Submitted URL: https://fidpro.bpaca.banquepopulaire.fr/
Effective URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Submission: On February 16 via automatic, source certstream-suspicious

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 169.51.142.83, located in United States and belongs to SOFTLAYER, US. The main domain is fidpro.bpaca.banquepopulaire.fr.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 12th 2020. Valid for: 3 months.
This is the only time fidpro.bpaca.banquepopulaire.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 15 169.51.142.83 36351 (SOFTLAYER)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.224.196.93 16509 (AMAZON-02)
1 2600:1901:0:4... 15169 (GOOGLE)
4 107.178.240.159 15169 (GOOGLE)
20 5
Domain Requested by
15 fidpro.bpaca.banquepopulaire.fr 2 redirects fidpro.bpaca.banquepopulaire.fr
4 api-js.mixpanel.com cdn.mxpnl.com
1 cdn.mxpnl.com fidpro.bpaca.banquepopulaire.fr
1 js.chargebee.com fidpro.bpaca.banquepopulaire.fr
1 www.google-analytics.com fidpro.bpaca.banquepopulaire.fr
20 5

This site contains no links.

Subject Issuer Validity Valid
bpaca.izicap.com
Let's Encrypt Authority X3
2020-02-12 -
2020-05-12
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
js.chargebee.com
Amazon
2019-05-01 -
2020-06-01
a year crt.sh
*.mxpnl.com
RapidSSL RSA CA 2018
2019-07-29 -
2021-07-28
2 years crt.sh
*.mixpanel.com
RapidSSL RSA CA 2018
2018-01-11 -
2020-05-01
2 years crt.sh

This page contains 1 frames:

Primary Page: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Frame ID: 27F369E1EA64E58CE0E8C9672C464100
Requests: 20 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://fidpro.bpaca.banquepopulaire.fr/ HTTP 302
    https://fidpro.bpaca.banquepopulaire.fr/merchant HTTP 301
    http://fidpro.bpaca.banquepopulaire.fr/merchant/ HTTP 307
    https://fidpro.bpaca.banquepopulaire.fr/merchant/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

20
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

3997 kB
Transfer

4077 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fidpro.bpaca.banquepopulaire.fr/ HTTP 302
    https://fidpro.bpaca.banquepopulaire.fr/merchant HTTP 301
    http://fidpro.bpaca.banquepopulaire.fr/merchant/ HTTP 307
    https://fidpro.bpaca.banquepopulaire.fr/merchant/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
fidpro.bpaca.banquepopulaire.fr/merchant/
Redirect Chain
  • https://fidpro.bpaca.banquepopulaire.fr/
  • https://fidpro.bpaca.banquepopulaire.fr/merchant
  • http://fidpro.bpaca.banquepopulaire.fr/merchant/
  • https://fidpro.bpaca.banquepopulaire.fr/merchant/
6 KB
6 KB
Document
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
080ec8b65591d89d29b29b86d8d7d65a2cbc01a1a8fafa409a288266c21cc917
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Host
fidpro.bpaca.banquepopulaire.fr
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
JSESSIONID=1CFE270B2DDD96F018CC87BB774DC885-n1; XSRF-TOKEN=768ccf20-7a02-45b5-87ce-5c8dad43f3f5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Server
nginx/1.12.2
Date
Sun, 16 Feb 2020 00:46:29 GMT
Content-Type
text/html
Content-Length
5737
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
ETag
"5e386dfc-1669"
Strict-Transport-Security
max-age=500
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
X-XSS-Protection
1
X-Content-Type-Options
nosniff
Accept-Ranges
bytes

