cee.engie.cardicloud.com Open in urlscan Pro
4.176.21.166 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cee.engie.cardicloud.com/
Submission: On July 03 via automatic, source certstream-suspicious (July 3rd 2024, 11:05:35 pm UTC) — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 4.176.21.166, located in Paris, France and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is cee.engie.cardicloud.com.
TLS certificate: Issued by R3 on May 3rd 2024. Valid for: 3 months.

This is the only time cee.engie.cardicloud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
10	4.176.21.166 4.176.21.166		8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
10	1

10 4.176.21.166 (Paris, France)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cee.engie.cardicloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cardicloud.com cee.engie.cardicloud.com	4 MB
10	1

	Domain	Requested by
10	cee.engie.cardicloud.com	cee.engie.cardicloud.com
10	1

This site contains no links.

Subject Issuer	Validity	Valid
cee.engie.cardicloud.com R3	`2024-05-03` - `2024-08-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cee.engie.cardicloud.com/
Frame ID: E27AB508B88B378B9CABD330CE39AD97
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Engie EWC

Detected technologies

TinyMCE (Rich Text Editors) Expand

Overall confidence: 100%
Detected patterns

/tiny_?mce(?:\.min)?\.js

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

4555 kB
Transfer

8626 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200 Primary Request / Show response
cee.engie.cardicloud.com/ 1 KB
1 KB 126ms
24ms Document
text/html 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

7b07b6456a9ac1cf3a89b3cdf76d4e9acfc84e2c570c822a7714b6cde8c65ba5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000 max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 659
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Content-Type: text/html
Date: Wed, 03 Jul 2024 23:05:28 GMT
Expires: 0
Keep-Alive: timeout=5, max=100
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Pragma: no-cache
Server: apache
Strict-Transport-Security: max-age=63072000 max-age=31536000 ; includeSubDomains
Vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0

GET
H/1.1 200
OK env.js Show response
cee.engie.cardicloud.com/ 21 B
343 B 23ms
22ms Script
text/javascript 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/env.js

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

20c60afd7c576eafe9f9338735d76245cb808e1e8aa40e5ee30f134658aae001

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:28 GMT
Strict-Transport-Security: max-age=63072000
Last-Modified: Mon, 20 May 2024 07:51:00 GMT
Server: apache
ETag: "15-618ddf6617dfa"-gzip
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 21

GET
H/1.1 200 tinymce.min.js Show response
cee.engie.cardicloud.com/tinymce/js/tinymce/ 426 KB
150 KB 71ms
33ms Script
text/javascript 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/tinymce/js/tinymce/tinymce.min.js

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

4bc152e7290376d795e323c125ea93d851b53ee3e41a0a1466e56a886f29fda6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:28 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: text/javascript
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: 0

GET
H/1.1 200 index-cbe3ad31.js Show response
cee.engie.cardicloud.com/assets/ 3 MB
976 KB 80ms
39ms Script
text/javascript 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/assets/index-cbe3ad31.js

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

4065c6feb940665f0b3198664598c7b73d2a2f9c415994bae308a49f419a5981

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/
Origin: https://cee.engie.cardicloud.com
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:28 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: text/javascript
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: 0

GET
H/1.1 200 index-9a1bf4e1.css
cee.engie.cardicloud.com/assets/ 1 MB
123 KB 56ms
33ms Stylesheet
text/css 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/assets/index-9a1bf4e1.css

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

9a1bf4e1efbffab985137ebd41f9ee01e91d423949fdaca8acd9fcb8fdc88263

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:28 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: text/css
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: 0

GET
H/1.1 200 favicon.ico
cee.engie.cardicloud.com/ 98 KB
99 KB 25ms
24ms Other
image/x-icon 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

3d09d4ccec5258378dd4b162a90cae295f2931a8deddef347c6da90e0c737a98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:29 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Connection: Keep-Alive
Content-Length: 100542
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: image/x-icon
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: 0

