preprod.eholiday.fr Open in urlscan Pro
2001:8d8:100f:f000::2d8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://aquapureplus.pk/14/
Effective URL:
https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/...
Submission Tags: 6194827
Submission: On September 12 via api (September 12th 2019, 8:30:23 am UTC) from US

Summary HTTP 31 Redirects Links 29 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 31 HTTP transactions. The main IP is 2001:8d8:100f:f000::2d8, located in Germany and belongs to ONEANDONE-AS Brauerstrasse 48, DE. The main domain is preprod.eholiday.fr.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on October 7th 2018. Valid for: a year.

This is the only time preprod.eholiday.fr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	173.254.251.250 173.254.251.250	8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC)
4	2001:8d8:100f... 2001:8d8:100f:f000::2d8	8560 (ONEANDONE...) (ONEANDONE-AS Brauerstrasse 48)
10	159.50.188.20 159.50.188.20	25215 (BNP-PARIB...) (BNP-PARIBAS France)
1	2a02:26f0:6c0... 2a02:26f0:6c00:183::39e4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
31	5

1 173.254.251.250 (Dallas, United States)

ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US)
PTR: srv34.hosterpk.com

aquapureplus.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:8d8:100f:f000::2d8 (Germany)

ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE)

preprod.eholiday.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 159.50.188.20 (France)

ASN25215 (BNP-PARIBAS France, FR)
PTR: oidc.bnpparibas.net

mabanque.bnpparibas	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:183::39e4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

collect.dcrm.bnpparibas.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	mabanque.bnpparibas mabanque.bnpparibas	710 KB
4	eholiday.fr preprod.eholiday.fr	16 KB
1	bnpparibas.fr collect.dcrm.bnpparibas.fr
1	aquapureplus.pk aquapureplus.pk	431 B
31	4

	Domain	Requested by
10	mabanque.bnpparibas	preprod.eholiday.fr
4	preprod.eholiday.fr	aquapureplus.pk preprod.eholiday.fr
1	collect.dcrm.bnpparibas.fr	preprod.eholiday.fr
1	aquapureplus.pk
31	4

This site contains links to these domains. Also see Links.

Domain
mabanque.bnpparibas
mabanqueprivee.bnpparibas
mabanquepro.bnpparibas
entreprises.bnpparibas.fr
associations.bnpparibas.fr
www.hellobank.fr

Subject Issuer	Validity	Valid
aquapureplus.pk cPanel, Inc. Certification Authority	`2019-08-02` - `2019-10-31`	3 months	crt.sh
*.eholiday.fr Encryption Everywhere DV TLS CA - G1	`2018-10-07` - `2019-10-07`	a year	crt.sh
mabanque.bnpparibas Entrust Certification Authority - L1M	`2018-01-08` - `2020-01-08`	2 years	crt.sh
bnp02b.bnpparibas.com DigiCert SHA2 Secure Server CA	`2019-07-09` - `2020-10-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Frame ID: 79D9B5368E06C589F99BE5403A3130A4
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://aquapureplus.pk/14/ Page URL
https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/n... Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

31
Requests

52 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

726 kB
Transfer

4515 kB
Size

0
Cookies

29 Outgoing links

These are links going to different origins than the main page.

URL: https://mabanque.bnpparibas/fr/Accueil-part-fr
Title: Particuliers

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/priority
Title: Priority

Search URL Search Domain Scan URL

URL: https://mabanqueprivee.bnpparibas/fr/a-la-une-bpf
Title: Banque privée

Search URL Search Domain Scan URL

URL: https://mabanquepro.bnpparibas/fr/a-la-une-pro
Title: Professionnels

Search URL Search Domain Scan URL

URL: http://entreprises.bnpparibas.fr/
Title: Entreprises

Search URL Search Domain Scan URL

URL: http://associations.bnpparibas.fr/
Title: Associations

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/en/home
Title: EN

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/
Title: BNP Paribas La banque d'un monde qui change

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/connexion
Title: Accéder à mes comptes

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/nous-contacter/devenir-client-bnp-paribas
Title: Ouvrir un compte

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/notre-offre-pro/comptes-cartes-et-services/devenir-client-ouvrir-un-compte/ouvrir-un-compte-bancaire
Title: Devenir client

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/connexion
Title: Recherche

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/nous-contacter/nous-contacter

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/nous-contacter/nous-trouver/trouver-une-agence

Search URL Search Domain Scan URL

URL: http://mabanque.bnpparibas/le-mag/

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/ma-banque-et-moi/nos-applications

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/charte-et-rapport-de-la-mediation-bancaire-bnp-paribas
Title: Charte et rapport de la médiation bancaire BNP Paribas

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/mentions-legales
Title: Mentions légales

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/cookies
Title: Cookies

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/reglementation
Title: Réglementation

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/reglementation/fonds-de-garantie-des-depots-et-de-resolution
Title: Fonds de Garantie des Dépôts et résolution

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/ma-banque-et-moi/la-banque-d-un-monde-qui-change
Title: La banque d'un monde qui change

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/ma-banque-et-moi/engagements-responsables
Title: Nos engagements responsables

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/politique-de-selection-etablie-par-bnp-paribas
Title: Politique de sélection établie par BNP Paribas

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/fr/engagement-chartes-et-conventions/site-securise
Title: Site Sécurisé

Search URL Search Domain Scan URL

URL: https://mabanque.bnpparibas/le-mag/plan-de-site
Title: Plan du Mag'

Search URL Search Domain Scan URL

URL: https://mabanquepro.bnpparibas/
Title: Les Professionnels

Search URL Search Domain Scan URL

URL: https://mabanqueprivee.bnpparibas/
Title: La Banque privée

Search URL Search Domain Scan URL

URL: https://www.hellobank.fr/
Title: La banque en ligne

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://aquapureplus.pk/14/ Page URL
https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
aquapureplus.pk/14/ 347 B
431 B 408ms
135ms Document
text/html 173.254.251.250
QuadraNet Enterpr...

General

Check archive.org

Show headers Download Go to

Full URL: https://aquapureplus.pk/14/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 173.254.251.250 Dallas, United States, ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US),
Reverse DNS: srv34.hosterpk.com
Software: LiteSpeed /
Resource Hash: d66c40ce672846a15e8d29f15170f5e5c47aba39198783014fd1d5df955979a2

Request headers

:method: GET
:authority: aquapureplus.pk
:scheme: https
:path: /14/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
content-length: 268
content-encoding: gzip
date: Thu, 12 Sep 2019 08:30:07 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000

GET
H2 200 Primary Request / Show response
preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAv... 30 KB
9 KB 102ms
79ms Document
text/html 2001:8d8:100f:f000::2d8
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Requested by: Host: aquapureplus.pk
URL: https://aquapureplus.pk/14/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::2d8 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.22
Resource Hash: a7c10485e26487f02b5d33f4610391e101cdbdc4faa2c91cb7779c4928eb1688

Request headers

:method: GET
:authority: preprod.eholiday.fr
:scheme: https
:path: /service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://aquapureplus.pk/14/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Referer: https://aquapureplus.pk/14/

Response headers

status: 200
content-type: text/html; charset=UTF-8
date: Thu, 12 Sep 2019 08:30:07 GMT
server: Apache
x-powered-by: PHP/7.2.22
content-encoding: gzip

GET
H/1.1 200
OK context.css
mabanque.bnpparibas/rsc/sys/css/menu/ 903 B
2 KB 156ms
30ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/sys/css/menu/context.css

Requested by

Host: preprod.eholiday.fr
URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

949dc3a675cae0cc35786df17d17096b106a7295f480fa41fcf66f0b7039218a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
vary: Referer
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
content-length: 903
X-XSS-Protection: 1; mode=block
last-modified: Thu, 21 May 2015 15:55:05 GMT
etag: "387-51699912ce840"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET
H/1.1 200
OK mediaelementplayer.min.css
mabanque.bnpparibas/rsc/sys/css/player/ 10 KB
4 KB 152ms
25ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/sys/css/player/mediaelementplayer.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

