aekbank.ch

HTML metadata

Technology

Server

nginx

Third-party hosts loaded (1)

• www.google.com×1

Social

• instagram
• facebook
• linkedin
• youtube

Contact

Phone

• +41332273100

DNS records live

NS

• dns1.swisscom.com
• dns2.swisscom.com
• dns3.swisscom.com

MX

• 10 mail.swisscom.com
• 20 mail10.swisscom.com
• 20 mail20.swisscom.com

TXT

Show 7 TXT records

• snp-domain-verification=ua7lYFX7Zhhim4jXIEsIcEEsPofzcmxg_tGupkIYxt0
• swisssign-check=WcwxmVVa46DiNEZ7Z3-SoIdBMZk
• mx-83f35d98262d2f4e
• swisssign-check=Emb0N2gzIRqDqEbOcXwrSYbNp9Q
• swisssign-check=oq3flyFHEQgereyuD3mvMVcqfFM
• swisssign-check=MlQVshpZqK1aRJ5tVba3OWQaCUw
• QuoVadis=dda4b733-92ca-44e9-9c2e-d624165ad745

Verified for

• Atlassian
• Google
• Microsoft 365

Email authentication partial

SPF

v=spf1 include:spf.swisscom.com include:spf.mailxpert.ch include:spf.webstyle.ch a:vmail.mironet.ch ip4:193.5.67.2 ip4:94.126.21.99 ip4:185.46.59.193 include:spf.mailjet.com ~all

softfail (~all)

DMARC

v=DMARC1; p=none; pct=100; rua=mailto:reports-rua@aekbank.ch; ruf=mailto:reports-ruf@aekbank.ch;

policy: none (monitoring only)

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.aekbank.ch/privatkunden

present

• strict-transport-security
• x-frame-options
• x-content-type-options
• referrer-policy

findings

• missing Content Security Policy
• missing Permissions Policy

Links to (5)

• youtube.com×1
• webfg.ch×1
• linkedin.com×1
• instagram.com×1
• facebook.com×1

Linked from (2)

• inferno.ch×1
• esprit-netzwerk.ch×1