GET
H/1.1 200 login-background.png
cee.engie.cardicloud.com/images/ 2 MB
2 MB 24ms
23ms Image
image/png 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cee.engie.cardicloud.com/images/login-background.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

bbd59579b1985fba709468a69e5a88812ee8cbb3228570eabb7ec545361995da

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:29 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Connection: Keep-Alive
Content-Length: 1906330
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: image/png
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: 0

GET
H/1.1 200 favicon.ico
cee.engie.cardicloud.com/ 98 KB
99 KB 36ms
29ms Other
image/x-icon 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

3d09d4ccec5258378dd4b162a90cae295f2931a8deddef347c6da90e0c737a98

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/login
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:29 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Connection: Keep-Alive
Content-Length: 100542
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: image/x-icon
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Expires: 0

GET
H/1.1 200 Lato-Black-4ed66fa3.ttf
cee.engie.cardicloud.com/assets/ 600 KB
601 KB 28ms
27ms Font
font/ttf 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/assets/Lato-Black-4ed66fa3.ttf

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/assets/index-9a1bf4e1.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

4ed66fa3928ae769205635c916b4f9e6a63f6a77f5d9693ac31a83d0d96ae1ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/assets/index-9a1bf4e1.css
Origin: https://cee.engie.cardicloud.com
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:29 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Connection: Keep-Alive
Content-Length: 614544
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: font/ttf
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: 0

GET
H/1.1 200 Lato-Regular-6f6940be.ttf
cee.engie.cardicloud.com/assets/ 642 KB
643 KB 111ms
54ms Font
font/ttf 4.176.21.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://cee.engie.cardicloud.com/assets/Lato-Regular-6f6940be.ttf

Requested by

Host: cee.engie.cardicloud.com
URL: https://cee.engie.cardicloud.com/assets/index-9a1bf4e1.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

4.176.21.166 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

apache /

Resource Hash

6f6940be0835c3ddec9199e5fc42be4cbc61ebcfd58c623fdf719366253f1780

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://cee.engie.cardicloud.com/assets/index-9a1bf4e1.css
Origin: https://cee.engie.cardicloud.com
Accept-Language: fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Jul 2024 23:05:29 GMT
Strict-Transport-Security: max-age=63072000, max-age=31536000 ; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Connection: Keep-Alive
Content-Length: 657212
X-XSS-Protection: 0
Pragma: no-cache
Last-Modified: Fri, 28 Jun 2024 13:50:45 GMT
Server: apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Frame-Options: DENY
Content-Type: font/ttf
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Expires: 0

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' https://engieb2b.okta.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://telemetry.refine.dev; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/
Strict-Transport-Security	max-age=63072000 max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cee.engie.cardicloud.com
4.176.21.166
20c60afd7c576eafe9f9338735d76245cb808e1e8aa40e5ee30f134658aae001
3d09d4ccec5258378dd4b162a90cae295f2931a8deddef347c6da90e0c737a98
4065c6feb940665f0b3198664598c7b73d2a2f9c415994bae308a49f419a5981
4bc152e7290376d795e323c125ea93d851b53ee3e41a0a1466e56a886f29fda6
4ed66fa3928ae769205635c916b4f9e6a63f6a77f5d9693ac31a83d0d96ae1ef
6f6940be0835c3ddec9199e5fc42be4cbc61ebcfd58c623fdf719366253f1780
7b07b6456a9ac1cf3a89b3cdf76d4e9acfc84e2c570c822a7714b6cde8c65ba5
9a1bf4e1efbffab985137ebd41f9ee01e91d423949fdaca8acd9fcb8fdc88263
bbd59579b1985fba709468a69e5a88812ee8cbb3228570eabb7ec545361995da

cee.engie.cardicloud.com Open in urlscan Pro 4.176.21.166 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

4555 kBTransfer

8626 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

cee.engie.cardicloud.com Open in urlscan Pro
4.176.21.166 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

4555 kB
Transfer

8626 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions