urlscan.io logo urlscan.io
SecurityTrails logo

euadfs.bicworld.com Open in urlscan Pro
52.157.223.111  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://buy4bic.com/
Effective URL: https://euadfs.bicworld.com/adfs/ls/
Submission: On October 24 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 2 domains to perform 6 HTTP transactions. The main IP is 52.157.223.111, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is euadfs.bicworld.com.
TLS certificate: Issued by Corporation Service Company RSA OV SS... on September 24th 2024. Valid for: a year.
This is the only time euadfs.bicworld.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 165.160.15.20 19574 (CSC)
2 3 185.14.245.167 61221 (IVALUA-AS)
1 6 52.157.223.111 8075 (MICROSOFT...)
6 2
Apex Domain
Subdomains		 Transfer
6 bicworld.com
euadfs.bicworld.com
264 KB
4 buy4bic.com
buy4bic.com
www.buy4bic.com
6 KB
6 2
Domain Requested by
6 euadfs.bicworld.com 1 redirects euadfs.bicworld.com
3 www.buy4bic.com 2 redirects
1 buy4bic.com 1 redirects
6 3

This site contains links to these domains. Also see Links.

Domain
www.bicworld.com
Subject Issuer Validity Valid
buy4bic.com
Corporation Service Company RSA OV SSL CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.bicworld.com
Corporation Service Company RSA OV SSL CA		 2024-09-24 -
2025-10-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://euadfs.bicworld.com/adfs/ls/
Frame ID: 941413F5C8B1D9639C70E74B19600ADC
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden

Page URL History Show full URLs

  1. http://buy4bic.com/ HTTP 307
    https://buy4bic.com/ HTTP 307
    http://buy4bic.com/ HTTP 301
    http://www.buy4bic.com/ HTTP 307
    https://www.buy4bic.com/ HTTP 302
    https://www.buy4bic.com/page.aspx/de/buy/homepage HTTP 302
    https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage Page URL
  2. https://euadfs.bicworld.com/adfs/ls/ Page URL

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

3
Countries

266 kB
Transfer

261 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://buy4bic.com/ HTTP 307
    https://buy4bic.com/ HTTP 307
    http://buy4bic.com/ HTTP 301
    http://www.buy4bic.com/ HTTP 307
    https://www.buy4bic.com/ HTTP 302
    https://www.buy4bic.com/page.aspx/de/buy/homepage HTTP 302
    https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage Page URL
  2. https://euadfs.bicworld.com/adfs/ls/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://buy4bic.com/ HTTP 307
  • https://buy4bic.com/ HTTP 307
  • http://buy4bic.com/ HTTP 301
  • http://www.buy4bic.com/ HTTP 307
  • https://www.buy4bic.com/ HTTP 302
  • https://www.buy4bic.com/page.aspx/de/buy/homepage HTTP 302
  • https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage
Request Chain 4
  • https://euadfs.bicworld.com/favicon.ico HTTP 307
  • https://euadfs.bicworld.com/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=40ee72c7-9819-e511-80ca-02bfac1005b5&returnUrl=https%3A%2F%2Feuadfs.bicworld.com%2Ffavicon.ico&client-request-id=F2F8BC0E-DC60-0001-76D8-BEE5C319DB01

