urlscan.io logo urlscan.io
SecurityTrails logo

my.ca-autobank.es Open in urlscan Pro
151.88.109.178  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://my.ca-autobank.es/0.8130266323378783
Effective URL: https://my.ca-autobank.es/0.8130266323378783
Submission: On August 30 via api from US — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 5 countries across 5 domains to perform 24 HTTP transactions. The main IP is 151.88.109.178, located in Italy and belongs to FIAT-AS2, IT. The main domain is my.ca-autobank.es.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on November 7th 2023. Valid for: a year.
This is the only time my.ca-autobank.es was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 151.88.109.178 24771 (FIAT-AS2)
6 2.23.209.176 20940 (AKAMAI-ASN1)
6 23.60.198.68 16625 (AKAMAI-AS)
1 108.157.4.17 16509 (AMAZON-02)
3 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
1 104.17.24.14 13335 (CLOUDFLAR...)
24 7
6    151.88.109.178 (Italy)

ASN24771 (FIAT-AS2, IT)
my.ca-autobank.es
6    2.23.209.176 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-23-209-176.deploy.static.akamaitechnologies.com
api02-emea.fcagroup.com
6    23.60.198.68 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-60-198-68.deploy.static.akamaitechnologies.com
cdns.gigya.com
cdns.eu1.gigya.com
1    108.157.4.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-17.dus51.r.cloudfront.net
loginsap.ca-autobank.es
3    2a02:26f0:e300::211:9382 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
cookielaw.emea.fcagroup.com
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
9 fcagroup.com
api02-emea.fcagroup.com
cookielaw.emea.fcagroup.com — Cisco Umbrella Rank: 486886
9 KB
7 ca-autobank.es
my.ca-autobank.es
loginsap.ca-autobank.es
9 MB
6 gigya.com
cdns.gigya.com — Cisco Umbrella Rank: 18980
cdns.eu1.gigya.com — Cisco Umbrella Rank: 23200
177 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
28 KB
0 typekit.net Failed
use.typekit.net Failed
24 5
Domain Requested by
6 api02-emea.fcagroup.com my.ca-autobank.es
6 my.ca-autobank.es my.ca-autobank.es
5 cdns.eu1.gigya.com cdns.gigya.com
3 cookielaw.emea.fcagroup.com my.ca-autobank.es
cdnjs.cloudflare.com
1 cdnjs.cloudflare.com cookielaw.emea.fcagroup.com
1 loginsap.ca-autobank.es cdns.gigya.com
1 cdns.gigya.com my.ca-autobank.es
0 use.typekit.net Failed my.ca-autobank.es
24 8

This site contains no links.

Subject Issuer Validity Valid
my.ca-autobank.fr
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-07 -
2024-11-06		 a year crt.sh
www.fiat.com
R10		 2024-08-06 -
2024-11-04		 3 months crt.sh
cdns.gigya.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-25 -
2024-10-24		 a year crt.sh
loginsap.leasys.pl
Amazon RSA 2048 M03		 2023-11-06 -
2024-12-04		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://my.ca-autobank.es/0.8130266323378783
Frame ID: EA3B434C060A60F2B62084AEE48C8758
Requests: 18 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&version=latest&build=16174
Frame ID: 38891D4BF562E36603990949E70DF2FB
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Frame ID: 7A42C0EDC2D5E29465AD2362C9E61C38
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Frame ID: BED088BE022299341B8F721702114A74
Requests: 1 HTTP requests in this frame

Frame: https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatehtml?key=3212
Frame ID: 7675F4CF6A4EC8B5B3817A4FE6C85AB1
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Frame ID: 26C9B766DB1638BD5C2E2F5C23976B6A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

My CA Auto Bank

Page URL History Show full URLs

  1. http://my.ca-autobank.es/0.8130266323378783 HTTP 307
    https://my.ca-autobank.es/0.8130266323378783 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.gigya\.com/JS/gigya\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