1a2c0603e8ba42c388ce99053ec229e2afb93edfb04f9f953839754c4cafc56f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:30:03 GMT
content-encoding: gzip
vary: Referer
Transfer-Encoding: chunked
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
X-XSS-Protection: 1; mode=block
last-modified: Thu, 21 May 2015 15:55:06 GMT
etag: "28ab-51699913c2a80"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:45:03 GMT

GET
H/1.1 200
OK sitefactory.css
mabanque.bnpparibas/rsc/sys/css/ 356 B
2 KB 154ms
26ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/sys/css/sitefactory.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

a7895576046e7003a4f792d219b3c8189eceef020b8ae54b99c4253ee3a782aa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:30:03 GMT
vary: Referer
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
content-length: 356
X-XSS-Protection: 1; mode=block
last-modified: Thu, 21 May 2015 15:55:06 GMT
etag: "164-51699913c2a80"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:45:03 GMT

GET
H/1.1 200
OK base.css
mabanque.bnpparibas/rsc/contrib/css/particuliers/ 4 MB
602 KB 155ms
25ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/contrib/css/particuliers/base.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

903c1939b522b0c40c355723b891b905a3914e67517c4fa2670d0869749f98f7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:30:02 GMT
content-encoding: gzip
vary: Referer
Transfer-Encoding: chunked
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
X-XSS-Protection: 1; mode=block
last-modified: Tue, 27 Aug 2019 20:15:39 GMT
etag: "40e13e-5911eefa270c0"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:45:02 GMT

GET
H/1.1 200
OK fix.css
mabanque.bnpparibas/rsc/contrib/css/particuliers/ 81 KB
22 KB 160ms
30ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/contrib/css/particuliers/fix.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

465cd0b38fc45e05e91cecedeb6ec8b184cdb63dc97b2d9af77d1513467dfe8c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
content-encoding: gzip
vary: Referer
Transfer-Encoding: chunked
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
X-XSS-Protection: 1; mode=block
last-modified: Tue, 10 Sep 2019 20:42:54 GMT
etag: "14335-59238f2ddcf80"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET
H/1.1 200
OK templates.css
mabanque.bnpparibas/rsc/contrib/css/nbo/ 210 KB
49 KB 156ms
27ms Stylesheet
text/css 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to

Full URL

https://mabanque.bnpparibas/rsc/contrib/css/nbo/templates.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

a57e2c9bcafe9c9420fa9e1b5450d93da2a67b698e6739c002963c1f9b9b87a0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:30:07 GMT
content-encoding: gzip
vary: Referer
Transfer-Encoding: chunked
p3p: CP="NON CUR OTPi OUR NOR UNI"
AND: Reach-V
X-XSS-Protection: 1; mode=block
last-modified: Mon, 30 Apr 2018 12:26:58 GMT
etag: "3491a-56b0ff84c8880"
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
content-type: text/css
cache-control: max-age=900
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
accept-ranges: bytes
access-control-allow-headers: Content-Type
expires: Thu, 12 Sep 2019 08:45:07 GMT

