urlscan.io logo urlscan.io
SecurityTrails logo

hub.credit-suisse.com Open in urlscan Pro
199.53.21.190  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://creditsuisseind.sharepoint.com/
Effective URL: https://hub.credit-suisse.com/idp/SSO.saml2
Submission: On October 06 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 199.53.21.190, located in Switzerland and belongs to CREDITSUISSEGROUP-AS Credit Suisse Group, CH. The main domain is hub.credit-suisse.com.
TLS certificate: Issued by DigiCert QV TLS ICA G1 on July 17th 2023. Valid for: a year.
This is the only time hub.credit-suisse.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2620:1ec:8fa::10 8075 (MICROSOFT...)
3 3 2620:1ec:8f8::10 8075 (MICROSOFT...)
2 2603:1027:1:1... 8075 (MICROSOFT...)
1 2620:1ec:bdf::45 8075 (MICROSOFT...)
7 199.53.21.190 3083 (CREDITSUI...)
10 3
1    2620:1ec:8fa::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
creditsuisseind.sharepoint.com
3    2620:1ec:8f8::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
creditsuisseind.sharepoint.com
2    2603:1027:1:158::a (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.microsoftonline.com
1    2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
aadcdn.msauth.net
7    199.53.21.190 (Switzerland)

ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH)
hub.credit-suisse.com
Apex Domain
Subdomains		 Transfer
7 credit-suisse.com
hub.credit-suisse.com
291 KB
4 sharepoint.com
creditsuisseind.sharepoint.com
5 KB
2 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 15
12 KB
1 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1194
48 KB
10 4
Domain Requested by
7 hub.credit-suisse.com hub.credit-suisse.com
4 creditsuisseind.sharepoint.com 4 redirects
2 login.microsoftonline.com aadcdn.msauth.net
1 aadcdn.msauth.net login.microsoftonline.com
10 4

This site contains no links.

Subject Issuer Validity Valid
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2023-08-25 -
2024-08-25		 a year crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA		 2023-07-29 -
2024-07-29		 a year crt.sh
hub-eu.credit-suisse.com
DigiCert QV TLS ICA G1		 2023-07-17 -
2024-07-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://hub.credit-suisse.com/idp/SSO.saml2
Frame ID: FA7F5BB42F0B63ED8412E96876C83AEC
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On

Page URL History Show full URLs

  1. http://creditsuisseind.sharepoint.com/ HTTP 301
    https://creditsuisseind.sharepoint.com/ HTTP 302
    https://creditsuisseind.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
    https://creditsuisseind.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%... HTTP 302
    https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2... Page URL
  2. https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2... Page URL
  3. https://hub.credit-suisse.com/idp/SSO.saml2 Page URL

Page Statistics

10
Requests

100 %
HTTPS

80 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

351 kB
Transfer

443 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://creditsuisseind.sharepoint.com/ HTTP 301
    https://creditsuisseind.sharepoint.com/ HTTP 302
    https://creditsuisseind.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
    https://creditsuisseind.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP 302
    https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43 Page URL
  2. https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43&sso_reload=true Page URL
  3. https://hub.credit-suisse.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://creditsuisseind.sharepoint.com/ HTTP 301
  • https://creditsuisseind.sharepoint.com/ HTTP 302
  • https://creditsuisseind.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F HTTP 302
  • https://creditsuisseind.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie HTTP 302
  • https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
authorize
login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/
Redirect Chain
  • http://creditsuisseind.sharepoint.com/
  • https://creditsuisseind.sharepoint.com/
  • https://creditsuisseind.sharepoint.com/_layouts/15/Authenticate.aspx?Source=%2F
  • https://creditsuisseind.sharepoint.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2f15%2fAuthenticate.aspx%3fSource%3d%252F&Source=cookie
  • https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20i...
20 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1027:1:158::a Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a1e9fe549fe1bb195d962bce8ebc38e821e4ff299edcd3a49be432f04c485dbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
8437
Content-Type
text/html; charset=utf-8
Date
Fri, 06 Oct 2023 20:10:21 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.16482.8 - NEULR1 ProdSlices
x-ms-request-id
0c669a18-f88f-450f-89ba-c569544c0200

