit-suisse.com/auth/v1/p/s/sm/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/sm/logoff.json
Requested by
Host: id-uat.credit-suisse.com
URL: https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/jquery-3.7.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
text/plain, */*; q=0.01

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Tue, 26 Nov 2024 07:35:26 GMT
Content-Type
application/json
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-control
private, max-age=0, no-store
Pragma
no-cache
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Server
Unknown
favicon.ico
id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/favicons/ 		92 KB
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://id-uat.credit-suisse.com/auth/v1/p/s/cms/140f/TALZf7MquYWtbyNE/favicons/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.240.148.201 , Switzerland, ASN3412 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
Unknown /
Resource Hash
1f7017aa61878a28ba6558617e103a6e71a258c46bc8a49c61611becb07088ee
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://id-uat.credit-suisse.com/idp/startSSO.ping?PartnerSpId=BIG2FA-uat&TargetResource=https%3A%2F%2Fib-br-uat.credit-suisse.com%2F

Response headers

X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=97
Date
Tue, 26 Nov 2024 06:53:52 GMT
Content-Type
image/x-icon
Vary
Origin
Last-Modified
Thu, 25 Jul 2024 14:07:55 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Cache-Control
public, max-age=2592000
Pragma
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Server
Unknown

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| changeLanguage string| serverResponse string| via string| target object| i18n object| federatedDomains function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
id-uat.credit-suisse.com/ Name: PF
Value: nwbbJERco6jD7ZPYFT1uov
.credit-suisse.com/ Name: SMSESSION
Value: LOGGEDOFF

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://hermes-uat.credit-suisse.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hermes-uat.credit-suisse.com; style-src 'self' 'unsafe-inline' https://hermes-uat.credit-suisse.com; img-src 'self' data: https://hermes-uat.credit-suisse.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-ancestors 'self' plus-uat.credit-suisse.com; report-uri /_reports_/csp
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block