Submitted URL: https://www.privatebanking.hsbc.ch/
Effective URL: https://www.privatebanking.hsbc.ch/login/
Submission: On January 27 via automatic, source rescanner — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 85.119.232.180, located in Switzerland and belongs to HSBCPRIVATE, CH. The main domain is www.privatebanking.hsbc.ch.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 12th 2021. Valid for: a year.
This is the only time www.privatebanking.hsbc.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 85.119.232.180 35240 (HSBCPRIVATE)
16 1
Apex Domain
Subdomains
Transfer
17 hsbc.ch
www.privatebanking.hsbc.ch
2 MB
16 1
Domain Requested by
17 www.privatebanking.hsbc.ch 1 redirects www.privatebanking.hsbc.ch
16 1

This site contains no links.

Subject Issuer Validity Valid
www.privatebanking.hsbc.ch
DigiCert SHA2 Extended Validation Server CA
2021-01-12 -
2022-02-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.privatebanking.hsbc.ch/login/
Frame ID: 4E610AA1EE1AD3504B5BE58FDF05DFEF
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

Global Private Banking User Registration and Login

Page URL History Show full URLs

  1. https://www.privatebanking.hsbc.ch/ HTTP 302
    https://www.privatebanking.hsbc.ch/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • require.*\.js

Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2308 kB
Transfer

5933 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.privatebanking.hsbc.ch/ HTTP 302
    https://www.privatebanking.hsbc.ch/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.privatebanking.hsbc.ch/login/
Redirect Chain
  • https://www.privatebanking.hsbc.ch/
  • https://www.privatebanking.hsbc.ch/login/
3 KB
2 KB
Document
General
Full URL
https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
8a7c36d1df03bd2840fcba38e590a330f9274ba234fecf7a69b7e902bab595bb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=16070400
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc sameorigin
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
X-Application-Context
application:swiss-prd:8443
Cache-Control
no-cache, no-store, must-revalidate max-age=43200
Pragma
no-cache
Expires
0 Fri, 28 Jan 2022 01:21:15 GMT
Vary
DECRYPTED,Accept-Encoding
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Content-Type-Options
nosniff
Content-Language
en-US
Content-Type
text/html
S
LASDIG01CH-RPX
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Keep-Alive
timeout=30, max=97
Connection
Keep-Alive
Content-Encoding
gzip
Transfer-Encoding
chunked

