indexo.dev

vpbank.com

.com crawl

First seen 2026-05-28 · Last seen 2026-05-31 · ok HTTP/1.1 200 1364 ms crawled 2026-05-31

CH · 193.222.70.149 · AS3303 Bluewin

Reputation 86/100 spf without fallback dmarc monitor-only

Classifying

HTML metadata

Title
VP Bank AG
Language
en
Canonical
https://www.vpbank.com/en
Translations
  • en ×7
  • de ×4

Open Graph

site name
VP Bank AG

Technology

Server
Apache
CMS
Drupal
Cookie consent
  • Usercentrics

Third-party hosts loaded (3)

  • app.usercentrics.eu×3
  • privacy-proxy.usercentrics.eu×3
  • api.usercentrics.eu×1

Contact

Email
Phone
Address
VP Bank LtdAeulestrasse 69490 VaduzLiechtenstein+423 235 66 55info.li@vpbank.comClearing No: 8805SWIFT: VPBVLI2X

Registration

Registrar
CSC Corporate Domains, Inc.
Created
1996-06-10
Expires
2026-06-09 8 days left
Updated
2026-05-19
Name servers
  • dns1.swisscom.com
  • dns2.swisscom.com
  • dns3.swisscom.com
  • ns1.ip-plus.net
  • ns2.ip-plus.net
  • ns213.scs-ns.net
  • ns214.scs-ns.net

DNS records live

NS
  • dns1.swisscom.com
  • dns2.swisscom.com
  • dns3.swisscom.com
  • ns1.ip-plus.net
  • ns2.ip-plus.net
  • ns213.scs-ns.net
  • ns214.scs-ns.net
MX
  • 10 mail.swisscom.com
  • 20 mail10.swisscom.com
  • 20 mail20.swisscom.com
TXT
Show 10 TXT records
  • verified-for-netlify=544881
  • swisssign-check=nl9eR6ktE3az7_7bGp7FiKr2bPU
  • _3satkdpuildo11j5ukmiua4acir9skj
  • swisssign-check=OZmqketaQxGAE5gT5Z96oxNF_Y8
  • deepl-domain-verification=81039bfd36374fbebc14e866b0a9c169
  • swisssign-check=KunSV6ev1Jf8MRN9mqbg91ZHgcE
  • swisssign-check=Qh4iiirPVLjnMvbB_bxvxwH5AKs
  • digicert-dcv=051dsc9y4lsh313wlzd0b74y8254mw2w
  • _qww1x4hfci1gdncyvj0notbrwbsvav1
  • foxit-domain-verification=bdbeacf01cd3d4891b6ab1247b1c54b7
Verified for
  • Cisco
  • Google
  • Microsoft 365

Email authentication weak

SPF
v=spf1 mx include:spf1.vpbank.com include:spf2.vpbank.com include:spf3.vpbank.com include:spf4.vpbank.com include:spf5.vpbank.com.
missing all
DMARC
v=DMARC1; p=none; pct=100; rua=mailto:reports-rua@vpbank.com; ruf=mailto:reports-ruf@vpbank.com
policy: none (monitoring only)
DKIM
  • k1: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbNrX2cY/GUKIFx2G/1I00ftdAj713WP9AQ1xir85i89sA2guU0ta4UX1Xzm06XIU6iBP41VwmPwBGRNofhBVR+e6WHUo…
selectors probed

Certificate (current)

SwissSign RSA TLS EV ICA 2022 - 1
from 2025-06-18 to 2026-06-18
Expires in 18 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 75/100 Checked live page: https://www.vpbank.com/en

present
  • strict-transport-security
  • content-security-policy
  • x-frame-options
  • x-content-type-options
findings
  • short HSTS max-age
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing Referrer Policy
  • missing Permissions Policy
Header values
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
content-security-policy
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.youtube.com *.usercentrics.eu *.rawgit.com *.google.com *.jsdelivr.net *.contentfry.com *.schedulr.ch *.vpbank-dev.com *.vpbank-stage.com *.vpbank.com *.facebook.net *.facebook.com *.googletagmanager.com *.google.com *.google.ch *.linkedin.com *.licdn.com *.oktopost.com *.okt.to okt.to *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com www.googleadservices.com cdn.jsdelivr.net unpkg.com; style-src 'self' 'unsafe-inline' data: *.googleapis.com *.usercentrics.eu cdn.jsdelivr.net unpkg.com; img-src 'self' about: blob: content: data: *.usercentrics.eu *.gstatic.com *.google.com *.newsletter2go.com *.ytimg.com *.vpbank-dev.com *.vpbank-stage.com *.vpbank.com *.facebook.net *.facebook.com *.googletagmanager.com *.google.com *.google.ch *.linkedin.com *.licdn.com *.oktopost.com *.okt.to *.bing.com *.bing.net *.doubleclick.net *.googleadservices.com www.googleadservices.com cdn.jsdelivr.net unpk
strict-transport-security
max-age=1000

Linked from (4)