Redirect headers

cache-control
no-cache, no-store
content-length
926
content-type
text/html; charset=utf-8
date
Fri, 06 Oct 2023 20:10:20 GMT
expires
-1
include-referred-token-binding-id
true
location
https://login.microsoftonline.com:443/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43
microsoftsharepointteamservices
16.0.0.24120
ms-cv
oOGMmjAQACCd0RtkaKQKQw.0
nel
{"report_to":"network-errors","max_age":7200,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
pragma
no-cache
report-to
{"group":"network-errors","max_age":7200,"endpoints":[{"url":"https://spo.nel.measure.office.net/api/report?tenantId=d0df3d96-c065-41c3-8c0b-5dcaa460ec33&destinationEndpoint=Edge-Prod-ZRHr4a&frontEnd=AFD"}]}
request-id
9a8ce1a0-1030-2000-9dd1-1b6468a40a43
spiislatency
1
sprequestduration
55
sprequestguid
9a8ce1a0-1030-2000-9dd1-1b6468a40a43
strict-transport-security
max-age=31536000
x-1dscollectorurl
https://mobile.events.data.microsoft.com/OneCollector/1.0/
x-ariacollectorurl
https://browser.pipe.aria.microsoft.com/Collector/3.0/
x-aspnet-version
4.0.30319
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-databoundary
NONE
x-ms-invokeapp
1; RequireReadOnly
x-msedge-ref
Ref A: CAF95BB5D72C4B89A6B514D98EA71C82 Ref B: ZRHEDGE1106 Ref C: 2023-10-06T20:10:20Z
x-networkstatistics
0,525568,0,0,750,0,27866
x-powered-by
ASP.NET
x-sharepointhealthscore
3
BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		136 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
002c2c1163e76cbf2e84d56cf869b76235038529893ebf30757cfe24b817cf03

Request headers

Referer
https://login.microsoftonline.com/
Origin
https://login.microsoftonline.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 06 Oct 2023 20:10:21 GMT
content-encoding
gzip
x-cache
TCP_HIT
content-length
48732
x-ms-lease-status
unlocked
last-modified
Thu, 31 Aug 2023 16:32:16 GMT
etag
0x8DBAA3FD69230F5
x-azure-ref
20231006T201021Z-8fye8cuw9x5e75378sr7u72wuc000000022000000002xvbd
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3b850444-701e-0020-4be6-f6a640000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
authorize
login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43&sso_reload=true
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_pOO34JFwD1EVcxt413xLZg2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2603:1027:1:158::a Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://login.microsoftonline.com/d0df3d96-c065-41c3-8c0b-5dcaa460ec33/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575%2D9C51A5901EFC912C69A87CB9B9FFA4C7013F58D1014395259944E071A77E8008&redirect%5Furi=https%3A%2F%2Fcreditsuisseind%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&domain%5Fhint=credit%2Dsuisse%2Ecom&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=9a8ce1a0%2D1030%2D2000%2D9dd1%2D1b6468a40a43
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
1255
Content-Type
text/html; charset=utf-8
Date
Fri, 06 Oct 2023 20:10:21 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
x-ms-ests-server
2.1.16482.8 - FRC ProdSlices
x-ms-request-id
e6e5fa7f-4299-4ef5-a490-2fefc88c0000
Primary Request SSO.saml2
hub.credit-suisse.com/idp/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
f7fdc88667c68df9b1a3c3547edceb26419942232c2c1fd0f2597ea60c08d905
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
4510
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Content-Type
text/html;charset=utf-8
Date
Fri, 06 Oct 2023 20:10:22 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
identifier-template.css
hub.credit-suisse.com/assets/usernameOtp/css/ 		3 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/css/identifier-template.css
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
ffd497b4b984b4d732565243d33ca10676c722a05476f3d8e5149a12080f1f3e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hub.credit-suisse.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
2821
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
cs-fonts.css
hub.credit-suisse.com/assets/usernameOtp/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
f527c8adbdc4bc621c5f2e9f7ca74dce56e2a5dec2bb1fdb403930b3f3925503
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hub.credit-suisse.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
1722
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
cslogo-mobile.png
hub.credit-suisse.com/assets/usernameOtp/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/img/cslogo-mobile.png
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
04935499116fb57d416b149d1c1681c28c762081d4c1746ea7b2a8d6b200970a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://hub.credit-suisse.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
1759
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
CreditSuisseHeadlineWeb-Regular.woff2
hub.credit-suisse.com/assets/usernameOtp/fonts/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/fonts/CreditSuisseHeadlineWeb-Regular.woff2
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
4b912569df938a49d5393f4597f1870daf139e0f03a17e4f04957557c13cef71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Origin
https://hub.credit-suisse.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
31784
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
CreditSuisseType-Bold.woff2
hub.credit-suisse.com/assets/usernameOtp/fonts/ 		89 KB
90 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/fonts/CreditSuisseType-Bold.woff2
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
a3fd3994284675f7a702d5d45731b2f68488e0ef14ae99d25d8bee239b6b7da6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Origin
https://hub.credit-suisse.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
91128
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
CreditSuisseType-Roman.woff
hub.credit-suisse.com/assets/usernameOtp/fonts/ 		155 KB
156 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hub.credit-suisse.com/assets/usernameOtp/fonts/CreditSuisseType-Roman.woff
Requested by
Host: hub.credit-suisse.com
URL: https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
199.53.21.190 , Switzerland, ASN3083 (CREDITSUISSEGROUP-AS Credit Suisse Group, CH),
Reverse DNS
Software
/
Resource Hash
cf66ca26d69fe5881d24807c48f08fc7302a076c8afc50b8197ba89f25a323a0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://hub.credit-suisse.com/assets/usernameOtp/css/cs-fonts.css
Origin
https://hub.credit-suisse.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date
Fri, 06 Oct 2023 20:10:22 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Last-Modified
Wed, 23 Feb 2022 14:49:56 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
158560
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline'