Redirect headers

Date
Thu, 27 Jan 2022 13:20:54 GMT
Strict-Transport-Security
max-age=16070400
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
Location
https://www.privatebanking.hsbc.ch/login/
Keep-Alive
timeout=30, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked
main.94fa4b64.chunk.css
www.privatebanking.hsbc.ch/login/static/css/
839 KB
540 KB
Stylesheet
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
51b0f7074723bb5a9a82232ae6ee76867adceb93896f47d37b3dadfb620e5ddb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/css
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=96
Expires
Thu, 03 Feb 2022 13:21:15 GMT
polyfill.min.js
www.privatebanking.hsbc.ch/login/
60 KB
14 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/polyfill.min.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
496a22da189e2238d1384446f9b73917483842dc8f7f1a620ad51d8257524a23
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:30 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=98
Expires
Thu, 03 Feb 2022 13:21:15 GMT
require.js
www.privatebanking.hsbc.ch/login/transmit/
92 KB
32 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/transmit/require.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
81cdec1a891075d177c50bec6c5caf61006bcfb5e637f078d5527ad8c12fe745
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:30 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=98
Expires
Thu, 03 Feb 2022 13:21:15 GMT
jquery.min.js
www.privatebanking.hsbc.ch/login/transmit/
233 KB
63 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/transmit/jquery.min.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
c739de69f2817d902e7a9db97d9f2fe621bfecc846ea4735c23f64508d5acec5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:30 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=98
Expires
Thu, 03 Feb 2022 13:21:15 GMT
2.81f832dc.chunk.js
www.privatebanking.hsbc.ch/login/static/js/
671 KB
274 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/js/2.81f832dc.chunk.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
2e5a15277a5465dd9faf2ffa6be519406ef9ec4af027eeebd33dcccacf1fecad
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=98
Expires
Thu, 03 Feb 2022 13:21:15 GMT
main.1f302a70.chunk.js
www.privatebanking.hsbc.ch/login/static/js/
2 MB
561 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/js/main.1f302a70.chunk.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
40f35d642ac4e34ac309f3fa4199e8ae9207012e8bbdf98df57e776c0158fd24
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=98
Expires
Thu, 03 Feb 2022 13:21:15 GMT
HSBC_Logo_White.43a62bb4.svg
www.privatebanking.hsbc.ch/login/static/media/
1 KB
2 KB
Image
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/HSBC_Logo_White.43a62bb4.svg
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
def5fd4bbec042d93d5a20bfa23bfd77cdf31da461d8cda0860d9c4fec2bc4a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
image/svg+xml
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=97
Expires
Fri, 28 Jan 2022 01:21:15 GMT
hsbc_logo_rev.9c300722.svg
www.privatebanking.hsbc.ch/login/static/media/
4 KB
5 KB
Image
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/hsbc_logo_rev.9c300722.svg
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
038549f3dfb2004dedae57fc253e7fa23de2ab5f65ff02138259168cfe68439a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
image/svg+xml
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=97
Expires
Fri, 28 Jan 2022 01:21:15 GMT
background_kaleido_dt.d361f5d5.png
www.privatebanking.hsbc.ch/login/static/media/
313 KB
315 KB
Image
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/background_kaleido_dt.d361f5d5.png
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
1f213dfdfa41b10fed11a7a2b70c8e28c5cf2c68f2491151e7929ca29f1f8a32
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
image/png
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=2592000
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=97
Expires
Sat, 26 Feb 2022 13:21:15 GMT
UniversNextforHSBCW02-Bd.d20ee030.woff
www.privatebanking.hsbc.ch/login/static/media/
26 KB
27 KB
Font
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/UniversNextforHSBCW02-Bd.d20ee030.woff
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
fcde2205b026d2f4e66a0aae307a3128caa94358ed7c77582de207e227b071bf
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Referer
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Origin
https://www.privatebanking.hsbc.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/plain
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=97
Expires
Fri, 28 Jan 2022 01:21:15 GMT
UniversNextforHSBCW02-Th.2ae28bcb.woff
www.privatebanking.hsbc.ch/login/static/media/
26 KB
27 KB
Font
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/UniversNextforHSBCW02-Th.2ae28bcb.woff
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
56f49cb70e74e91e7fe2aeea423eeb8a529dec83000908b63d0992f10990866c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Referer
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Origin
https://www.privatebanking.hsbc.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/plain
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=97
Expires
Fri, 28 Jan 2022 01:21:15 GMT
UniversNextforHSBCW02-Rg.e69fa571.woff
www.privatebanking.hsbc.ch/login/static/media/
27 KB
28 KB
Font
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/UniversNextforHSBCW02-Rg.e69fa571.woff
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
3e744b8733eda45744e593918f6a569c3928d3dd554516f55ce5fe7bca683dce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Referer
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Origin
https://www.privatebanking.hsbc.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/plain
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=95
Expires
Fri, 28 Jan 2022 01:21:15 GMT
UniversNextforHSBCW02-Lt.933aa8bc.woff
www.privatebanking.hsbc.ch/login/static/media/
26 KB
27 KB
Font
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/UniversNextforHSBCW02-Lt.933aa8bc.woff
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
e0c76653cfdda393f9f31f35526f1b7fb8e4217a5f596cfecce423f1aa9621bd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Referer
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Origin
https://www.privatebanking.hsbc.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:15 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/plain
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=96
Expires
Fri, 28 Jan 2022 01:21:15 GMT
icons.0ab54153.woff2
www.privatebanking.hsbc.ch/login/static/media/
39 KB
40 KB
Font
General
Full URL
https://www.privatebanking.hsbc.ch/login/static/media/icons.0ab54153.woff2
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
a12fd41c86a59b4dff636fd500fe325f78e65e9fe867d4cc5961dda45af4034d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Referer
https://www.privatebanking.hsbc.ch/login/static/css/main.94fa4b64.chunk.css
Origin
https://www.privatebanking.hsbc.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:54 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
text/plain
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=43200
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=94
Expires
Fri, 28 Jan 2022 01:21:16 GMT
xmsdk.js
www.privatebanking.hsbc.ch/login/transmit/
2 MB
351 KB
Script
General
Full URL
https://www.privatebanking.hsbc.ch/login/transmit/xmsdk.js
Requested by
Host: www.privatebanking.hsbc.ch
URL: https://www.privatebanking.hsbc.ch/login/transmit/require.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
85.119.232.180 , Switzerland, ASN35240 (HSBCPRIVATE, CH),
Reverse DNS
Software
/
Resource Hash
900e7cb428b945e44aafeb43cc7b3945cbabc285311a2f260d770e7e6c9338ca
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.privatebanking.hsbc.ch/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date
Thu, 27 Jan 2022 13:21:16 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
Vary
DECRYPTED,Accept-Encoding
X-Application-Context
application:swiss-prd:8443
Last-Modified
Wed, 01 Dec 2021 06:29:30 GMT
X-Frame-Options
ALLOW-FROM https://privatebanking.ch.hsbc, sameorigin
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400
Content-Language
en-US
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://xat-hsbcprivatebank-netxinvestor.bnymellon.com/c/portal/saml2new/acs
Cache-Control
max-age=604800
Content-Security-Policy
frame-ancestors 'self' https://privatebanking.ch.hsbc
S
LASDIG01CH-RPX
Keep-Alive
timeout=30, max=95
Expires
Thu, 03 Feb 2022 13:21:16 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| requirejs function| require function| define function| $ function| jQuery object| utag_data object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime object| environments object| currentEnvironment function| _ object| tealiumHub object| globalHistory object| com object| aesjs object| elliptic function| sha256 function| sha224 object| base64js object| __XMSDK_PLUGINS object| transmitSDK

1 Cookies

Domain/Path Name / Value
.www.privatebanking.hsbc.ch/ Name: TS01a59cd6
Value: 0168d6d9607ed6d3460b35bee28b684de7769b5d555d48233329132fe290fef544fa3d20bb244299c671c4482aa3dae94103c22ae0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://privatebanking.ch.hsbc
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=16070400
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://privatebanking.ch.hsbc sameorigin