urlscan.io logo urlscan.io
SecurityTrails logo

securemail.start-bausparkasse.at Open in urlscan Pro
20.105.165.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://securemail.start-bausparkasse.at/
Effective URL: https://securemail.start-bausparkasse.at/login.xhtml
Submission Tags: @phish_report
Submission: On June 26 via api from FI — Scanned from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 20.105.165.93, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is securemail.start-bausparkasse.at.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 25th 2024. Valid for: a year.
This is the only time securemail.start-bausparkasse.at was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 17 20.105.165.93 8075 (MICROSOFT...)
16 1
Apex Domain
Subdomains		 Transfer
17 start-bausparkasse.at
securemail.start-bausparkasse.at
2 MB
16 1
Domain Requested by
17 securemail.start-bausparkasse.at 1 redirects securemail.start-bausparkasse.at
16 1

This site contains links to these domains. Also see Links.

Domain
www.start-bausparkasse.at
www.zertificon.com
Subject Issuer Validity Valid
securemail.start-bausparkasse.at
Entrust Certification Authority - L1K		 2024-06-25 -
2025-07-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://securemail.start-bausparkasse.at/login.xhtml
Frame ID: 60176418A247E078F637EB1E0863E4AB
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

start:bausparkasse Z1 Messenger

Page URL History Show full URLs

  1. http://securemail.start-bausparkasse.at/ HTTP 307
    https://securemail.start-bausparkasse.at/ HTTP 302
    https://securemail.start-bausparkasse.at/login.xhtml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2244 kB
Transfer

2238 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://securemail.start-bausparkasse.at/ HTTP 307
    https://securemail.start-bausparkasse.at/ HTTP 302
    https://securemail.start-bausparkasse.at/login.xhtml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.xhtml
securemail.start-bausparkasse.at/
Redirect Chain
  • http://securemail.start-bausparkasse.at/
  • https://securemail.start-bausparkasse.at/
  • https://securemail.start-bausparkasse.at/login.xhtml
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
66a6658a4ddc54668229618a9483e0bd7560d9a50b457437ad6d8db946eb148d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-AT,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache;no-store;must-revalidate;max-age=31536000000
content-encoding
gzip
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
content-type
text/html;charset=UTF-8
date
Wed, 26 Jun 2024 00:12:53 GMT
expires
Sat, 14 Jun 2025 14:54:09 +0200
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
pragma
no-cache
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=94608000; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

