urlscan.io logo urlscan.io
SecurityTrails logo

my.ca-autobank.es Open in urlscan Pro
37.179.0.12  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://my.ca-autobank.es/0.4856358454221974
Effective URL: https://my.ca-autobank.es/0.4856358454221974
Submission: On October 23 via api from US — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 5 domains to perform 23 HTTP transactions. The main IP is 37.179.0.12, located in Milan, Italy and belongs to VODAFONE-IT-ASN, IT. The main domain is my.ca-autobank.es.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on November 7th 2023. Valid for: a year.
This is the only time my.ca-autobank.es was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 37.179.0.12 30722 (VODAFONE-...)
6 92.123.104.8 20940 (AKAMAI-ASN1)
3 18.66.112.72 16509 (AMAZON-02)
3 23.212.210.9 16625 (AKAMAI-AS)
2 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
23 8
6    37.179.0.12 (Milan, Italy)

ASN30722 (VODAFONE-IT-ASN, IT)
PTR: net-37-179-0-12.cust.vodafonedsl.it
my.ca-autobank.es
6    92.123.104.8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-104-8.deploy.static.akamaitechnologies.com
api02-emea.fcagroup.com
3    18.66.112.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-72.fra56.r.cloudfront.net
loginsap.ca-autobank.es
3    23.212.210.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-210-9.deploy.static.akamaitechnologies.com
cdns.eu1.gigya.com
2    2a02:26f0:7100::211:64da (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cookielaw.emea.fcagroup.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a02:26f0:7100::211:64b2 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cookielaw.emea.fcagroup.com
Apex Domain
Subdomains		 Transfer
9 fcagroup.com
api02-emea.fcagroup.com
cookielaw.emea.fcagroup.com — Cisco Umbrella Rank: 327235
7 KB
9 ca-autobank.es
my.ca-autobank.es
loginsap.ca-autobank.es
8 MB
3 gigya.com
cdns.eu1.gigya.com — Cisco Umbrella Rank: 27002
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
28 KB
0 typekit.net Failed
use.typekit.net Failed
23 5
Domain Requested by
6 api02-emea.fcagroup.com my.ca-autobank.es
6 my.ca-autobank.es my.ca-autobank.es
3 cookielaw.emea.fcagroup.com my.ca-autobank.es
cdnjs.cloudflare.com
3 cdns.eu1.gigya.com loginsap.ca-autobank.es
3 loginsap.ca-autobank.es my.ca-autobank.es
loginsap.ca-autobank.es
1 cdnjs.cloudflare.com cookielaw.emea.fcagroup.com
0 use.typekit.net Failed my.ca-autobank.es
23 7

This site contains no links.

Subject Issuer Validity Valid
my.ca-autobank.fr
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-07 -
2024-11-06		 a year crt.sh
www.fiat.com
R11		 2024-09-05 -
2024-12-04		 3 months crt.sh
loginsap.leasys.pl
Amazon RSA 2048 M03		 2024-10-06 -
2025-11-05		 a year crt.sh
cdns.gigya.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-08-26 -
2025-08-26		 a year crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://my.ca-autobank.es/0.4856358454221974
Frame ID: 156B6BC8DB98C6B3146018DA1EEE4251
Requests: 18 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&version=latest&build=16506&serviceName=apiService
Frame ID: 7EE0857EE10E18F1127C158A4160EE36
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16506
Frame ID: 1F2A63C081A77EFF40C257A9B2F0DEF2
Requests: 1 HTTP requests in this frame

Frame: https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16506
Frame ID: C6B9D8F9FE52A155056557E2F8B0BA25
Requests: 1 HTTP requests in this frame

Frame: https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatehtml?key=3212
Frame ID: DA416AF6131B1AFBF6C3D6FDFC2F0EAE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

My CA Auto Bank

Page URL History Show full URLs

  1. http://my.ca-autobank.es/0.4856358454221974 HTTP 307
    https://my.ca-autobank.es/0.4856358454221974 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

96 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

8
IPs

4
Countries

8004 kB
Transfer

8447 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://my.ca-autobank.es/0.4856358454221974 HTTP 307
    https://my.ca-autobank.es/0.4856358454221974 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 0.4856358454221974
my.ca-autobank.es/
Redirect Chain
  • http://my.ca-autobank.es/0.4856358454221974
  • https://my.ca-autobank.es/0.4856358454221974
706 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/0.4856358454221974
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
d9bbd2f88180f708d32b47325bc9ad0a991b74dc3019f62f1b1baea1057294d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
access-control-allow-origin
app://ca-autobank-cp
content-length
706
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
content-type
text/html
date
Wed, 23 Oct 2024 07:49:17 GMT
etag
"6707af98-2c2"
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
referrer-policy
origin
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Location
https://my.ca-autobank.es/0.4856358454221974
Non-Authoritative-Reason
HttpsUpgrades
runtime~main.ed89ca369961751b6df3.js
my.ca-autobank.es/ 		3 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/runtime~main.ed89ca369961751b6df3.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.4856358454221974
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
b66c66a7f38fe5913a9f547b57e5d1081c6e225c5787a479b1e0c1fe058d8968
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
etag
"6707af98-d21"
x-permitted-cross-domain-policies
none
referrer-policy
origin
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
app://ca-autobank-cp
content-length
3361
date
Wed, 23 Oct 2024 07:49:17 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
vendor.b5ca11bc7c828ca7f9aa.js
my.ca-autobank.es/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/vendor.b5ca11bc7c828ca7f9aa.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.4856358454221974
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
f4faf095ae2cee3492353a0965a460f0e890be697d6b9cfd88a711407a63ea04
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
etag
"6707af98-3f8a84"
x-permitted-cross-domain-policies
none
referrer-policy
origin
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
app://ca-autobank-cp
content-length
4164228
date
Wed, 23 Oct 2024 07:49:17 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
main.91486918d4cf4424d9c5.js
my.ca-autobank.es/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/main.91486918d4cf4424d9c5.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/0.4856358454221974
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
88ba9d94bf0584f5eddd55c7040a2e636ea9b038af2a9c5dccc340a69b0c83c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
etag
"6707af98-39e1dc"
x-permitted-cross-domain-policies
none
referrer-policy
origin
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
app://ca-autobank-cp
content-length
3793372
date
Wed, 23 Oct 2024 07:49:17 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
xns0ovl.css
use.typekit.net/ 		0
0
courtesyPage
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/courtesyPage
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
alt-svc
h3=":443"; ma=93600
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Wed, 23 Oct 2024 07:49:20 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.74.110
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.74.110
x-forwarded-for
146.70.74.110, 23.41.167.136
x-global-transaction-id
d8c38a516718aa8002106eb4
gigya.js
loginsap.ca-autobank.es/js/ 		549 KB
179 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.91486918d4cf4424d9c5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-72.fra56.r.cloudfront.net
Software
/
Resource Hash
87b9140384b1c38eefa4889975a6b27afb82c9e7589b74a006b39cf41d424166

