urlscan.io logo urlscan.io
SecurityTrails logo

www.edenredvpay.com Open in urlscan Pro
185.8.76.132  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://edenredvpay.com/
Effective URL: https://www.edenredvpay.com/fr/connexion/login
Submission Tags: falconsandbox
Submission: On January 04 via api from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 185.8.76.132, located in France and belongs to SYNTEN-AS, FR. The main domain is www.edenredvpay.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on May 3rd 2022. Valid for: a year.
This is the only time www.edenredvpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 17 185.8.76.132 35344 (SYNTEN-AS)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 94.23.123.204 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
18 4
Apex Domain
Subdomains		 Transfer
18 edenredvpay.com
edenredvpay.com
www.edenredvpay.com
filer.edenredvpay.com
162 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 520
64 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 943
30 KB
18 3
Domain Requested by
16 www.edenredvpay.com 1 redirects www.edenredvpay.com
1 ajax.googleapis.com www.edenredvpay.com
1 filer.edenredvpay.com www.edenredvpay.com
1 code.jquery.com www.edenredvpay.com
1 edenredvpay.com 1 redirects
18 5

This site contains no links.

Subject Issuer Validity Valid
www.edenredvpay.com
GlobalSign RSA OV SSL CA 2018		 2022-05-03 -
2023-06-04		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
filer.edenredvpay.com
R3		 2022-11-06 -
2023-02-04		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-28 -
2023-02-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.edenredvpay.com/fr/connexion/login
Frame ID: 3A97C8380D060B876F7E387693D5C8C1
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Edenred VPay

Page URL History Show full URLs

  1. https://edenredvpay.com/ HTTP 301
    https://www.edenredvpay.com/ HTTP 302
    https://www.edenredvpay.com/fr/connexion/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

254 kB
Transfer

792 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://edenredvpay.com/ HTTP 301
    https://www.edenredvpay.com/ HTTP 302
    https://www.edenredvpay.com/fr/connexion/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
www.edenredvpay.com/fr/connexion/
Redirect Chain
  • https://edenredvpay.com/
  • https://www.edenredvpay.com/
  • https://www.edenredvpay.com/fr/connexion/login
25 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
e8f00ac1bdc1761f44bf7b71473f4b69105d1a1e2a16baec05831ecf257d239c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1000
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
5861
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 Jan 2023 14:27:23 GMT
Expires
Wed, 11 Jan 1984 05:00:00 GMT
Keep-Alive
timeout=15, max=99
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Xss-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1000
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
20
Content-Type
text/html; charset=UTF-8
Date
Wed, 04 Jan 2023 14:27:23 GMT
Expires
Wed, 11 Jan 1984 05:00:00 GMT
Keep-Alive
timeout=15, max=100
Location
/fr/connexion/login
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma
no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Xss-Protection
1; mode=block
anytime-global.css
www.edenredvpay.com/assets/css/ 		90 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/css/anytime-global.css?ts=1672842443
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
7f058ef579aea1f8ff7b337f5dace46193b12fe42bfcc71fb21498a0bec612ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
16014
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=98
Expires
Wed, 04 Jan 2023 16:27:23 GMT
material-design.css
www.edenredvpay.com/assets/css/ 		37 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/css/material-design.css
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
62c67be2e588bdbda63bd205e668c2775b6746a7a7d481875010b8d23b0f5511
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
3604
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=100
Expires
Wed, 04 Jan 2023 16:27:23 GMT
file-upload.css
www.edenredvpay.com/assets/css/ 		722 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/css/file-upload.css
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
e33e90c8b374685eb8ed5aa41683e3b4545ab717d043fa5a2a3a9c8f07a8d7d4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
414
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=100
Expires
Wed, 04 Jan 2023 16:27:23 GMT
dash-light.css
www.edenredvpay.com/assets/css/ 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/css/dash-light.css
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
3827fefc343890a8eb802c358b7651415351f1cdc3cd8857c2653c4be689599c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
2528
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=100
Expires
Wed, 04 Jan 2023 16:27:23 GMT
font-awesome.min.css
www.edenredvpay.com/assets/css/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/css/font-awesome.min.css
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
389a8b7fcf4dd64478edb2823eeab02eab667b6886868c56023b930c2555e357
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
4950
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=100
Expires
Wed, 04 Jan 2023 16:27:23 GMT
noty.css
www.edenredvpay.com/assets/noty/lib/ 		18 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/noty/lib/noty.css
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
a7e3e1289103a8df5fe67d381fec0db46a27576a535c6981e19afb3d9de527fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
2662
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=100
Expires
Wed, 04 Jan 2023 16:27:23 GMT
noty.js
www.edenredvpay.com/assets/noty/lib/ 		78 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/noty/lib/noty.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
36a4f6d0aabe40bca7ea1cf61a52599af7ba5740ebd574e7334abcc17fd92e28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
19387
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=97
Expires
Wed, 04 Jan 2023 16:27:23 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer
Origin
https://www.edenredvpay.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 14:27:20 GMT
content-encoding
gzip
x-sp-metadata
HS256.CNi11p0GEo4BCiRhMjRjODBmZC01Zjk1LTQ2YzQtODYwMy1hOTZmYzI1ZmE3MmYQ+OiCoKvU+wIaBgjImdadBiITMjAwMTo0MWQwOmQ6MzY0ZDo6NyiysQMwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJGFlMGRmMDFlLWM0OTItNDczNS1iY2RlLTZhMmFhNWI3ZWZlMhj26gEiGAgCEhRjZHMyMTgucGExLmh3Y2RuLm5ldA==.MH/aQUvX22MXv3qNdfNHtv3Xv3jle7OQ5Ai2Ts9Q7pE=
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-152b5"
vary
Accept-Encoding
x-hw
1672842440.dop214.pa1.t,1672842440.cds228.pa1.hn,1672842440.cds218.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30070
cust_img_login_logo_14920953131492095312.png
filer.edenredvpay.com/users_files/customs/68/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://filer.edenredvpay.com/users_files/customs/68/cust_img_login_logo_14920953131492095312.png
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.23.123.204 , France, ASN16276 (OVH, FR),
Reverse DNS
filer.anytime.tools
Software
You don't need to know that :) /
Resource Hash
e660b44bc9c180c01476809d1ee7b5e5ec3a144e69984b1ce2826d6ac0e5e608
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:21 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains;
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Server
You don't need to know that :)
Content-Security-Policy
default-src 'self';
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
54758
X-Xss-Protection
1; mode=block
Expires
Wed, 11 Jan 2023 14:27:21 GMT
auto-logout.js
www.edenredvpay.com/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/auto-logout.js?ts=1672842443
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
f1ff94839ae078a95e580f4cbd872821f68f68d17c8e9b8c91c635214624f97a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
567
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=96
Expires
Wed, 04 Jan 2023 16:27:23 GMT
modal.js
www.edenredvpay.com/assets/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/modal.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
91e4eeb8548fa293589b6d001da5d807aaa054a31c23553713dc8641758709fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
1877
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Expires
Wed, 04 Jan 2023 16:27:23 GMT
switchery.min.js
www.edenredvpay.com/assets/js/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/switchery.min.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
07fe3a3658e5426fb3a6535cd5e8d81dfb12ba0130fb01fc0dcd5b9136f13e46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
6277
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Expires
Wed, 04 Jan 2023 16:27:23 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/ 		235 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Wed, 04 Jan 2023 13:53:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2020
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64481
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 04 Jan 2024 13:53:40 GMT
bootstrap-tooltip.js
www.edenredvpay.com/assets/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/bootstrap-tooltip.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
f6b8f964567afb580fc0d3b41058a52774f87ee96726286d15fade708e5c489e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
2288
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Expires
Wed, 04 Jan 2023 16:27:23 GMT
jquery-passy.js
www.edenredvpay.com/assets/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/jquery-passy.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
3b4c9c1431230a651886a366f6f9aad95172df7f12e4279188282847ea151972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
1654
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Expires
Wed, 04 Jan 2023 16:27:23 GMT
jquery.fileupload.js
www.edenredvpay.com/assets/js/fileupload/ 		62 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/js/fileupload/jquery.fileupload.js
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/fr/connexion/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
07ddae60f2d6d708b6251b9e9ade4c8bb7d4e0af905a8e2f95dfea2dd8588c36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.edenredvpay.com/fr/connexion/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
13719
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
private
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=99
Expires
Wed, 04 Jan 2023 16:27:23 GMT
DinLight.otf
www.edenredvpay.com/assets/fonts/ 		27 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.edenredvpay.com/assets/fonts/DinLight.otf
Requested by
Host: www.edenredvpay.com
URL: https://www.edenredvpay.com/assets/css/anytime-global.css?ts=1672842443
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.8.76.132 , France, ASN35344 (SYNTEN-AS, FR),
Reverse DNS
host.185.8.76.132.rev.synten.com
Software
Apache /
Resource Hash
bacde371804ae36d2cae1e899e5cbad73ab4496a717a4a9b223ff776d00c9a2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.edenredvpay.com/assets/css/anytime-global.css?ts=1672842443
Origin
https://www.edenredvpay.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date
Wed, 04 Jan 2023 14:27:23 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000
Connection
Keep-Alive
Content-Length
14651
X-Xss-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Tue, 03 Jan 2023 14:16:10 GMT
Server
Apache
Access-Control-Max-Age
1000
Access-Control-Allow-Methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
Content-Type
font/opentype
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
x-requested-with, origin, accept, client-security-token, Content-Type, api_key, Authorization, X-Signed-Request, X-Validation-Data
X-Frame-Options
sameorigin
Keep-Alive
timeout=15, max=95
Expires
Wed, 11 Jan 2023 14:27:23 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| Noty function| notif_error function| notif_success function| updateCsrfToken function| getCsrfToken function| $ function| jQuery string| autoLogoutTimeoutValue string| autoLogoutTimeoutId string| autoLogoutCountdownId string| autoLogoutCountdownValue function| startAutoLogoutTimeout function| clearAutoLogoutTimeout function| updateAutoLogoutCountdown function| Switchery number| nbsec_max number| nbsec function| updateClock