content-length
0
date
Wed, 26 Jun 2024 00:12:53 GMT
location
https://securemail.start-bausparkasse.at/login.xhtml
strict-transport-security
max-age=94608000; includeSubDomains
x-frame-options
SAMEORIGIN
zso_app.css
securemail.start-bausparkasse.at/resources/css/ 		224 KB
225 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/zso_app.css?582957437
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
688ea8d24744cdfb8a5010de55ad0b6a69520b18ee2f1b470c105e222a82d88d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:53 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 09 Aug 2023 12:16:38 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"229878-1691583398000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
229878
fake-file-input.css
securemail.start-bausparkasse.at/resources/css/ 		687 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/fake-file-input.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
be5d5054ef8b0f961a4ef369d49d68cc7bb3f1d37037001372fb93cf301cb9ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"687-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
687
screen.css
securemail.start-bausparkasse.at/resources/css/ 		16 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/screen.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0db1dbf0907388a376ed006f72cf99b948462df6325b4aff88a8fd2755144778
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"16722-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
16722
mobile.css
securemail.start-bausparkasse.at/resources/css/ 		11 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/mobile.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
627eab113d69afed562868726bc72f10fee0d6b91f87f1d2de89b238751d12ad
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"11586-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
11586
icon-font.css
securemail.start-bausparkasse.at/resources/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/icon-font.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2583c0b5d2993bedb24a1c4aea2dd4d27ca1f667dd0ba915adabad116d470d4f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"1790-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
1790
custom.css
securemail.start-bausparkasse.at/resources/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/custom.css?582957437
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
151c79ae01e6959c6668a76d9f73a92075a7d846e19f65159a322fb26a396898
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 09 Aug 2023 12:16:35 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"3809-1691583395000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
3809
cookieconsent.min.css
securemail.start-bausparkasse.at/resources/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/cookieconsent.min.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d349061cecfd45d285dd432decedcea246e0fe0cef3b8d13d339c8e1ac289fb0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"3952-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
3952
print.css
securemail.start-bausparkasse.at/resources/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/css/print.css?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ce245aa2a18aa200ae1ec104baa42ab43ab3af9685a211dcba5f269a4c9199d0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"1066-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/css
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
1066
main.js
securemail.start-bausparkasse.at/resources/js/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/js/main.js?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5f82ae24631efd4af07f9363ffc8b50e0ac1d21d8493ea7bbfb926f05308619f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:34:12 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"1890322-1715837652000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
1890322
bootstrap-2.1.1.min.js
securemail.start-bausparkasse.at/resources/js/ 		25 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/js/bootstrap-2.1.1.min.js?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3249835afb40ef4538cd4155505f477705c7c91e7119d275779a09623da7a98d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:53 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"25653-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
25653
jsf.js.xhtml
securemail.start-bausparkasse.at/javax.faces.resource/ 		74 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/javax.faces.resource/jsf.js.xhtml?ln=javax.faces
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2d31128dae6bd785676145cde2aece1e1d0d7c3f9bdbf61c08bae3ff8e9531ca
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Fri, 14 Jun 2024 12:54:11 GMT
strict-transport-security
max-age=94608000; includeSubDomains
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
cache-control
max-age=604800
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
logo.png
securemail.start-bausparkasse.at/resources/img/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securemail.start-bausparkasse.at/resources/img/logo.png?582957437
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
03abbef9bc5d1791ec3d228dfbeca80ebf9178eea04c89c3d68efc9710e30e87
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 09 Aug 2023 12:16:34 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"8380-1691583394000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
image/png
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
8380
powered_by_zertificon.png
securemail.start-bausparkasse.at/resources/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securemail.start-bausparkasse.at/resources/img/powered_by_zertificon.png?3.22.2
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/login.xhtml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4ed662a5e80ac610a83cb5dfe767ffdf008b9199e8b75fadb73ff15fb6293a87
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"7902-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
image/png
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
7902
de.js
securemail.start-bausparkasse.at/resources/js/tinymce/langs/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/js/tinymce/langs/de.js
Requested by
Host: securemail.start-bausparkasse.at
URL: https://securemail.start-bausparkasse.at/resources/js/main.js?3.22.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2294786706ba92035ada47548bc25f134e0720595256611d70e7083d7a763580
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 16 May 2024 05:30:36 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"6355-1715837436000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
application/javascript
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
6355
favicon.ico
securemail.start-bausparkasse.at/resources/img/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://securemail.start-bausparkasse.at/resources/img/favicon.ico?582957437
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.105.165.93 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
62307dc1eb758f606ba9f90990775c8b8b34ef3529c0733fd26f1e24c45829fb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://securemail.start-bausparkasse.at/login.xhtml
Accept-Language
de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 00:12:54 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 09 Aug 2023 12:16:34 GMT
strict-transport-security
max-age=94608000; includeSubDomains
etag
W/"1150-1691583394000"
x-frame-options
SAMEORIGIN
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
image/x-icon
permissions-policy
camera=(), geolocation=(), gyroscope=(), microphone=()
accept-ranges
bytes
content-length
1150

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| checkEmailInForm object| cookieconsent object| tinymce object| tinyMCE function| jQuery function| $ object| jsb function| communicatePositionAndSize function| initLogoutListener function| handleMobileMenu function| reloadContainer function| getUrlVars function| getUrlVar object| resourceBundleProvider number| mce-data-1i18u6o52 object| myfaces object| jsf string| _PFX_UTIL string| _PFX_CORE string| _PFX_XHR string| _PFX_I18N function| _MF_CLS function| _MF_SINGLTN function| _MF_OBJECT

2 Cookies

Domain/Path Name / Value
securemail.start-bausparkasse.at/ Name: JSESSIONID
Value: 08122A7359FE7C0440F1A0069B3E0401
securemail.start-bausparkasse.at/ Name: oam.Flash.RENDERMAP.TOKEN
Value: -4fhwp8lx5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src * data:
Strict-Transport-Security max-age=94608000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN