api-leroymerlin.click2buy.com Open in urlscan Pro
91.134.128.131  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set sign_in Show response api-leroymerlin.click2buy.com/users/	4 KB 3 KB	459ms 316ms	Document text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash e75182d2a42e0c2e1e4835a98eb38d646c40886d61d3e5e41e599439f91d59f9 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Host api-leroymerlin.click2buy.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Server nginx Date Fri, 12 Mar 2021 08:21:41 GMT Content-Type text/html; charset=utf-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none Referrer-Policy strict-origin-when-cross-origin ETag W/"e75182d2a42e0c2e1e4835a98eb38d64" Cache-Control max-age=0, private, must-revalidate Set-Cookie _ror_session=2Ehp01gJlbjt1koehdotTXlDMT5D9HsFvnQWIu3UcqeH0YxzYBlzKSETClryZTkezS7QRT608mgwdfkVhPdJLtkC7RmerTZNmXXRkkA8i6lv5ZkjMiVEXTgiap8gXpugU5bIJX0zl2vRz6OWnbYZilaYtjiqk%2F9MrXdEAfNNf%2BGIbueL2XeKBV8jMWJ5kANtvrMYuQMvhCKVZvLJxPDHJLblmCVNCe5N7k%2BJZ6fdbA06IeMVBZcxGqXmllaQ1DbR1ANTXGoqBfKI3fKAFcfTLSjQ9HdW%2FtVS1XaEy9V9MEs6Pu9t7V%2BnciuhgIu9W16I--mLeExKEq%2FW544NJP--CgblAeUGWDD14rZ5NjCG9Q%3D%3D; path=/; HttpOnly X-Request-Id 29f6634b-a3da-49f6-9dfc-a9a6d391769d X-Runtime 0.266145 Access-Control-Allow-Credentials true Access-Control-Allow-Methods GET Content-Encoding gzip
GET H/1.1	200 OK	application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js Show response api-leroymerlin.click2buy.com/assets/	2 MB 513 KB	59ms 58ms	Script application/javascript	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash 9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0 Request headers Referer https://api-leroymerlin.click2buy.com/users/sign_in User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 12 Mar 2021 08:21:41 GMT Content-Encoding gzip Last-Modified Mon, 14 Dec 2020 11:10:42 GMT Server nginx ETag "5fd74832-800ad" Vary Accept-Encoding Content-Type application/javascript Cache-Control max-age=0, private Connection keep-alive Content-Length 524461 Expires Fri, 12 Mar 2021 08:21:41 GMT
GET H2	200	moment.min.js Show response cdn.jsdelivr.net/momentjs/latest/	50 KB 17 KB	20ms 18ms	Script application/javascript	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/momentjs/latest/moment.min.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 2625746 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 17022 etag W/"c909-Mv32cwvjRTjgk3jsbMVSKdmnAVE" x-served-by cache-fra19180-FRA, cache-hhn4029-HHN date Fri, 12 Mar 2021 08:21:41 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	daterangepicker.min.js Show response cdn.jsdelivr.net/npm/daterangepicker/	32 KB 7 KB	19ms 18ms	Script application/javascript	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 15963 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 7409 etag W/"7f60-yn4DlHkED3KaP/biww3JCbN4kvM" x-served-by cache-fra19141-FRA, cache-hhn4029-HHN date Fri, 12 Mar 2021 08:21:41 GMT vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H/1.1	200 OK	application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css api-leroymerlin.click2buy.com/assets/	265 KB 44 KB	139ms 64ms	Stylesheet text/css	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash 19b88d14ce2bf85e029f3c5f23c26b56b1b543125a5bc1d03a8daac88845432c Request headers Referer https://api-leroymerlin.click2buy.com/users/sign_in User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 12 Mar 2021 08:21:41 GMT Content-Encoding gzip Last-Modified Mon, 14 Dec 2020 11:06:16 GMT Server nginx ETag "5fd74728-ace3" Vary Accept-Encoding Content-Type text/css Cache-Control max-age=0, private Connection keep-alive Content-Length 44259 Expires Fri, 12 Mar 2021 08:21:41 GMT
GET H2	200	daterangepicker.css cdn.jsdelivr.net/npm/daterangepicker/	8 KB 2 KB	18ms 18ms	Stylesheet text/css	2a04:4e42:1b::621 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/users/sign_in Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff age 29981 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 1621 etag W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4" x-served-by cache-fra19137-FRA, cache-hhn4029-HHN date Fri, 12 Mar 2021 08:21:41 GMT vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=604800, s-maxage=43200 accept-ranges bytes timing-allow-origin *
GET H2	200	css fonts.googleapis.com/	15 KB 1 KB	14ms 14ms	Stylesheet text/css	2a00:1450:4001:82a::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash c6a2a2256a07c37434aaff7fbafa71ebf8b4d0f4580507e550812c3f89aca00b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://api-leroymerlin.click2buy.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 12 Mar 2021 08:07:05 GMT server ESF date Fri, 12 Mar 2021 08:21:41 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 12 Mar 2021 08:21:41 GMT
GET H/1.1	404 Not Found	glyphicons-halflings-regular.woff2 api-leroymerlin.click2buy.com/assets/	0 0	39ms 38ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.woff2 Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 12 Mar 2021 08:21:41 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html
GET H/1.1	404 Not Found	glyphicons-halflings-regular.woff api-leroymerlin.click2buy.com/assets/	0 0	43ms 43ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.woff Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 12 Mar 2021 08:21:41 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html
GET H/1.1	404 Not Found	glyphicons-halflings-regular.ttf api-leroymerlin.click2buy.com/assets/	0 0	39ms 38ms	Font text/html	91.134.128.131 OVH
General Check archive.org Show headers Download Go to Full URL https://api-leroymerlin.click2buy.com/assets/glyphicons-halflings-regular.ttf Requested by Host: api-leroymerlin.click2buy.com URL: https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 91.134.128.131 , France, ASN16276 (OVH, FR), Reverse DNS compute.gra2.cloud.ovh.net Software nginx / Resource Hash Request headers Origin https://api-leroymerlin.click2buy.com Referer https://api-leroymerlin.click2buy.com/assets/application-148cde828f8aa8909c9550ce0c4bc03ea1aabf49120da1e5c89e71d24ef39fff.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Fri, 12 Mar 2021 08:21:41 GMT Content-Encoding gzip Transfer-Encoding chunked Server nginx Connection keep-alive Vary Accept-Encoding Content-Type text/html

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| getDatagridData function| reload_datagrid object| opts undefined| spinner function| elementFactory function| jBox function| _init function| $ function| jQuery object| jQuery112405808122878050039 function| Spinner object| Highcharts object| HighchartsAdapter object| Chartkick function| Tether object| bootstrapSwitch function| moment function| daterangepicker object| jQuery112402884770100380192

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			api-leroymerlin.click2buy.com/	1969-12-31 23:59:59	Name: _ror_session Value: 2Ehp01gJlbjt1koehdotTXlDMT5D9HsFvnQWIu3UcqeH0YxzYBlzKSETClryZTkezS7QRT608mgwdfkVhPdJLtkC7RmerTZNmXXRkkA8i6lv5ZkjMiVEXTgiap8gXpugU5bIJX0zl2vRz6OWnbYZilaYtjiqk%2F9MrXdEAfNNf%2BGIbueL2XeKBV8jMWJ5kANtvrMYuQMvhCKVZvLJxPDHJLblmCVNCe5N7k%2BJZ6fdbA06IeMVBZcxGqXmllaQ1DbR1ANTXGoqBfKI3fKAFcfTLSjQ9HdW%2FtVS1XaEy9V9MEs6Pu9t7V%2BnciuhgIu9W16I--mLeExKEq%2FW544NJP--CgblAeUGWDD14rZ5NjCG9Q%3D%3D

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This filename doesn't follow the convention, use bootstrap-datepicker.en-CA.js instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: The language code "kh" is deprecated and will be removed in 2.0. For Khmer support use "km" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: The language code "kr" is deprecated and will be removed in 2.0. For korean support use "ko" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This language code "rs-latin" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian latin support use "sr-latin" instead.
console-api	warning	URL: https://api-leroymerlin.click2buy.com/assets/application-9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0.js(Line 60127) Message: DEPRECATED: This language code "rs" is deprecated (invalid serbian language code) and will be removed in 2.0. For Serbian support use "sr" instead.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-leroymerlin.click2buy.com
cdn.jsdelivr.net
fonts.googleapis.com
2a00:1450:4001:82a::200a
2a04:4e42:1b::621
91.134.128.131
19b88d14ce2bf85e029f3c5f23c26b56b1b543125a5bc1d03a8daac88845432c
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de
9f6e88ac50465cf8925ea6a8a249d884fa3119fc1ee5d5dd6fc7fb44fe332cb0
c6a2a2256a07c37434aaff7fbafa71ebf8b4d0f4580507e550812c3f89aca00b
d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238
e75182d2a42e0c2e1e4835a98eb38d646c40886d61d3e5e41e599439f91d59f9