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-robots-tag
none
content-encoding
gzip
x-callid
2d8611c862d34b47977657ad69f67750
x-cache
Miss from cloudfront
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code
0
date
Wed, 23 Oct 2024 07:49:19 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-server
eu1b-nomad-t10
x-amz-cf-id
M5_iccbmRRhuQXGqdRNlItnQlwUoanti632dDm7DEfNRLxAFeQ0hrw==
edge-cache-tag
siteid_898634468600,ver_latest
cache-control
public, s-maxage=3600, max-age=900
x-soa
true, Gator
via
1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
access-control-allow-origin
*
content-length
182073
x-amz-cf-pop
FRA56-P5
courtesyPage
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/ 		64 B
860 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/configurations/courtesyPage
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.b5ca11bc7c828ca7f9aa.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
df82d31f556bdad8ed3f23df7705486a2f26a72b9c7f9394495afd6ab97fe471
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg
Referer
https://my.ca-autobank.es/
x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-lang
es
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-burstlimit-remaining
name=burst-limit,279;
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
content-encoding
gzip
x-content-type-options
nosniff
expires
0
alt-svc
h3=":443"; ma=93600
date
Wed, 23 Oct 2024 07:49:21 GMT
content-type
application/json
vary
Origin, Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-global-transaction-id
d8c38a516718aa80041ead01
pragma
no-cache
x-content-security-policy
default-src 'self'
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
x-ratelimit-remaining
name=rate-limit-1,414;
access-control-allow-origin
https://my.ca-autobank.es
content-length
87
x-xss-protection
1
x-ratelimit-limit
name=rate-limit-1,2000;
sdk.config.get
loginsap.ca-autobank.es/ 		5 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://loginsap.ca-autobank.es/sdk.config.get?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&httpStatusCodes=true&ver=1729669680000
Requested by
Host: loginsap.ca-autobank.es
URL: https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-72.fra56.r.cloudfront.net
Software
/
Resource Hash
57c3e11da292aee44894317d418e819053edc61444abb7acfff245d6a224305d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-robots-tag
none, none
content-encoding
gzip
age
50
x-callid
57c2fe5254f841d3860eb797cdc6c256
x-cache
Hit from cloudfront
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code
0
date
Wed, 23 Oct 2024 07:48:31 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
x-server
eu1b-nomad-t10
x-amz-cf-id
3BOUp_8aZzjezZzghA8GhjLglzK6leYonlXfpLat7FTdmVsU7khDOw==
edge-cache-tag
siteid_898634468600
cache-control
public, s-maxage=120, max-age=60
x-soa
true, Gator
via
1.1 5c14dc328191a14142654d833f772c6c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
2064
x-amz-cf-pop
FRA56-P5
6ba0ea5141ad3d2177b5.png
my.ca-autobank.es/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/6ba0ea5141ad3d2177b5.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
5f472b96627af0806763a226c65429af36540a91b0bd3c3f73ddba79bc44a251
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
etag
"6707af98-429"
x-permitted-cross-domain-policies
none
referrer-policy
origin
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
app://ca-autobank-cp
content-length
1065
date
Wed, 23 Oct 2024 07:49:21 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
103.c31c0d20f9fb3567d839.chunk.js
my.ca-autobank.es/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ca-autobank.es/103.c31c0d20f9fb3567d839.chunk.js
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/runtime~main.ed89ca369961751b6df3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
37.179.0.12 Milan, Italy, ASN30722 (VODAFONE-IT-ASN, IT),
Reverse DNS
net-37-179-0-12.cust.vodafonedsl.it
Software
/
Resource Hash
4fb423a9501ccbad2f8d56d883b66db0c0776fa590ae798228bc55f1b5606c35
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
etag
"6707af98-b7b"
x-permitted-cross-domain-policies
none
referrer-policy
origin
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
app://ca-autobank-cp
content-length
2939
date
Wed, 23 Oct 2024 07:49:21 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 10:42:32 GMT
access-control-allow-headers
origin, content-type, accept, authorization, x-requested-with, x-xhr-logon, cache-control, pragma, expires, if-modified-since, mobile-version, x-ibm-client-id, x-ibm-client-secret, x-idp-client-id, x-lang
footer
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ 		2 KB
561 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/footer
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.b5ca11bc7c828ca7f9aa.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
490c741bc925fd027630266e6a934659da6a47656dddf28d39c9b5654a180d46
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg
Referer
https://my.ca-autobank.es/
x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-lang
es
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-burstlimit-remaining
name=burst-limit,278;
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
content-encoding
gzip
x-content-type-options
nosniff
expires
0
alt-svc
h3=":443"; ma=93600
date
Wed, 23 Oct 2024 07:49:21 GMT
content-type
application/json
vary
Origin, Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-global-transaction-id
6578c0596718aa8109231160
pragma
no-cache
x-content-security-policy
default-src 'self'
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
quic-version
0x00000001
x-ratelimit-remaining
name=rate-limit-1,413;
access-control-allow-origin
https://my.ca-autobank.es
content-length
526
x-xss-protection
1
x-ratelimit-limit
name=rate-limit-1,2000;
contacts
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ 		1 KB
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/contacts
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/vendor.b5ca11bc7c828ca7f9aa.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c9bc4f0c20383ad66115a3949621936fd00030380aa18abbafdca4ee73a87ad9
Security Headers
Name Value
Content-Security-Policy script-src 'self'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Security-Policy default-src 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

