api-leroymerlin.click2buy.com Open in urlscan Pro
91.134.128.131  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set sign_in Show response api-leroymerlin.click2buy.com/users/	4 KB 3 KB	225ms 76ms	Document text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash 3f8da022de2b0c532e99a1169f94ee90be15cdedf4fcf4559233bf2be3a4a435 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Host api-leroymerlin.click2buy.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx Date Mon, 11 Jan 2021 10:21:55 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none Referrer-Policy strict-origin-when-cross-origin ETag W/"3f8da022de2b0c532e99a1169f94ee90" Cache-Control max-age=0, private, must-revalidate Set-Cookie _ror_session=iNeyXnlGMy9ZWSiRsWe1fFSweSStcfiCQCbVUMDstxmAjEidzyowS7EQ2jfAis9YqdLRSJmWxnU4unLsgBw9iWa67jCD0J4cQBSuDQd1CeR%2F05SoLIgToqwybbV8kPQl5SdmpmI1HgH1DDal31fnRopGjrgAjwpXyzMHI%2BzawEqw1GOk6CV7AHA6COdXLe9nkv597gBRcASV5LA%2BwFj8EzPCrBZpU8zIntNyqGfmO%2FOzdZAwwdgpjHMpgT34S4YBLoY5PVZDORhSeV8mM%2FzkxrF84yqqVO4ndF9RUOZrfPr9c8LVdsfck3CMaaoLd3qK--%2FX8GCY%2BQSuH0Rihn--A9dskV2%2F4v%2FbLu5oEtoICQ%3D%3D; path=/; HttpOnly X-Request-Id 668bbc7d-9c8d-4b8f-90d9-d3b90734f205 X-Runtime 0.028509 Content-Encoding gzip
GET H/1.1	200 OK	application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js Show response api-leroymerlin.click2buy.com/assets/	2 MB 513 KB	58ms 57ms	Script application/javascript	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash 9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0 Request headers Referer https://api-leroymerlin.click2buy.com/users/sign_in User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 11 Jan 2021 10:21:55 GMT Content-Encoding gzip Last-Modified Mon, 14 Dec 2020 11:10:42 GMT Server nginx ETag "5fd74832-800ad" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=0, private Connection keep-alive Content-Length 524461 Expires Mon, 11 Jan 2021 10:21:55 GMT
GET H2	200	moment.min.js Show response cdn.jsdelivr.net/momentjs/latest/	50 KB 17 KB	19ms 6ms	Script application/javascript	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/momentjs/latest/moment.min.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 4564561 x-cache MISS, HIT cross-origin-resource-policy cross-origin content-length 17022 etag W/"c909-Mv32cwvjRTjgk3jsbMVSKdmnAVE" x-served-by cache-fra19163-FRA, cache-hhn4040-HHN date Mon, 11 Jan 2021 10:21:55 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	daterangepicker.min.js Show response cdn.jsdelivr.net/npm/daterangepicker/	32 KB 7 KB	20ms 7ms	Script application/javascript	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 28472 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 7409 etag W/"7f60-yn4DlHkED3KaP/biww3JCbN4kvM" x-served-by cache-fra19172-FRA, cache-hhn4040-HHN date Mon, 11 Jan 2021 10:21:55 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H/1.1	200 OK	application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css api-leroymerlin.click2buy.com/assets/	265 KB 44 KB	137ms 64ms	Stylesheet text/css	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash 19b88d14ce2bf85e029f3c5f23c26b56b1b543125a5bc1d03a8daac88845432c Request headers Referer https://api-leroymerlin.click2buy.com/users/sign_in User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 11 Jan 2021 10:21:56 GMT Content-Encoding gzip Last-Modified Mon, 14 Dec 2020 11:06:16 GMT Server nginx ETag "5fd74728-ace3" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=0, private Connection keep-alive Content-Length 44259 Expires Mon, 11 Jan 2021 10:21:56 GMT
GET H2	200	daterangepicker.css cdn.jsdelivr.net/npm/daterangepicker/	8 KB 2 KB	18ms 5ms	Stylesheet text/css	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 28474 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 1621 etag W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4" x-served-by cache-fra19146-FRA, cache-hhn4040-HHN date Mon, 11 Jan 2021 10:21:55 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H2	200	css fonts.googleapis.com/	15 KB 1 KB	18ms 17ms	Stylesheet text/css	2a00:1450:4001:81e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 006d8fedc2c40853037fa41524e2388d0f4d42a4073133995e01645515d63081 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 11 Jan 2021 10:21:56 GMT server ESF date Mon, 11 Jan 2021 10:21:56 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 11 Jan 2021 10:21:56 GMT
GET H/1.1	404 Not Found	glyphicons-halflings-regular.woff2 api-leroymerlin.click2buy.com/assets/	0 0	38ms 38ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.woff2 Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 11 Jan 2021 10:21:56 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html
GET H/1.1	404 Not Found	glyphicons-halflings-regular.woff api-leroymerlin.click2buy.com/assets/	0 0	38ms 37ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.woff Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 11 Jan 2021 10:21:56 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html
GET H/1.1	404 Not Found	glyphicons-halflings-regular.ttf api-leroymerlin.click2buy.com/assets/	0 0	38ms 37ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.ttf Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 11 Jan 2021 10:21:56 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| getDatagridData function| reload_datagrid object| opts undefined| spinner function| elementFactory function| jBox function| _init function| $ function| jQuery object| jQuery1124007083531641246621 function| Spinner object| Highcharts object| HighchartsAdapter object| Chartkick function| Tether object| bootstrapSwitch function| moment function| daterangepicker object| jQuery1124024862369800947004

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			api-leroymerlin.click2buy.com/	1969-12-31 23:59:59	Name: _ror_session Value: iNeyXnlGMy9ZWSiRsWe1fFSweSStcfiCQCbVUMDstxmAjEidzyowS7EQ2jfAis9YqdLRSJmWxnU4unLsgBw9iWa67jCD0J4cQBSuDQd1CeR%2F05SoLIgToqwybbV8kPQl5SdmpmI1HgH1DDal31fnRopGjrgAjwpXyzMHI%2BzawEqw1GOk6CV7AHA6COdXLe9nkv597gBRcASV5LA%2BwFj8EzPCrBZpU8zIntNyqGfmO%2FOzdZAwwdgpjHMpgT34S4YBLoY5PVZDORhSeV8mM%2FzkxrF84yqqVO4ndF9RUOZrfPr9c8LVdsfck3CMaaoLd3qK--%2FX8GCY%2BQSuH0Rihn--A9dskV2%2F4v%2FbLu5oEtoICQ%3D%3D

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This filename doesn't follow the convention, use bootstrap-datepicker.en-CA.js instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: The language code "kh" is deprecated and will be removed in 2.0. For Khmer support use "km" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: The language code "kr" is deprecated and will be removed in 2.0. For korean support use "ko" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This language code "rs-latin" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian latin support use "sr-latin" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This language code "rs" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian support use "sr" instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-leroymerlin.click2buy.com
cdn.jsdelivr.net
fonts.googleapis.com
2a00:1450:4001:81e::200a
2a04:4e42:1b::621
91.134.128.131
006d8fedc2c40853037fa41524e2388d0f4d42a4073133995e01645515d63081
19b88d14ce2bf85e029f3c5f23c26b56b1b543125a5bc1d03a8daac88845432c
3f8da022de2b0c532e99a1169f94ee90be15cdedf4fcf4559233bf2be3a4a435
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de
9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0
d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238