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login
www.buy4bic.com/page.aspx/fr/usr/
Redirect Chain
  • http://buy4bic.com/
  • https://buy4bic.com/
  • http://buy4bic.com/
  • http://www.buy4bic.com/
  • https://www.buy4bic.com/
  • https://www.buy4bic.com/page.aspx/de/buy/homepage
  • https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage
1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.14.245.167 , France, ASN61221 (IVALUA-AS, FR),
Reverse DNS
185-14-245-167.ivalua.net
Software
/
Resource Hash
23848c1e1f96a016fbb04a7ad3b4e1eae1e08c8cf4f7b2a35a112b215ccbff7a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: ; connect-src 'self' data: ws://www.buy4bic.com wss://www.buy4bic.com ; default-src 'none' ; font-src 'self' data: ; form-action 'self' * *.mercateo.com/basket/oci http://www.groupe-rg-eshop.com/b2b/init.do https://*.amazon.ca/ https://*.amazon.co.uk/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.es/ https://*.amazon.fr/ https://*.amazon.it/ https://euadfs.bicworld.com/adfs/ls/ https://h20226.www2.hp.com/invoke/HPI_cXML_PunchOut:receiveCXML https://project.ivalua.com/page.php/chg/environment_sso https://www.amazon.es/eprocurement/punchout https://www.amazon.fr/eprocurement/punchout https://www.dc-clic.com/punchout/request/0b70b6d8-af70-434b-b732-234c48730fac https://www.groupe-fair-shop.fr/index.php?frm_Login=bpunchoutbic&frm_Pass=612501 https://www.lyreco.com/DC/FH1/OCI/Login/StdLogin.do https://www.markit.eu/cXML.ashx https://www.rexel.fr/frx/punchout/ociLogin/ ; frame-ancestors 'self' ; frame-src 'self' blob: ; img-src 'self' data: https://groupe-mb.scene7.com/is/image/ https://m.media-amazon.com/images/ https://media.rs-online.com https://static.grainger.com/rp/s/is/image/Grainger/ https://www.manutan.fr ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
1025
Content-Security-Policy
child-src 'self' blob: ; connect-src 'self' data: ws://www.buy4bic.com wss://www.buy4bic.com ; default-src 'none' ; font-src 'self' data: ; form-action 'self' * *.mercateo.com/basket/oci http://www.groupe-rg-eshop.com/b2b/init.do https://*.amazon.ca/ https://*.amazon.co.uk/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.es/ https://*.amazon.fr/ https://*.amazon.it/ https://euadfs.bicworld.com/adfs/ls/ https://h20226.www2.hp.com/invoke/HPI_cXML_PunchOut:receiveCXML https://project.ivalua.com/page.php/chg/environment_sso https://www.amazon.es/eprocurement/punchout https://www.amazon.fr/eprocurement/punchout https://www.dc-clic.com/punchout/request/0b70b6d8-af70-434b-b732-234c48730fac https://www.groupe-fair-shop.fr/index.php?frm_Login=bpunchoutbic&frm_Pass=612501 https://www.lyreco.com/DC/FH1/OCI/Login/StdLogin.do https://www.markit.eu/cXML.ashx https://www.rexel.fr/frx/punchout/ociLogin/ ; frame-ancestors 'self' ; frame-src 'self' blob: ; img-src 'self' data: https://groupe-mb.scene7.com/is/image/ https://m.media-amazon.com/images/ https://media.rs-online.com https://static.grainger.com/rp/s/is/image/Grainger/ https://www.manutan.fr ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'
Content-Type
text/html; charset=utf-8
Date
Thu, 24 Oct 2024 18:15:49 GMT
Expires
-1
Pragma
no-cache
Server
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private
Content-Length
185
Content-Security-Policy
child-src 'self' blob: ; connect-src 'self' data: ws://www.buy4bic.com wss://www.buy4bic.com ; default-src 'none' ; font-src 'self' data: ; form-action 'self' * *.mercateo.com/basket/oci http://www.groupe-rg-eshop.com/b2b/init.do https://*.amazon.ca/ https://*.amazon.co.uk/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.es/ https://*.amazon.fr/ https://*.amazon.it/ https://h20226.www2.hp.com/invoke/HPI_cXML_PunchOut:receiveCXML https://project.ivalua.com/page.php/chg/environment_sso https://www.amazon.es/eprocurement/punchout https://www.amazon.fr/eprocurement/punchout https://www.dc-clic.com/punchout/request/0b70b6d8-af70-434b-b732-234c48730fac https://www.groupe-fair-shop.fr/index.php?frm_Login=bpunchoutbic&frm_Pass=612501 https://www.lyreco.com/DC/FH1/OCI/Login/StdLogin.do https://www.markit.eu/cXML.ashx https://www.rexel.fr/frx/punchout/ociLogin/ ; frame-ancestors 'self' ; frame-src 'self' blob: ; img-src 'self' data: https://groupe-mb.scene7.com/is/image/ https://m.media-amazon.com/images/ https://media.rs-online.com https://static.grainger.com/rp/s/is/image/Grainger/ https://www.manutan.fr ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'
Content-Type
text/html; charset=utf-8
Date
Thu, 24 Oct 2024 18:15:49 GMT
Location
/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage
Server
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request /
euadfs.bicworld.com/adfs/ls/ 		24 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://euadfs.bicworld.com/adfs/ls/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.157.223.111 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
32ed2461ea818e8db716ab401039f460ffbd43b8ec4eb6d99ff2fd25885be307
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.buy4bic.com
Referer
https://www.buy4bic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache,no-store
Content-Length
24070
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Content-Type
text/html; charset=utf-8
Date
Thu, 24 Oct 2024 18:15:49 GMT
Expires
-1
P3P
ADFS doesn't have P3P policy, please contact your site's admin for more details
Pragma
no-cache
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age = 31536000
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
style.css
euadfs.bicworld.com/adfs/portal/css/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://euadfs.bicworld.com/adfs/portal/css/style.css?id=D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
Requested by
Host: euadfs.bicworld.com
URL: https://euadfs.bicworld.com/adfs/ls/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.157.223.111 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
d74d4d6943f32ae6f7f11d14d601dbb0e1a58919176ee512150366b6279aaf99
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://euadfs.bicworld.com/adfs/ls/