x-idp-client-id
4_dbUvCYCGZHbSzI_VIuqZIg
Referer
https://my.ca-autobank.es/
x-ibm-client-id
e05eb692-c62b-4831-a300-deba2a957d65
x-ibm-client-secret
P4oL8qO7nG2qJ5vT5qE0lL5lC5wX3pP5xY8iQ5eC3pJ5qA1jI0
x-lang
es
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-burstlimit-remaining
name=burst-limit,277;
access-control-expose-headers
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
content-encoding
gzip
x-content-type-options
nosniff
expires
0
alt-svc
h3=":443"; ma=93600
date
Wed, 23 Oct 2024 07:49:21 GMT
content-type
application/json
vary
Origin, Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=31536000 ; includeSubDomains
content-security-policy
script-src 'self'
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-global-transaction-id
6578c0596718aa81009ef2e7
pragma
no-cache
x-content-security-policy
default-src 'self'
access-control-allow-credentials
true
x-burstlimit-limit
name=burst-limit,300;
quic-version
0x00000001
x-ratelimit-remaining
name=rate-limit-1,412;
access-control-allow-origin
https://my.ca-autobank.es
content-length
487
x-xss-protection
1
x-ratelimit-limit
name=rate-limit-1,2000;
truncated
/ 		247 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a5dd92f73c4040809ef6a8070b790e676cd24e92188624d13bbac56cfa8863f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3955f2fc605ec08d35ac27e6982f7ff94a3de5500f4c66c15aa5e9decd151c1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

Content-Type
image/svg+xml
footer
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/footer
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET,POST
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
alt-svc
h3=":443"; ma=93600
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Wed, 23 Oct 2024 07:49:21 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
quic-version
0x00000001
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.74.110
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.74.110
x-forwarded-for
146.70.74.110, 23.41.167.136
x-global-transaction-id
d8c38a516718aa81041ead31
contacts
api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api02-emea.fcagroup.com/emea/extra/fcaBank/customers/v12.10/cms/markets/es/brands/fca/contacts
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
92.123.104.8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-8.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
Access-Control-Request-Method
GET
Origin
https://my.ca-autobank.es
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept
*/*
accept-encoding
gzip
accept-language
es-ES,es;q=0.9
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-allow-methods
GET,PUT
access-control-allow-origin
https://my.ca-autobank.es
access-control-request-headers
content-type,x-ibm-client-id,x-ibm-client-secret,x-idp-client-id,x-lang
access-control-request-method
GET
akamai-origin-hop
2
alt-svc
h3=":443"; ma=93600
cache-control
no-cache, max-age=0
content-encoding
gzip
content-length
0
date
Wed, 23 Oct 2024 07:49:21 GMT
origin
https://my.ca-autobank.es
pragma
no-cache
priority
u=1, i
quic-version
0x00000001
referer
https://my.ca-autobank.es/
sec-fetch-dest
empty
sec-fetch-mode
cors
sec-fetch-site
cross-site
true-client-ip
146.70.74.110
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
vary
Origin Accept-Encoding
x-akamai-config-log-detail
true
x-client-ip
146.70.74.110
x-forwarded-for
146.70.74.110, 23.41.167.136
x-global-transaction-id
d8c38a516718aa8102616be3
Api.aspx
cdns.eu1.gigya.com/gs/webSdk/ Frame 7EE0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/webSdk/Api.aspx?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&version=latest&build=16506&serviceName=apiService
Requested by
Host: loginsap.ca-autobank.es
URL: https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.210.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-210-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
45326
content-type
text/html; charset=utf-8
date
Wed, 23 Oct 2024 07:49:21 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-callid
e5105da1ebd1424fbe68449d041788e9
x-error-code
0
x-robots-tag
none none
x-server
us1d-nomad-t24
x-soa
true, Gator
accounts.webSdkBootstrap
loginsap.ca-autobank.es/ 		199 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://loginsap.ca-autobank.es/accounts.webSdkBootstrap?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&pageURL=https%3A%2F%2Fmy.ca-autobank.es%2F0.4856358454221974&sdk=js_latest&sdkBuild=16506&format=json
Requested by
Host: loginsap.ca-autobank.es
URL: https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-72.fra56.r.cloudfront.net
Software
/
Resource Hash
58c33051331dd70ef65636602988ced79bd3d08002c29a8c8d312d3476eed254