96 %
HTTPS

17 %
IPv6

5
Domains

8
Subdomains

7
IPs

5
Countries

9201 kB
Transfer

9634 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://my.ca-autobank.es/0.8130266323378783 HTTP 307
    https://my.ca-autobank.es/0.8130266323378783 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 0.8130266323378783
my.ca-autobank.es/
Redirect Chain
  • http://my.ca-autobank.es/0.8130266323378783
  • https://my.ca-autobank.es/0.8130266323378783
706 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/0.8130266323378783
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
cb998d1dd65164f6b794b987bdc108c1a4c0df9e7bc3506e78339edb5c4a3b94
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
access-control-allow-origin
app://ca-autobank-cp
content-length
706
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
content-type
text/html
date
Fri, 30 Aug 2024 00:26:19 GMT
etag
"668d5026-2c2"
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
referrer-policy
origin
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Location
https://my.ca-autobank.es/0.8130266323378783
Non-Authoritative-Reason
HttpsUpgrades
runtime~main.afeec6e07597a557d85f.js
my.ca-autobank.es/ 		3 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/runtime~main.afeec6e07597a557d85f.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.8130266323378783
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
b38d1543e5b4f689e0f43ead9856c67e580c01416ea50014ec764607292c6904
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
etag
"668d5026-d21"
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
app://ca-autobank-cp
accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
content-length
3361
x-xss-protection
1; mode=block
vendor.43d649aaa0756bfdebf9.js
my.ca-autobank.es/ 		5 MB
5 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/vendor.43d649aaa0756bfdebf9.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.8130266323378783
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
cd03e0136e4d663f26f0568002a8f27394b67dc936aeb9e5a1b34585f567682b
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
etag
"668d5026-528d25"
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
app://ca-autobank-cp
accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
content-length
5410085
x-xss-protection
1; mode=block
main.b4463829d41211c97e30.js
my.ca-autobank.es/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/main.b4463829d41211c97e30.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.8130266323378783
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
afcdb8b3e0bce5cc5a8b710c81deb44da1d4b7c0a53c665d56d66ddce3ab31d6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
etag
"668d5026-399ae8"
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
app://ca-autobank-cp
accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
content-length
3775208
x-xss-protection
1; mode=block
xns0ovl.css
use.typekit.net/ 		0
0
courtesyPage
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/courtesyPage
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Fri, 30 Aug 2024 00:26:25 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.128.167
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.128.167
x-forwarded-for
146.70.128.167, 2.23.208.48
x-global-transaction-id
d8c38a5166d111b11e4b15f0
gigya.js
cdns.gigya.com/js/ 		537 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.b4463829d41211c97e30.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ddbf6bb3d588a21d0ca177fed6347633194c1587262c2ea7efb114f1c63a1fe9

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:25 GMT
content-encoding
gzip
x-soa
true, Gator
vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin
*
x-callid
8a1d7f32c81b422ab7964b304b3c8eab
content-type
text/javascript; charset=utf-8
cache-control
public, s-maxage=60
x-server
us1d-nomad-t19
x-error-code
0
x-robots-tag
none
content-length
178999
courtesyPage
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/ 		64 B
837 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/courtesyPage
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.43d649aaa0756bfdebf9.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
df82d31f556bdad8ed3f23df7705486a2f26a72b9c7f9394495afd6ab97fe471
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://my.ca-autobank.es/
x-lang
es
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg

Response headers

expires
0
x-burstlimit-remaining
name=burst-limit,299;
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
x-content-type-options
nosniff
date
Fri, 30 Aug 2024 00:26:25 GMT
content-encoding
gzip
x-global-transaction-id
d8c38a5166d111b116f58cd3
content-length
87
x-xss-protection
1
pragma
no-cache
x-frame-options
DENY
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://my.ca-autobank.es
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
x-ratelimit-limit
name=rate-limit-1,2000;
x-ratelimit-remaining
name=rate-limit-1,1986;
x-content-security-policy
default-src 'self'
footer
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/footer
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET,POST
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Fri, 30 Aug 2024 00:26:25 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.128.167
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.128.167
x-forwarded-for
146.70.128.167, 2.23.208.48
x-global-transaction-id
d8c38a5166d111b116f58d03
contacts
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/contacts
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET,PUT
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Fri, 30 Aug 2024 00:26:25 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.128.167
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.128.167
x-forwarded-for
146.70.128.167, 2.23.208.48
x-global-transaction-id
d8c38a5166d111b11e4b1660
103.7ac177163a076a05c594.chunk.js
my.ca-autobank.es/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/103.7ac177163a076a05c594.chunk.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/runtime~main.afeec6e07597a557d85f.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
4fb423a9501ccbad2f8d56d883b66db0c0776fa590ae798228bc55f1b5606c35
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
etag
"668d5026-b7b"
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
app://ca-autobank-cp
accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
content-length
2939
x-xss-protection
1; mode=block
footer
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/footer
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.43d649aaa0756bfdebf9.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
490c741bc925fd027630266e6a934659da6a47656dddf28d39c9b5654a180d46
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://my.ca-autobank.es/
x-lang
es
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg

Response headers

expires
0
x-burstlimit-remaining
name=burst-limit,297;
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
x-content-type-options
nosniff
date
Fri, 30 Aug 2024 00:26:25 GMT
content-encoding
gzip
x-global-transaction-id
d8c38a5166d111b11e4b16a0
content-length
526
x-xss-protection
1
pragma
no-cache
x-frame-options
DENY
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://my.ca-autobank.es
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
x-ratelimit-limit
name=rate-limit-1,2000;
x-ratelimit-remaining
name=rate-limit-1,1984;
x-content-security-policy
default-src 'self'
contacts
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/contacts
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.43d649aaa0756bfdebf9.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.23.209.176 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-23-209-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c9bc4f0c20383ad66115a3949621936fd00030380aa18abbafdca4ee73a87ad9
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://my.ca-autobank.es/
x-lang
es
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg

Response headers

expires
0
x-burstlimit-remaining
name=burst-limit,298;
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
x-content-type-options
nosniff
date
Fri, 30 Aug 2024 00:26:25 GMT
content-encoding
gzip
x-global-transaction-id
d8c38a5166d111b11e4b16d0
content-length
487
x-xss-protection
1
pragma
no-cache
x-frame-options
DENY
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://my.ca-autobank.es
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
x-ratelimit-limit
name=rate-limit-1,2000;
x-ratelimit-remaining
name=rate-limit-1,1985;
x-content-security-policy
default-src 'self'
truncated
/ 		247 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a5dd92f73c4040809ef6a8070b790e676cd24e92188624d13bbac56cfa8863f

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3955f2fc605ec08d35ac27e6982f7ff94a3de5500f4c66c15aa5e9decd151c1

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
sdk.config.get
cdns.eu1.gigya.com/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/sdk.config.get?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&httpStatusCodes=true
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3cfde129248b1b3c556e939587d11ca87862b5ec942fe7191630512de49ea64

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:25 GMT
content-encoding
gzip
x-soa
true, Gator
vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
access-control-allow-origin
*
x-callid
42e9a801236143c9906d68c880f122c8
content-type
text/javascript; charset=utf-8
cache-control
public, s-maxage=120, max-age=60
x-server
us1d-nomad-t9
accept-ranges
bytes
x-error-code
0
x-robots-tag
none
content-length
1902
6ba0ea5141ad3d2177b5.png
my.ca-autobank.es/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/6ba0ea5141ad3d2177b5.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.88.109.178 , Italy, ASN24771 (FIAT-AS2, IT),
Reverse DNS
Software
/
Resource Hash
5f472b96627af0806763a226c65429af36540a91b0bd3c3f73ddba79bc44a251
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
last-modified
Tue, 09 Jul 2024 14:58:46 GMT
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
etag
"668d5026-429"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
app://ca-autobank-cp
accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
content-length
1065
x-xss-protection
1; mode=block
Api.aspx
cdns.eu1.gigya.com/gs/webSdk/ Frame 3889 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&version=latest&build=16174
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
45007
content-type
text/html; charset=utf-8
date
Fri, 30 Aug 2024 00:26:26 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-callid
3bfaca3506814750b9212fb5308076dc
x-error-code
0
x-robots-tag
none
x-server
us1d-nomad-t2
x-soa
true, Gator
accounts.webSdkBootstrap
loginsap.ca-autobank.es/ 		199 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://loginsap.ca-autobank.es/accounts.webSdkBootstrap?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&pageURL=https%3A%2F%2Fmy.ca-autobank.es%2F0.8130266323378783&sdk=js_latest&sdkBuild=16174&format=json
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-17.dus51.r.cloudfront.net
Software
/
Resource Hash
ff39f24e534feed59be86947b22f17182aa662152ab81a4b2659b81829211878