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
ETag
D74D4D6943F32AE6F7F11D14D601DBB0E1A58919176EE512150366B6279AAF99
X-Content-Type-Options
nosniff
Expires
Sat, 23 Nov 2024 19:15:49 GMT
Content-Length
7812
X-XSS-Protection
1; mode=block
Date
Thu, 24 Oct 2024 18:15:49 GMT
Content-Type
text/css
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
logo.jpg
euadfs.bicworld.com/adfs/portal/logo/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://euadfs.bicworld.com/adfs/portal/logo/logo.jpg?id=E0164476B23751E25F88E5AD7DF59FA89061ED6377B5504A91ADB1D15F7969FB
Requested by
Host: euadfs.bicworld.com
URL: https://euadfs.bicworld.com/adfs/ls/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.157.223.111 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e0164476b23751e25f88e5ad7df59fa89061ed6377b5504a91adb1d15f7969fb
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://euadfs.bicworld.com/adfs/ls/

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
ETag
E0164476B23751E25F88E5AD7DF59FA89061ED6377B5504A91ADB1D15F7969FB
X-Content-Type-Options
nosniff
Expires
Sat, 23 Nov 2024 19:15:49 GMT
Content-Length
10558
X-XSS-Protection
1; mode=block
Date
Thu, 24 Oct 2024 18:15:49 GMT
Content-Type
image/jpeg
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
illustration.jpg
euadfs.bicworld.com/adfs/portal/illustration/ 		195 KB
195 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://euadfs.bicworld.com/adfs/portal/illustration/illustration.jpg?id=58FABC380E057D70D8CDC9AA512930CDEF16CD654862D2EB065C0BD3AE32693C
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.157.223.111 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
58fabc380e057d70d8cdc9aa512930cdef16cd654862d2eb065c0bd3ae32693c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://euadfs.bicworld.com/adfs/ls/

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
ETag
58FABC380E057D70D8CDC9AA512930CDEF16CD654862D2EB065C0BD3AE32693C
X-Content-Type-Options
nosniff
Expires
Sat, 23 Nov 2024 19:15:50 GMT
Content-Length
199272
X-XSS-Protection
1; mode=block
Date
Thu, 24 Oct 2024 18:15:49 GMT
Content-Type
image/jpeg
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
ls
euadfs.bicworld.com/adfs/
Redirect Chain
  • https://euadfs.bicworld.com/favicon.ico
  • https://euadfs.bicworld.com/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=40ee72c7-9819-e511-80ca-02bfac1005b5&returnUrl=https%3A%2F%2Feuadfs.bicworld.com%2Ffavicon.ico&clie...
24 KB
24 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://euadfs.bicworld.com/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=40ee72c7-9819-e511-80ca-02bfac1005b5&returnUrl=https%3A%2F%2Feuadfs.bicworld.com%2Ffavicon.ico&client-request-id=F2F8BC0E-DC60-0001-76D8-BEE5C319DB01
Protocol
HTTP/1.1
Server
52.157.223.111 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3c9aaa5b631f5e2fcecd4a799a3a427bea6128182ff91d0de3e23d1744083596
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://euadfs.bicworld.com/adfs/ls/

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; frame-src bicworld.okta.com
Cache-Control
no-cache,no-store
Pragma
no-cache
X-Content-Type-Options
nosniff
Expires
-1
Content-Length
24382
X-XSS-Protection
1; mode=block
Date
Thu, 24 Oct 2024 18:15:49 GMT
Content-Type
text/html; charset=utf-8
Server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
X-Frame-Options
DENY

Redirect headers

Location
https://euadfs.bicworld.com/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=40ee72c7-9819-e511-80ca-02bfac1005b5&returnUrl=https%3A%2F%2Feuadfs.bicworld.com%2Ffavicon.ico&client-request-id=F2F8BC0E-DC60-0001-76D8-BEE5C319DB01
Content-Length
0
Date
Thu, 24 Oct 2024 18:15:49 GMT
Server
Microsoft-HTTPAPI/2.0

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login function| getStyle function| computeLoadIllustration string| domain_hint string| mfaSecondFactorErr string| mfaProofupMessage object| authArea