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

x-robots-tag
none
access-control-max-age
86400
content-encoding
gzip
access-control-allow-methods
GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
x-callid
d686d6419480419bb77316440ae29943
x-cache
Miss from cloudfront
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
x-error-code
0
date
Wed, 23 Oct 2024 07:49:21 GMT
content-type
text/javascript; charset=utf-8
vary
Origin, Accept-Encoding
x-server
eu1b-nomad-t7
x-amz-cf-id
BLF0ZmWVJcNaO_l-foiNv7BETbLwjVHl9aYd5DWKHtXHRy7jMBP3SQ==
cache-control
private
access-control-allow-credentials
true
x-soa
true, Gator
via
1.1 22b00b5685ee1822efcb3d9e95d3c19a.cloudfront.net (CloudFront)
access-control-allow-origin
https://my.ca-autobank.es
content-length
174
x-amz-cf-pop
FRA56-P5
sso.htm
cdns.eu1.gigya.com/gs/ Frame 1F2A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16506
Requested by
Host: loginsap.ca-autobank.es
URL: https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.210.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-210-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
33682
content-type
text/html; charset=utf-8
date
Wed, 23 Oct 2024 07:49:22 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-callid
9221a8f3e84b4747b85c98a683e867a6
x-error-code
0
x-robots-tag
none none
x-server
us1d-nomad-t22
x-soa
true, Gator
sso.htm
cdns.eu1.gigya.com/gs/ Frame C6B9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdns.eu1.gigya.com/gs/sso.htm?APIKey=4_OSWB3AaRbeRh-iYS5B9RZA&ssoSegment=eu&version=latest&build=16506
Requested by
Host: loginsap.ca-autobank.es
URL: https://loginsap.ca-autobank.es/js/gigya.js?apiKey=4_dbUvCYCGZHbSzI_VIuqZIg&lang=es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.212.210.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-210-9.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
public, s-maxage=3600, max-age=900
content-encoding
gzip
content-length
33682
content-type
text/html; charset=utf-8
date
Wed, 23 Oct 2024 07:49:22 GMT
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
vary
Accept-Encoding
x-callid
9221a8f3e84b4747b85c98a683e867a6
x-error-code
0
x-robots-tag
none none
x-server
us1d-nomad-t22
x-soa
true, Gator
generatecss
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ 		0
256 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatecss?key=3212
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.91486918d4cf4424d9c5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::211:64da Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
content-length
20
x-xss-protection
1; mode=block
date
Wed, 23 Oct 2024 07:49:23 GMT
content-type
text/css
vary
Accept-Encoding
server
Apache
generatejs
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatejs?key=3212
Requested by
Host: my.ca-autobank.es
URL: https://my.ca-autobank.es/main.91486918d4cf4424d9c5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::211:64da Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
57046872f68d2277c8449b4186f0f679ee024ed921aaf825a66f3f59476f606e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
*
content-length
5172
x-xss-protection
1; mode=block
date
Wed, 23 Oct 2024 07:49:23 GMT
content-type
application/x-javascript;charset=UTF-8
vary
Accept-Encoding
server
Apache
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ 		86 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: cookielaw.emea.fcagroup.com
URL: https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatejs?key=3212
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://my.ca-autobank.es/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb03ec4-15851"
age
117701
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=017wAOGW6mDycopqkknpmHnSLnbq6G%2BxvU27esKXG6betgOsjPs2q4I%2BXMRSJxH4x8QJRpZVa3USzJmILhFT9HevL9M3TOn7lVrvgxYVeplBVGMl7gKfWrfrOM5a%2BkCTKqiDT0C9"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Mon, 13 Oct 2025 07:49:23 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 23 Oct 2024 07:49:23 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 16:11:48 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8d70215639b4e097-MAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
27748
server
cloudflare
generatehtml
cookielaw.emea.fcagroup.com/CookieLawProduct/resources/ Frame DA41 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cookielaw.emea.fcagroup.com/CookieLawProduct/resources/generatehtml?key=3212
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::211:64b2 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.ca-autobank.es/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
177792
content-type
text/html;charset=UTF-8
date
Wed, 23 Oct 2024 07:49:24 GMT
referrer-policy
strict-origin-when-cross-origin
server
Apache
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
use.typekit.net
URL
https://use.typekit.net/xns0ovl.css