GET
H/1.1 200
OK session.js Show response
collect.dcrm.bnpparibas.fr/9296/handler9/ 0
0 28ms
9ms Script
text/html 2a02:26f0:6c00:183::39e4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://collect.dcrm.bnpparibas.fr/9296/handler9/session.js?se=x3731552_1491345592664_1491345579655_9296&di=null_2&sj=BDDFCSA&aP=_14913456036460.06358314983025848_&bd=true&si=false&aM=_14913456036460.06358314983025848_&aO=-1&tz=53bf8971e7ed4174b56e6ff86c8c430e&vb=3&wa=8.0%3A15188&aW=_14913455757910.5785028206465258_&bu=true&cf=Acc%C3%A9der%20%C3%A0%20mes%20comptes%20en%20ligne%20%7C%20BNP%20Paribas&az=usy46gabsosd%3DBDDFCSA__3731552_1491345592664_1491345579655_9296%3B%20BDDFCSAuvt%3D882f9d41bb38455099bb3d1ab52397ff_1491345579655_3731552_1491345579655_1%3B%20BDDFCSADBID%3Dnull_2%3B%20userInformation%3Dsuspect%3B%20europolicy%3Dno-set%3B%20distributorid%3Dsitefactory%3B%20axes%3Dfr%7Cweb%7Cworld%7Cpub%7Cweb%7C117338af58364b9da66d02c30d27959e%7C%3B%20wcm_referer%3Dwww.google.fr%2F%3B%20LSinstance%3Dprod_ls_a2_s1-CNET%3B%20WE_LS%3Drd1o00000000000000000000ffff0aff90aco8081%3B%20nxt%3D3428651786.36895.0000%3B%20TS1fcaeb%3D03d53362c6b6b0d67bcf94de0e908624aeb367bc1fcf1b4e58e4209c442b9b978b8744040f95b0c55e7567d6633192e9280e9ea99c0726df239f6bad09bbc2cecc112d2f55353ab9cf1158aa14c5e384a24e28e0c6a968814adf287999e4fce6d89a9fd92183b971a18871ec%3B%20connected%3Dfalse%3B%20WT_FPC%3Did%3Deb90ca05-730c-4697-a1e3-5bb92e0ab311%3Alv%3D1491349201494%3Ass%3D1491349171850%3B%20APinstance%3Dprod_ap_a1_s2%3B%20WE_APm%3DMTAuMjU1LjE0NC4xODIlMQ%3D%3D%3B%20BDDFCSAkey%3D53bf8971e7ed4174b56e6ff86c8c430e%3B%20&ar=https%3A%2F%2Fmabanque.bnpparibas%2F&au=https%3A%2F%2Fmabanque.bnpparibas%2Ffr%2Fconnexion
Requested by: Host: preprod.eholiday.fr
URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:183::39e4 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 404 identification.js
preprod.eholiday.fr/static/identification-htmlpl/1.1.2/app/ 0
0 137ms
136ms Script
text/html 2001:8d8:100f:f000::2d8
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://preprod.eholiday.fr/static/identification-htmlpl/1.1.2/app/identification.js
Requested by: Host: preprod.eholiday.fr
URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::2d8 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.22
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 404
date: Thu, 12 Sep 2019 08:30:07 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
x-powered-by: PHP/7.2.22
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK logo-bnpp.png
mabanque.bnpparibas/rsc/contrib/image/generique/ 5 KB
6 KB 22ms
21ms Image
image/png 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mabanque.bnpparibas/rsc/contrib/image/generique/logo-bnpp.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

310be02c30e9bdb846328d10d61d43013ccc26304439883f96544fc576c76a6c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://mabanque.bnpparibas/rsc/contrib/css/particuliers/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
last-modified: Thu, 06 Jun 2019 20:24:25 GMT
etag: "13cb-58aad7fffd040"
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
p3p: CP="NON CUR OTPi OUR NOR UNI"
cache-control: max-age=900
AND: Reach-V
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Content-Type
content-length: 5067
X-XSS-Protection: 1; mode=block
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET
H/1.1 200
OK sprite-header.png
mabanque.bnpparibas/rsc/contrib/image/generique/ 10 KB
11 KB 23ms
23ms Image
image/png 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mabanque.bnpparibas/rsc/contrib/image/generique/sprite-header.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

cb7e58a5a13ebe53dd05272703ba47132b65aa33d29b373d33de116cb82fdb21

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://mabanque.bnpparibas/rsc/contrib/css/particuliers/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
last-modified: Tue, 22 Dec 2015 13:31:18 GMT
etag: "294b-5277c9ed8f580"
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
p3p: CP="NON CUR OTPi OUR NOR UNI"
cache-control: max-age=900
AND: Reach-V
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Content-Type
content-length: 10571
X-XSS-Protection: 1; mode=block
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET
H/1.1 200
OK icon-print.png
mabanque.bnpparibas/rsc/contrib/image/generique/ 686 B
2 KB 23ms
23ms Image
image/png 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mabanque.bnpparibas/rsc/contrib/image/generique/icon-print.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