2 Cookies

Domain/Path Name / Value
euadfs.bicworld.com/adfs Name: MSISSamlRequest
Value: QmFzZVVybD1odHRwcyUzYSUyZiUyZmV1YWRmcy5iaWN3b3JsZC5jb20lM2E0NDMlMmZhZGZzJTJmbHMlMmZcU0FNTFJlcXVlc3Q9UEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpUHo0OGMyRnRiSEE2UVhWMGFHNVNaWEYxWlhOMElGWmxjbk5wYjI0OUlqSXVNQ0lnVUhKdmRHOWpiMnhDYVc1a2FXNW5QU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WW1sdVpHbHVaM002U0ZSVVVDMVFUMU5VSWlCQmMzTmxjblJwYjI1RGIyNXpkVzFsY2xObGNuWnBZMlZWVWt3OUltaDBkSEJ6T2k4dmQzZDNMbUoxZVRSaWFXTXVZMjl0TDNCaFoyVXVZWE53ZUM5bWNpOWlkWGt2YUc5dFpYQmhaMlVpSUVsRVBTSmZZVGN4TXpsak5ERXRObU14TWkwME5XUTVMV0l4T1RBdFpXSXpNR1JpTlRabU1qRXpJaUJKYzNOMVpVbHVjM1JoYm5ROUlqSXdNalF0TVRBdE1qUlVNVGc2TVRVNk5EbGFJaUJFWlhOMGFXNWhkR2x2YmowaWFIUjBjSE02THk5bGRXRmtabk11WW1samQyOXliR1F1WTI5dEwyRmtabk12YkhNdklpQlFjbTkyYVdSbGNrNWhiV1U5SWpnd0xqSTFOUzQzTGpFd01TSWdlRzFzYm5NNmMyRnRiSEE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwd2NtOTBiMk52YkNJJTJiUEhOaGJXdzZTWE56ZFdWeUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUG1oMGRIQnpPaTh2ZDNkM0xtSjFlVFJpYVdNdVkyOXRQQzl6WVcxc09rbHpjM1ZsY2o0OEwzTmhiV3h3T2tGMWRHaHVVbVZ4ZFdWemRENCUzZFxQcm90b2NvbEJpbmRpbmc9dXJuJTNhb2FzaXMlM2FuYW1lcyUzYXRjJTNhU0FNTCUzYTIuMCUzYWJpbmRpbmdzJTNhSFRUUC1QT1NUXFJlbGF5U3RhdGU9JTJmcGFnZS5hc3B4JTJmZGUlMmZidXklMmZob21lcGFnZQ==
www.buy4bic.com/ Name: SSOInformation
Value: Module=SamlAuthModule&ReturnUrl=/page.aspx/de/buy/homepage&NbSSOSuccessiveTryToLogin=1

1 Console Messages

Source Level URL
Text
security error URL: https://www.buy4bic.com/page.aspx/fr/usr/login?ReturnUrl=%2fpage.aspx%2fde%2fbuy%2fhomepage
Message:
The source list for Content Security Policy directive 'form-action' contains a source with an invalid path: '/index.php?frm_Login=bpunchoutbic&frm_Pass=612501'. The query component, including the '?', will be ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob: ; connect-src 'self' data: ws://www.buy4bic.com wss://www.buy4bic.com ; default-src 'none' ; font-src 'self' data: ; form-action 'self' * *.mercateo.com/basket/oci http://www.groupe-rg-eshop.com/b2b/init.do https://*.amazon.ca/ https://*.amazon.co.uk/ https://*.amazon.com/ https://*.amazon.de/ https://*.amazon.es/ https://*.amazon.fr/ https://*.amazon.it/ https://euadfs.bicworld.com/adfs/ls/ https://h20226.www2.hp.com/invoke/HPI_cXML_PunchOut:receiveCXML https://project.ivalua.com/page.php/chg/environment_sso https://www.amazon.es/eprocurement/punchout https://www.amazon.fr/eprocurement/punchout https://www.dc-clic.com/punchout/request/0b70b6d8-af70-434b-b732-234c48730fac https://www.groupe-fair-shop.fr/index.php?frm_Login=bpunchoutbic&frm_Pass=612501 https://www.lyreco.com/DC/FH1/OCI/Login/StdLogin.do https://www.markit.eu/cXML.ashx https://www.rexel.fr/frx/punchout/ociLogin/ ; frame-ancestors 'self' ; frame-src 'self' blob: ; img-src 'self' data: https://groupe-mb.scene7.com/is/image/ https://m.media-amazon.com/images/ https://media.rs-online.com https://static.grainger.com/rp/s/is/image/Grainger/ https://www.manutan.fr ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block