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| webpackChunkfcab_customerportal_fcab_fe function| clearImmediate function| setImmediate object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ object| d3 object| gigyaClient object| fcabCordova object| CustomerPortal function| gtag object| dataLayer function| ga object| gigya function| manageReferrer object| jq function| manageQueryParams function| getQueryParam function| manageQueryParamsCrawler function| manageQueryParamsCarConfigurator function| clearCookies function| getCookieOpenModal function| openCookiePolicyModal function| proceed function| Actions function| $ function| jQuery

5 Cookies

Domain/Path Name / Value
.cdns.eu1.gigya.com/ Name: apiDomain_4_OSWB3AaRbeRh-iYS5B9RZA
Value: loginsap.ca-autobank.es
.loginsap.ca-autobank.es/ Name: gmid
Value: gmid.ver4.AtLtj1PsDw.Sidm0SWB1Bsqq37F5W_DHlPZ1CjtqfbmSX39s9ex5WNvhZZlUFuIHeAMvzmz-QnV.-nngAB8POIZAuIg67-QPpgMiTrhv7E5KPgR9x1Qi3TBEQnowQ7hmIN5FVPEtpzzC2MaaT0ZzdcqxrKfRLbc1Sw.sc3
.loginsap.ca-autobank.es/ Name: ucid
Value: mR60gs1Jvj6U2ANn7goXCg
.loginsap.ca-autobank.es/ Name: hasGmid
Value: ver4
.ca-autobank.es/ Name: gig_bootstrap_4_dbUvCYCGZHbSzI_VIuqZIg
Value: loginsap_ver4

1 Console Messages

Source Level URL
Text
security error URL: https://my.ca-autobank.es/0.4856358454221974
Message:
Refused to load the stylesheet 'https://use.typekit.net/xns0ovl.css' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gigya.com https://*.stellantis.com https://*.google.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.google-analytics.com https://*.ca-autobank.fr https://*.fcagroup.com https://*.ca-autobank.pl https://*.ca-autobank.de https://*.ca-autobank.at https://*.ca-autobank.pt https://*.ca-autobank.es https://*.ca-autobank.be https://*.ca-autobank.gr https://*.ca-autofinance.nl https://*.ca-autofinance.ch https://*.ca-autofinance.dk https://*.leasys.pl https://*.googleapis.com https://*.ca-autobank.com https://*.gstatic.com blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api02-emea.fcagroup.com
cdnjs.cloudflare.com
cdns.eu1.gigya.com
cookielaw.emea.fcagroup.com
loginsap.ca-autobank.es
my.ca-autobank.es
use.typekit.net
use.typekit.net
104.17.25.14
18.66.112.72
23.212.210.9
2a02:26f0:7100::211:64b2
2a02:26f0:7100::211:64da
37.179.0.12
92.123.104.8
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
490c741bc925fd027630266e6a934659da6a47656dddf28d39c9b5654a180d46
4fb423a9501ccbad2f8d56d883b66db0c0776fa590ae798228bc55f1b5606c35
57046872f68d2277c8449b4186f0f679ee024ed921aaf825a66f3f59476f606e
57c3e11da292aee44894317d418e819053edc61444abb7acfff245d6a224305d
58c33051331dd70ef65636602988ced79bd3d08002c29a8c8d312d3476eed254
5f472b96627af0806763a226c65429af36540a91b0bd3c3f73ddba79bc44a251
6a5dd92f73c4040809ef6a8070b790e676cd24e92188624d13bbac56cfa8863f
87b9140384b1c38eefa4889975a6b27afb82c9e7589b74a006b39cf41d424166
88ba9d94bf0584f5eddd55c7040a2e636ea9b038af2a9c5dccc340a69b0c83c2
b66c66a7f38fe5913a9f547b57e5d1081c6e225c5787a479b1e0c1fe058d8968
c9bc4f0c20383ad66115a3949621936fd00030380aa18abbafdca4ee73a87ad9
d9bbd2f88180f708d32b47325bc9ad0a991b74dc3019f62f1b1baea1057294d1
df82d31f556bdad8ed3f23df7705486a2f26a72b9c7f9394495afd6ab97fe471
e3955f2fc605ec08d35ac27e6982f7ff94a3de5500f4c66c15aa5e9decd151c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4faf095ae2cee3492353a0965a460f0e890be697d6b9cfd88a711407a63ea04