9be4e951e7efa7691ff602cae10e1ac266533e70cdbb521c5e9effd692ec0be2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://mabanque.bnpparibas/rsc/contrib/css/particuliers/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
last-modified: Wed, 16 Sep 2015 16:00:25 GMT
etag: "2ae-51fdf6585f840"
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
p3p: CP="NON CUR OTPi OUR NOR UNI"
cache-control: max-age=900
AND: Reach-V
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Content-Type
content-length: 686
X-XSS-Protection: 1; mode=block
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET bnpp_sans-webfont.woff2
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_type_regular_v2-webfont.woff2
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET
H/1.1 200
OK sprite-form.png
mabanque.bnpparibas/rsc/contrib/image/generique/ 8 KB
9 KB 23ms
23ms Image
image/png 159.50.188.20
BNP-PARIBAS France

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mabanque.bnpparibas/rsc/contrib/image/generique/sprite-form.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.50.188.20 , France, ASN25215 (BNP-PARIBAS France, FR),

Reverse DNS

oidc.bnpparibas.net

Software

Resource Hash

6c5d6811eac74f21a4130472bf1e806350f0ea9ee3a293d06aa7cddadd47c1a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr .entreprises.bnpparibas.net .protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net .parrainage.bnpparibas bddf.biapi.pro .bnpparibas
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://mabanque.bnpparibas/rsc/contrib/css/particuliers/base.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:29:55 GMT
last-modified: Thu, 16 Jun 2016 09:31:26 GMT
etag: "20cc-53561e6edd780"
Content-Security-Policy: frame-ancestors 'self' eer.bnpparibas eermb.mosaic.fr *.entreprises.bnpparibas.net *.protection24.com lemag.bnpparibas lemagwealth.bnpparibas lemagpro.bnpparibas prisme.facil-iti.net *.parrainage.bnpparibas bddf.biapi.pro *.bnpparibas
Strict-Transport-Security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, OPTIONS
p3p: CP="NON CUR OTPi OUR NOR UNI"
cache-control: max-age=900
AND: Reach-V
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Content-Type
content-length: 8396
X-XSS-Protection: 1; mode=block
expires: Thu, 12 Sep 2019 08:44:55 GMT

GET
H2 200 numbers.jpg
preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAv... 6 KB
6 KB 29ms
29ms Image
image/jpeg 2001:8d8:100f:f000::2d8
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/img/numbers.jpg
Requested by: Host: preprod.eholiday.fr
URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::2d8 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache /
Resource Hash: 48bc431cdb3680505d9be9a98da89384600fa20c507386f54dac097588d32196

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 12 Sep 2019 08:30:08 GMT
last-modified: Mon, 09 Sep 2019 14:03:47 GMT
server: Apache
etag: "18da-5921f41b85ecb"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 6362

GET bnpp_sans_cond_light_v2-webfont.woff2
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET
H2 404 identification.js
preprod.eholiday.fr/static/identification-htmlpl/1.1.2/app/ 0
0 133ms
133ms Script
text/html 2001:8d8:100f:f000::2d8
ONEANDONE-AS Brau...