1 Cookies

Domain/Path Name / Value
.edenredvpay.com/ Name: PHPSESSID
Value: 133027f2b29d401a0a7fb68dbc1b0742

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
code.jquery.com
edenredvpay.com
filer.edenredvpay.com
www.edenredvpay.com
185.8.76.132
2001:4de0:ac18::1:a:1b
2a00:1450:4001:80e::200a
94.23.123.204
07ddae60f2d6d708b6251b9e9ade4c8bb7d4e0af905a8e2f95dfea2dd8588c36
07fe3a3658e5426fb3a6535cd5e8d81dfb12ba0130fb01fc0dcd5b9136f13e46
36a4f6d0aabe40bca7ea1cf61a52599af7ba5740ebd574e7334abcc17fd92e28
3827fefc343890a8eb802c358b7651415351f1cdc3cd8857c2653c4be689599c
389a8b7fcf4dd64478edb2823eeab02eab667b6886868c56023b930c2555e357
3b4c9c1431230a651886a366f6f9aad95172df7f12e4279188282847ea151972
62c67be2e588bdbda63bd205e668c2775b6746a7a7d481875010b8d23b0f5511
7f058ef579aea1f8ff7b337f5dace46193b12fe42bfcc71fb21498a0bec612ad
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
91e4eeb8548fa293589b6d001da5d807aaa054a31c23553713dc8641758709fd
a7e3e1289103a8df5fe67d381fec0db46a27576a535c6981e19afb3d9de527fc
bacde371804ae36d2cae1e899e5cbad73ab4496a717a4a9b223ff776d00c9a2b
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
e33e90c8b374685eb8ed5aa41683e3b4545ab717d043fa5a2a3a9c8f07a8d7d4
e660b44bc9c180c01476809d1ee7b5e5ec3a144e69984b1ce2826d6ac0e5e608
e8f00ac1bdc1761f44bf7b71473f4b69105d1a1e2a16baec05831ecf257d239c
f1ff94839ae078a95e580f4cbd872821f68f68d17c8e9b8c91c635214624f97a
f6b8f964567afb580fc0d3b41058a52774f87ee96726286d15fade708e5c489e