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:26 GMT
content-encoding
gzip
via
1.1 5db4f6b1c04035a37ba6548e89b362be.cloudfront.net (CloudFront)
x-soa
true, Gator
x-amz-cf-pop
DUS51-P2
x-cache
Miss from cloudfront
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code
0
content-length
174
access-control-max-age
86400
access-control-allow-methods
GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
content-type
text/javascript; charset=utf-8
access-control-allow-origin
https://my.ca-autobank.es
x-callid
9fca4eb950654ca9b196df625b8f49ef
cache-control
private
access-control-allow-credentials
true
x-server
eu1b-nomad-t8
vary
Origin, Accept-Encoding
x-robots-tag
none
x-amz-cf-id
K1JqlqyvYs2iKUgQn2qw2ZK8OCtyA-9UCz6GUUFyspYE5CkKoU6q1A==
generatecss
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ 		0
256 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatecss?key=3212
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.b4463829d41211c97e30.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300::211:9382 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-permitted-cross-domain-policies
none
date
Fri, 30 Aug 2024 00:26:27 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
content-length
20
x-xss-protection
1; mode=block
generatejs
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatejs?key=3212
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.b4463829d41211c97e30.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300::211:9382 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
57046872f68d2277c8449b4186f0f679ee024ed921aaf825a66f3f59476f606e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
Apache
x-permitted-cross-domain-policies
none
date
Fri, 30 Aug 2024 00:26:27 GMT
vary
Accept-Encoding
content-type
application/x-javascript;charset=UTF-8
access-control-allow-origin
*
content-length
5172
x-xss-protection
1; mode=block
sso.htm
cdns.eu1.gigya.com/gs/ Frame 7A42 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
33406
content-type
text/html; charset=utf-8
date
Fri, 30 Aug 2024 00:26:27 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-callid
b0786068586871e53bc464997d50ea3a
x-error-code
0
x-robots-tag
none
x-server
us1d-nomad-t5
x-soa
true, Gator
sso.htm
cdns.eu1.gigya.com/gs/ Frame BED0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
33406
content-type
text/html; charset=utf-8
date
Fri, 30 Aug 2024 00:26:27 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
vary
Accept-Encoding
x-callid
b0786068586871e53bc464997d50ea3a
x-error-code
0
x-robots-tag
none
x-server
us1d-nomad-t5
x-soa
true, Gator
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 		86 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: cookielaw.emea.fcagroup.com
URL: https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatejs?key=3212
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://my.ca-autobank.es/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Fri, 30 Aug 2024 00:26:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
624353
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27748
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15851"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vdpZITNc8pwhiqUBf%2FEFsHprd2t3KeXRraeerAZnuPnKWtArBiyXKC%2FgdbVMqZEvlZ4fO%2BM8VJ4oghD5%2FGltBBJg9xic5v%2BiQWlc87ktiqF0BR8CNwo6uuGMvvCbzj1x3HqIb942"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8bb0a6425e0acc6f-MAD
expires
Wed, 20 Aug 2025 00:26:27 GMT
generatehtml
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ Frame 7675 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatehtml?key=3212
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300::211:9382 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
177796
content-type
text/html;charset=UTF-8
date
Fri, 30 Aug 2024 00:26:27 GMT
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
sso.htm
cdns.eu1.gigya.com/gs/ Frame 26C9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16174
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.60.198.68 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-60-198-68.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
33406
content-type
text/html; charset=utf-8
date
Fri, 30 Aug 2024 00:26:27 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
vary
Accept-Encoding
x-callid
b0786068586871e53bc464997d50ea3a
x-error-code
0
x-robots-tag
none
x-server
us1d-nomad-t5
x-soa
true, Gator

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
use.typekit.net
URL
https://use.typekit.net/xns0ovl.css