General

Check archive.org

Show headers Download Go to

Full URL: https://preprod.eholiday.fr/static/identification-htmlpl/1.1.2/app/identification.js
Requested by: Host: preprod.eholiday.fr
URL: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2001:8d8:100f:f000::2d8 , Germany, ASN8560 (ONEANDONE-AS Brauerstrasse 48, DE),
Reverse DNS
Software: Apache / PHP/7.2.22
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://preprod.eholiday.fr/service/assistancetechnique/login.cfm-2640/gobackpanelbnp/soiyerlebienvenu/nouveau/groupebnp/fr/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3V2LmZyL21vbnByb2ZpbC13ZWJhcHAvbW9uQ29tcHRl/LoginMDPop=c&url=aHR0cHM6Ly9jZnNwYXJ0LmltcG90cy5nb3/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 404
date: Thu, 12 Sep 2019 08:30:08 GMT
cache-control: no-cache, private
server: Apache
content-encoding: gzip
x-powered-by: PHP/7.2.22
content-type: text/html; charset=UTF-8

GET bnpp_sans-webfont.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_type_regular_v2-webfont.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_sans_cond_light_v2-webfont.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_type_regular_v2-webfont.ttf
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_sans_cond_light_v2-webfont.ttf
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_sans-webfont-webfont.woff2
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET iconbnp.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_type_bold_v2-webfont.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_sans-webfont-webfont.woff
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET iconbnp.ttf
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_type_bold_v2-webfont.ttf
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

GET bnpp_sans-webfont-webfont.ttf
mabanque.bnpparibas/rsc/contrib/css/fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans-webfont.woff2

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_type_regular_v2-webfont.woff2

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans_cond_light_v2-webfont.woff2

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans-webfont.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_type_regular_v2-webfont.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans_cond_light_v2-webfont.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_type_regular_v2-webfont.ttf

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans_cond_light_v2-webfont.ttf

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans-webfont-webfont.woff2

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/iconbnp.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_type_bold_v2-webfont.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans-webfont-webfont.woff

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/iconbnp.ttf

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_type_bold_v2-webfont.ttf

Domain: mabanque.bnpparibas
URL: https://mabanque.bnpparibas/rsc/contrib/css/fonts/bnpp_sans-webfont-webfont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| pswdclick function| sendfile

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aquapureplus.pk
collect.dcrm.bnpparibas.fr
mabanque.bnpparibas
preprod.eholiday.fr
mabanque.bnpparibas
159.50.188.20
173.254.251.250
2001:8d8:100f:f000::2d8
2a02:26f0:6c00:183::39e4
1a2c0603e8ba42c388ce99053ec229e2afb93edfb04f9f953839754c4cafc56f
310be02c30e9bdb846328d10d61d43013ccc26304439883f96544fc576c76a6c
465cd0b38fc45e05e91cecedeb6ec8b184cdb63dc97b2d9af77d1513467dfe8c
48bc431cdb3680505d9be9a98da89384600fa20c507386f54dac097588d32196
6c5d6811eac74f21a4130472bf1e806350f0ea9ee3a293d06aa7cddadd47c1a8
903c1939b522b0c40c355723b891b905a3914e67517c4fa2670d0869749f98f7
949dc3a675cae0cc35786df17d17096b106a7295f480fa41fcf66f0b7039218a
9be4e951e7efa7691ff602cae10e1ac266533e70cdbb521c5e9effd692ec0be2
a57e2c9bcafe9c9420fa9e1b5450d93da2a67b698e6739c002963c1f9b9b87a0
a7895576046e7003a4f792d219b3c8189eceef020b8ae54b99c4253ee3a782aa
a7c10485e26487f02b5d33f4610391e101cdbdc4faa2c91cb7779c4928eb1688
cb7e58a5a13ebe53dd05272703ba47132b65aa33d29b373d33de116cb82fdb21
d66c40ce672846a15e8d29f15170f5e5c47aba39198783014fd1d5df955979a2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

preprod.eholiday.fr Open in urlscan Pro 2001:8d8:100f:f000::2d8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

52 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

4 Countries

726 kBTransfer

4515 kBSize

0 Cookies

29 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

preprod.eholiday.fr Open in urlscan Pro
2001:8d8:100f:f000::2d8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

52 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

726 kB
Transfer

4515 kB
Size

0
Cookies

31 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!