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showIdentifierInputBox function| removeIdentifier function| setFocus function| postOnReturn function| postOk function| selectIdentifier function| submitForm function| setMobile function| getScreenWidth object| bodyTag number| width

11 Cookies

Domain/Path Name / Value
creditsuisseind.sharepoint.com/ Name: nSGt-C056F249D44E6BE862CCD455E53F0E0424BF201FF69B3575
Value: gYEwNzAxMUYxOEI2OTlCQTUxQjg3RDM1NDYwOUI5NkI2NkJBRjVGQTFDNDIzMTU0REM0MEMwNTZGMjQ5RDQ0RTZCRTg2MkNDRDQ1NUU1M0YwRTA0MjRCRjIwMUZGNjlCMzU3NRIxMzM0MTA5Njg2MDgzMzA3ODIeY3JlZGl0c3Vpc3NlaW5kLnNoYXJlcG9pbnQuY29tJSMD/zK2DptrkohMtC7m86vBJXhEUtkUcsjDbPmRFfHdD7FZB6QLCTVfp8KJ+LeBwteTz0ZJfV69VyJ3dLhoyQVoyv7lBlVk45hn7C+M8FoFyrpCk4t5zuU4rJNEvUxYS5TrSa/KiiPnCrH9FSHWDJi66vC/61IvizYCp5tKi61kZy1sB6gNEBAKjINyw4zJURFZrXcTi4C7KQWAHsmDFnIft9lPvC1h3U59uoEMpLhDhz/4ZJHoQsGcnPBt6k3l8HQ6LLJrSgzdHXRMsbPfQzEMJFwPIuqYJXlH17GxgvNkZy9oHFM9XLtiBeqkMdkFJ5zjrbQCqdbMM+MqsDMtQ5YAAAA=
creditsuisseind.sharepoint.com/ Name: RpsContextCookie
Value: U291cmNlPSUyRiZQcmV2aW91c1JlcXVlc3RDb3JyZWxhdGlvbklkPTlhOGNlMWEwJTJEMTAzMCUyRDIwMDAlMkQ5ZGQxJTJEMWI2NDY4YTQwYTQzJlJldHVyblVybD0lMkYlNUZsYXlvdXRzJTJGMTUlMkZBdXRoZW50aWNhdGUlMkVhc3B4JTNGU291cmNlJTNEJTI1MkY=
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
.login.microsoftonline.com/ Name: AADSSO
Value: NA|NoExtension
login.microsoftonline.com/ Name: SSOCOOKIEPULLED
Value: 1
login.microsoftonline.com/ Name: buid
Value: 0.AQwAlj3f0GXAw0GMC13KpGDsMwMAAAAAAPEPzgAAAAAAAAAMAAA.AQABAAEAAAAtyolDObpQQ5VtlI4uGjEPLNU5mXvNATKyLvDeoGrPAh17rkbFx7M3e2JS7UAPuTO3ybd892CZm6_A6FfC0m-4S6lYeXjI2u2Jp9CAcFCejhbT-ymwgvfOmG9lgwz6SpogAA
login.microsoftonline.com/ Name: fpc
Value: AqLqk8yrBx1As-LC9egH3fr_XH5rAQAAAKxgstwOAAAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABAAEAAAAtyolDObpQQ5VtlI4uGjEPPLPpJO9rsGsp0kf-XJ7fhhNL-GgMSFXrRHyAPtelcZ6hP6xqzWtBU_TMzGgW0bqcXTFmIfUyNmQkosfIfGsf1srJecQM0mmDQkRMu4SZcC3gCgsinA3Kox2ae0MPjUJTJLV_ZsNRaI4lF8-jCq8rV3KWJU497gXcqiaNugtLJU4gAA
hub.credit-suisse.com/ Name: PF
Value: fC72HWieyTwePh6PRbo2YA
hub.credit-suisse.com/ Name: Navajo
Value: UuhyEZZRChy7qM0Ep99c8VcMevq9AqNE0ksU+aloWVMNcnxDhhH2PwZfGoiY1VcA42z27QC4NcE-

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0