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| webpackChunkfcab_customerportal_fcab_fe function| clearImmediate function| setImmediate object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ object| d3 object| gigyaClient object| fcabCordova object| CustomerPortal function| gtag object| dataLayer function| ga object| gigya function| manageReferrer object| jq function| manageQueryParams function| getQueryParam function| manageQueryParamsCrawler function| manageQueryParamsCarConfigurator function| clearCookies function| getCookieOpenModal function| openCookiePolicyModal function| proceed function| Actions function| $ function| jQuery

9 Cookies

Domain/Path Name / Value
.my.ca-autobank.es/ Name: gig_canary
Value: false
.my.ca-autobank.es/ Name: gig_canary_ver
Value: 16174-3-28749630
.cdns.eu1.gigya.com/ Name: apiDomain_4_OSWB3AaRbeRh-iYS5B9RZA
Value: loginsap.ca-autobank.es
.loginsap.ca-autobank.es/ Name: gmid
Value: gmid.ver4.AtLtY7oBjA.hJqtAqT3pZtdTs2K9pMWfpJWfDjrzrjcYpGvRHZaQ2YsZIp1G_5DtOlcgY3kcWlA.gsZOEq2RKQ4L0FGl4-x9U4LeO5E9jln2TixCqrpJgTy_OeSl6Uh9AD8xUuwZKinWmAEvgg1WYH1SISKzxYDJMA.sc3
.loginsap.ca-autobank.es/ Name: ucid
Value: qh-QCxzqrEe8ZXvxjT-80w
.loginsap.ca-autobank.es/ Name: hasGmid
Value: ver4
.ca-autobank.es/ Name: gig_bootstrap_4_dbUvCYCGZHbSzI_VIuqZIg
Value: loginsap_ver4
.cdns.eu1.gigya.com/ Name: gig_canary_4_OSWB3AaRbeRh-iYS5B9RZA_eu
Value: false
.cdns.eu1.gigya.com/ Name: gig_canary_ver_4_OSWB3AaRbeRh-iYS5B9RZA_eu
Value: 16174-3-28749630

1 Console Messages

Source Level URL
Text
security error URL: https://my.ca-autobank.es/0.8130266323378783
Message:
Refused to load the stylesheet 'https://use.typekit.net/xns0ovl.css' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api02-emea.fcagroup.com
cdnjs.cloudflare.com
cdns.eu1.gigya.com
cdns.gigya.com
cookielaw.emea.fcagroup.com
loginsap.ca-autobank.es
my.ca-autobank.es
use.typekit.net
use.typekit.net
104.17.24.14
108.157.4.17
151.88.109.178
2.23.209.176
23.60.198.68
2a02:26f0:e300::211:9382
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
490c741bc925fd027630266e6a934659da6a47656dddf28d39c9b5654a180d46
4fb423a9501ccbad2f8d56d883b66db0c0776fa590ae798228bc55f1b5606c35
57046872f68d2277c8449b4186f0f679ee024ed921aaf825a66f3f59476f606e
5f472b96627af0806763a226c65429af36540a91b0bd3c3f73ddba79bc44a251
6a5dd92f73c4040809ef6a8070b790e676cd24e92188624d13bbac56cfa8863f
afcdb8b3e0bce5cc5a8b710c81deb44da1d4b7c0a53c665d56d66ddce3ab31d6
b38d1543e5b4f689e0f43ead9856c67e580c01416ea50014ec764607292c6904
c9bc4f0c20383ad66115a3949621936fd00030380aa18abbafdca4ee73a87ad9
cb998d1dd65164f6b794b987bdc108c1a4c0df9e7bc3506e78339edb5c4a3b94
cd03e0136e4d663f26f0568002a8f27394b67dc936aeb9e5a1b34585f567682b
ddbf6bb3d588a21d0ca177fed6347633194c1587262c2ea7efb114f1c63a1fe9
df82d31f556bdad8ed3f23df7705486a2f26a72b9c7f9394495afd6ab97fe471
e3955f2fc605ec08d35ac27e6982f7ff94a3de5500f4c66c15aa5e9decd151c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cfde129248b1b3c556e939587d11ca87862b5ec942fe7191630512de49ea64
ff39f24e534feed59be86947b22f17182aa662152ab81a4b2659b81829211878