Redirect headers

Location
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Non-Authoritative-Reason
HSTS
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
778
date
Sun, 16 Feb 2020 00:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Sun, 16 Feb 2020 02:33:32 GMT
vendor-fa95b36b22.css
fidpro.bpaca.banquepopulaire.fr/merchant/styles/
156 KB
156 KB
Stylesheet
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/vendor-fa95b36b22.css
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
d4eda6b4d11e8644d0f56eafbf1fbe9e1da33a120fa873b0ec4dced58022e3ed
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-26f78"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
text/css
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
159608
X-XSS-Protection
1
app-1365c8daa0.css
fidpro.bpaca.banquepopulaire.fr/merchant/styles/
362 KB
363 KB
Stylesheet
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/app-1365c8daa0.css
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
1e4c4a62903873f1702d1526cbbcfe7e5b7694e6b1f7dd54f0a25d58e0bf3ac8
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-5a9a7"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
text/css
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
371111
X-XSS-Protection
1
logologin.png
fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/
11 KB
11 KB
Image
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/logologin.png
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
ff76f3c1a50380c679e5c57e61846a285ce84964ba82fd2abdf8aa87e02d631f
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-2b8c"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
image/png
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
11148
X-XSS-Protection
1
vendor-70baf977ed.js
fidpro.bpaca.banquepopulaire.fr/merchant/scripts/
2 MB
2 MB
Script
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
683171bf1c721021bccdefff3f98fab3fb66f2235345c91944e28920d7963170
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-19135d"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/javascript
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
1643357
X-XSS-Protection
1
app-63ba7aadf2.js
fidpro.bpaca.banquepopulaire.fr/merchant/scripts/
862 KB
863 KB
Script
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/app-63ba7aadf2.js
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
d55daf236276e77ce28dc48b1ed8c500caa55709db9499d9c39492a931d20943
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-d7964"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/javascript
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
883044
X-XSS-Protection
1
chargebee.js
js.chargebee.com/v1/
15 KB
5 KB
Script
General
Full URL
https://js.chargebee.com/v1/chargebee.js
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.93 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-196-93.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
28ec1e98bda00aad1cfec6e4e7826d416273842fe9666249d433ed1e1e3e94db
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
yuubfkJ79EC3cJOvGHY_H8APVDh8188_
content-encoding
gzip
last-modified
Fri, 31 Jan 2020 11:21:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
date
Sun, 16 Feb 2020 00:46:31 GMT
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=300,public
strict-transport-security
max-age=300; includeSubdomains; preload
x-amz-cf-id
LT4_I5Q-_xGs0eugD7UYuk6tExPBA1CMs3IQKLDgoPTCsI7_uwZA1A==
via
1.1 2ec3090d74e200e4acdb2780da3c3c44.cloudfront.net (CloudFront)
mixpanel-2-latest.min.js
cdn.mxpnl.com/libs/
72 KB
24 KB
Script
General
Full URL
https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1901:0:498c:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
51b93d3a0f08a7a996cd669bae8b086be6a590d49f18406716c495f8f339a5aa

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Sat, 15 Feb 2020 22:57:08 GMT
content-encoding
gzip
age
6562
status
200
x-guploader-uploadid
AEnB2UoOuvrLIejwox2NHvI23AXL8-d7hM3VHY7pB3A8plApCuaJGwo7hyA5iYUAEL-qQJ7xBTVk1d_QiJGLCVFDuhHCJgNJxA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
24310
last-modified
Wed, 05 Feb 2020 00:17:19 GMT
server
UploadServer
etag
"77f71aec224927ea65e55fb94c97632f"
vary
Accept-Encoding
x-goog-hash
crc32c=d/v9hw==, md5=d/ca7CJJJ+pl5V+5TJdjLw==
content-language
en
access-control-allow-origin
*
x-goog-generation
1580861839915277
cache-control
public,max-age=86400
x-goog-stored-content-length
24310
accept-ranges
bytes
content-type
text/javascript
expires
Sun, 16 Feb 2020 22:57:08 GMT
ubuntu-regular-webfont.woff2
fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/
98 KB
98 KB
Font
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/ubuntu-regular-webfont.woff2
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
f7e0e712af758b773507319918ccb258fe8a4f3f6bc209df9950f2eeb7e6bcf6
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/vendor-fa95b36b22.css
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-18704"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/octet-stream
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
100100
X-XSS-Protection
1
/
api-js.mixpanel.com/decide/
65 B
143 B
XHR
General
Full URL
https://api-js.mixpanel.com/decide/?verbose=1&version=1&lib=web&token=d3a7e5be2739f102b96098fb9ca968f5&ip=1&_=1581813990180
Requested by
Host: cdn.mxpnl.com
URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.240.159 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.240.178.107.bc.googleusercontent.com
Software
gunicorn/19.9.0 /
Resource Hash
5fcb16854bcf34558fc9100ea313b2f61a3394ca23e65719553f09c902b2476e

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 16 Feb 2020 00:46:30 GMT
via
1.1 google
server
gunicorn/19.9.0
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://fidpro.bpaca.banquepopulaire.fr
cache-control
no-cache, no-store
access-control-allow-credentials
true
alt-svc
clear
/
api-js.mixpanel.com/track/
1 B
333 B
XHR
General
Full URL
https://api-js.mixpanel.com/track/?ip=1&_=1581813990183
Requested by
Host: cdn.mxpnl.com
URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.240.159 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.240.178.107.bc.googleusercontent.com
Software
envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 16 Feb 2020 00:46:30 GMT
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://fidpro.bpaca.banquepopulaire.fr
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
clear
content-length
1
merchant
fidpro.bpaca.banquepopulaire.fr/rest/
15 B
179 B
XHR
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/rest/merchant
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
Apache-Coyote/1.1 /
Resource Hash
a7b0a8ed2a3470ab193ecf68c24332802768ec05cc4b319f6ee0d40cda00ef79

Request headers

Accept
application/json, text/plain, */*
Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Sec-Fetch-Dest
empty
X-XSRF-TOKEN
768ccf20-7a02-45b5-87ce-5c8dad43f3f5
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
Server
Apache-Coyote/1.1
Content-Length
15
Content-Type
application/json;charset=ISO-8859-1
fa-light-300.woff2
fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/
65 KB
66 KB
Font
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/fa-light-300.woff2
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/app-1365c8daa0.css
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-10540"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/octet-stream
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
66880
X-XSS-Protection
1
ubuntu-bold-webfont.woff2
fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/
83 KB
83 KB
Font
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/ubuntu-bold-webfont.woff2
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
b1ef14a9a44009e9329bc92d524b7cfe6e0b85603a112b5f7ab3de4fe160d1f2
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/vendor-fa95b36b22.css
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-14c68"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/octet-stream
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
85096
X-XSS-Protection
1
/
api-js.mixpanel.com/track/
1 B
74 B
XHR
General
Full URL
https://api-js.mixpanel.com/track/?ip=1&_=1581813990709
Requested by
Host: cdn.mxpnl.com
URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.240.159 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.240.178.107.bc.googleusercontent.com
Software
envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 16 Feb 2020 00:46:30 GMT
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://fidpro.bpaca.banquepopulaire.fr
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
15
alt-svc
clear
content-length
1
logobar.png
fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/
601 KB
601 KB
Image
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/logobar.png
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
5e17e296f5c3aafb9dcb3a3e9ed2107155565c73bd7fe62a18ded0f6d8cda7ca
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-96421"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
image/png
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
615457
X-XSS-Protection
1
footerLogo.png
fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/
7 KB
8 KB
Image
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/app/whitelabel/images/footerLogo.png
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
d02dc79ae438cffda4852ed4cc8c49b6120737f8a4c668237437ade8eb3e3585
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-1ddb"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
image/png
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
7643
X-XSS-Protection
1
ubuntu-medium-webfont.woff2
fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/
89 KB
89 KB
Font
General
Full URL
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/fonts/ubuntu-medium-webfont.woff2
Requested by
Host: fidpro.bpaca.banquepopulaire.fr
URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
169.51.142.83 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
53.8e.33a9.ip4.static.sl-reverse.com
Software
nginx/1.12.2 /
Resource Hash
7e4f10c92ace1f240bd96ea48f2d0b43ffd455b95d11805426da42535ab9d536
Security Headers
Name Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/styles/vendor-fa95b36b22.css
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 16 Feb 2020 00:46:30 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 03 Feb 2020 19:01:16 GMT
Server
nginx/1.12.2
ETag
"5e386dfc-1627c"
X-Frame-Options
ALLOW-FROM https://pci.twiing.com/
Content-Type
application/octet-stream
Strict-Transport-Security
max-age=500
Accept-Ranges
bytes
Content-Length
90748
X-XSS-Protection
1
/
api-js.mixpanel.com/track/
1 B
72 B
XHR
General
Full URL
https://api-js.mixpanel.com/track/?ip=1&_=1581813990732
Requested by
Host: cdn.mxpnl.com
URL: https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.240.159 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.240.178.107.bc.googleusercontent.com
Software
envoy /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

Referer
https://fidpro.bpaca.banquepopulaire.fr/merchant/
Origin
https://fidpro.bpaca.banquepopulaire.fr
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sun, 16 Feb 2020 00:46:30 GMT
via
1.1 google
server
envoy
access-control-allow-headers
X-Requested-With
status
200
access-control-max-age
1728000
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://fidpro.bpaca.banquepopulaire.fr
access-control-expose-headers
X-MP-CE-Backoff
cache-control
no-cache, no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
alt-svc
clear
content-length
1

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| google_tag_data function| ga object| gaplugins string| i18n_lang string| mpid object| mixpanel function| uiUploader function| stripHtmlToText function| getDomFromHtml function| validElementString function| registerTextAngularTool string| textAngularVersion object| _browserDetect object| BLOCKELEMENTS object| LISTELEMENTS object| VALIDELEMENTS object| sheet function| addCSSRule function| removeCSSRule function| _addCSSRule function| _removeCSSRule function| _getRuleIndex object| _sheets boolean| dropFired object| textAngular object| taTools function| $ function| jQuery object| angular object| @uirouter/angularjs function| moment object| d3 object| c3 string| angularCreditCards object| rangy object| returnExportsGlobal function| Mark function| SimpleMDE function| marked object| AOS function| CguDao object| ChargeBee

3 Cookies

Domain/Path Name / Value
.banquepopulaire.fr/ Name: mp_d3a7e5be2739f102b96098fb9ca968f5_mixpanel
Value: %7B%22distinct_id%22%3A%20%221704b760322a76-05ce4c17129cfa-37647e03-1d4c00-1704b760323db6%22%2C%22%24device_id%22%3A%20%221704b760322a76-05ce4c17129cfa-37647e03-1d4c00-1704b760323db6%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
fidpro.bpaca.banquepopulaire.fr/ Name: XSRF-TOKEN
Value: 768ccf20-7a02-45b5-87ce-5c8dad43f3f5
fidpro.bpaca.banquepopulaire.fr/ Name: JSESSIONID
Value: 1CFE270B2DDD96F018CC87BB774DC885-n1

3 Console Messages

Source Level URL
Text
console-api log URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/app-63ba7aadf2.js(Line 7)
Message:
Found shop identifier: undefined
console-api warning URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/vendor-70baf977ed.js(Line 33)
Message:
pascalprecht.translate.$translateSanitization: No sanitization strategy has been configured. This can have serious security implications. See http://angular-translate.github.io/docs/#/guide/19_security for details.
console-api log URL: https://fidpro.bpaca.banquepopulaire.fr/merchant/scripts/app-63ba7aadf2.js(Line 1)
Message:
saved referer /overview/dashboard

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=500
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://pci.twiing.com/
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-js.mixpanel.com
cdn.mxpnl.com
fidpro.bpaca.banquepopulaire.fr
js.chargebee.com
www.google-analytics.com
107.178.240.159
13.224.196.93
169.51.142.83
2600:1901:0:498c::
2a00:1450:4001:806::200e
080ec8b65591d89d29b29b86d8d7d65a2cbc01a1a8fafa409a288266c21cc917
08c5812dd025af3149b80ecb972803b280476bebb5e9f02416e6f007a04de8b4
1e4c4a62903873f1702d1526cbbcfe7e5b7694e6b1f7dd54f0a25d58e0bf3ac8
28ec1e98bda00aad1cfec6e4e7826d416273842fe9666249d433ed1e1e3e94db
51b93d3a0f08a7a996cd669bae8b086be6a590d49f18406716c495f8f339a5aa
5e17e296f5c3aafb9dcb3a3e9ed2107155565c73bd7fe62a18ded0f6d8cda7ca
5fcb16854bcf34558fc9100ea313b2f61a3394ca23e65719553f09c902b2476e
683171bf1c721021bccdefff3f98fab3fb66f2235345c91944e28920d7963170
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7e4f10c92ace1f240bd96ea48f2d0b43ffd455b95d11805426da42535ab9d536
a7b0a8ed2a3470ab193ecf68c24332802768ec05cc4b319f6ee0d40cda00ef79
b1ef14a9a44009e9329bc92d524b7cfe6e0b85603a112b5f7ab3de4fe160d1f2
d02dc79ae438cffda4852ed4cc8c49b6120737f8a4c668237437ade8eb3e3585
d4eda6b4d11e8644d0f56eafbf1fbe9e1da33a120fa873b0ec4dced58022e3ed
d55daf236276e77ce28dc48b1ed8c500caa55709db9499d9c39492a931d20943
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f7e0e712af758b773507319918ccb258fe8a4f3f6bc209df9950f2eeb7e6bcf6
ff76f3c1a50380c679e5c57e61846a285ce84964ba82fd2abdf8aa87e02d631f