urlscan.io logo urlscan.io
SecurityTrails logo

payment-web.mercanet.bnpparibas.net Open in urlscan Pro
160.92.97.145  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ptwk.co/Q1tMQ 
Effective URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Submission: On June 26 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 29 HTTP transactions. The main IP is 160.92.97.145, located in and belongs to . The main domain is payment-web.mercanet.bnpparibas.net.
TLS certificate: Issued by Entrust Certification Authority - L1M on August 30th 2022. Valid for: a year.
This is the only time payment-web.mercanet.bnpparibas.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 82.165.103.246 8560 (IONOS-AS ...)
6 91.134.221.246 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 160.92.97.138 ()
1 20 160.92.97.145 ()
29 6
1    82.165.103.246 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
ptwk.co
6    91.134.221.246 (France)

ASN16276 (OVH, FR)
PTR: ip246.ip-91-134-221.eu
secure.paytweak.com
www.paytweak.com
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    160.92.97.138 (None, )

ASN- ()
payment-webinit.mercanet.bnpparibas.net
20    160.92.97.145 (None, )

ASN- ()
payment-web.mercanet.bnpparibas.net
Apex Domain
Subdomains		 Transfer
21 bnpparibas.net
payment-webinit.mercanet.bnpparibas.net
payment-web.mercanet.bnpparibas.net
301 KB
6 paytweak.com
secure.paytweak.com
www.paytweak.com
156 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 80
ajax.googleapis.com — Cisco Umbrella Rank: 422
31 KB
1 gstatic.com
fonts.gstatic.com
31 KB
1 ptwk.co
ptwk.co
1 KB
29 5
Domain Requested by
20 payment-web.mercanet.bnpparibas.net 1 redirects payment-web.mercanet.bnpparibas.net
5 www.paytweak.com secure.paytweak.com
1 payment-webinit.mercanet.bnpparibas.net
1 fonts.gstatic.com fonts.googleapis.com
1 ajax.googleapis.com secure.paytweak.com
1 fonts.googleapis.com secure.paytweak.com
1 secure.paytweak.com
1 ptwk.co 1 redirects
29 8

This site contains no links.

Subject Issuer Validity Valid
*.paytweak.com
Sectigo RSA Organization Validation Secure Server CA		 2023-06-09 -
2024-07-09		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-29 -
2023-08-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-29 -
2023-08-21		 3 months crt.sh
payment-web.mercanet.bnpparibas.net
Entrust Certification Authority - L1M		 2022-08-30 -
2023-08-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Frame ID: 80B1112746C9E6A824489E72957C4603
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ptwk.co/Q1tMQ  HTTP 302
    https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%... Page URL
  2. https://payment-webinit.mercanet.bnpparibas.net/paymentInit Page URL
  3. https://payment-web.mercanet.bnpparibas.net/payment HTTP 302
    https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgk... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

29
Requests

100 %
HTTPS

43 %
IPv6

5
Domains

8
Subdomains

6
IPs

2
Countries

518 kB
Transfer

952 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ptwk.co/Q1tMQ  HTTP 302
    https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name= Page URL
  2. https://payment-webinit.mercanet.bnpparibas.net/paymentInit Page URL
  3. https://payment-web.mercanet.bnpparibas.net/payment HTTP 302
    https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://ptwk.co/Q1tMQ  HTTP 302
  • https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
q.php
secure.paytweak.com/
Redirect Chain
  • https://ptwk.co/Q1tMQ 
  • https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%0...
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
27acc86da90f2185c90643751f335475143fab0c7b484d5cea7530ce1f038907
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

content-encoding
gzip
content-length
1751
content-type
text/html; charset=utf-8
date
Mon, 26 Jun 2023 08:01:02 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-frame-options
sameorigin
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adyen.com www.google.com www.gstatic.com *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fontawesome.com *.datatables.net data:;connect-src 'self' *.adyen.com *.fontawesome.com;frame-src 'self' *.adyen.com www.google.com recaptcha.google.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com; img-src 'self' *.paytweak.com *.adyen.com paytweak.io www.paytweak.io data: 'unsafe-inline' www.google.com www.gstatic.com data:; style-src 'self' *.adyen.com fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com 'unsafe-inline';
content-type
text/html; charset=UTF-8
date
Mon, 26 Jun 2023 08:01:02 GMT
location
https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
sameorigin
x-powered-by
PleskLin
x-xss-protection
1;mode=block
css
fonts.googleapis.com/ 		3 KB
989 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,700
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6ed09379db599eeeb498b4a890b797a5d5ca7346d77251edafc219e6d361ad18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 26 Jun 2023 08:01:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 26 Jun 2023 07:13:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Jun 2023 08:01:03 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 25 Jun 2023 05:20:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
96004
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 24 Jun 2024 05:20:58 GMT
loader_1.png
www.paytweak.com/img/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paytweak.com/img/loader_1.png
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
5697adac7697ced594bcfceafa161f5792d4ea3d8c717f835971b32461c68996
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 08:01:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 31 Oct 2018 14:04:08 GMT
server
Apache
etag
"debc-57986c699db58"
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
57020
x-xss-protection
1; mode=block
loader_2.gif
www.paytweak.com/img/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paytweak.com/img/loader_2.gif
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
70f676760b815d594b5c486a302fd29e6ddf30298b24efe775fb8a80d0cd7b6b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 08:01:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 31 Oct 2018 14:04:11 GMT
server
Apache
etag
"1237f-57986c6c8bb58"
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
content-type
image/gif
accept-ranges
bytes
content-length
74623
x-xss-protection
1; mode=block
loader_3a.png
www.paytweak.com/img/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paytweak.com/img/loader_3a.png
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
07969a3bca118e86b7ef06878cb21a6798eb5bf5646f06f11477d234fc69b4ec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 08:01:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 31 Oct 2018 14:04:10 GMT
server
Apache
etag
"1c94-57986c6c57f38"
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
7316
x-xss-protection
1; mode=block
loader_3b.png
www.paytweak.com/img/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paytweak.com/img/loader_3b.png
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
3de2966e60635e41aae621651bd78b90517eb11706d20169467f7085c795945a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 08:01:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 31 Oct 2018 14:04:10 GMT
server
Apache
etag
"1fef-57986c6ba82b8"
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
8175
x-xss-protection
1; mode=block
loader_3c.png
www.paytweak.com/img/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paytweak.com/img/loader_3c.png
Requested by
Host: secure.paytweak.com
URL: https://secure.paytweak.com/q.php?linkID=Q1tMQ&rmt=37.59.164.108&core=&P14Seal=x%9C%CB%F58%E3U%08%00%06%AF%02%3D&Q=x%9C%01%00%01%FF%FE%09%B5%C5oa%06M%E5%C7%5B%9B0%81%11%D33X%18KUd%B0p%C3%AF%409yg%05%EF%2C%13%A6%D34%7B%BB%80%E9%5C%0A%B8%FDN%BED%25%C7%A5%ADZ%EE%B2%DB%3E%F1%3E%25%E1g%16%A4%FE1%CF%CD%DBz%B6hP%A2%ECAi%22%DC%867d9%A4I%F3%09r%BD%E8%A5%98%EE%28%7Dx%05%1DS%F73%AE4%D8%B1%C2a%DB%EA%DF5%E7%FF%ED%17tM6Y%E5%2AK%B7I6%BA%184%5B%07n%EB%04%91%40%8A%B3%D5_%26%1D-%E9%CBf%AET%F7%B2E%A7%269%40%94%F4m%C6%A1%90%C0%7F%EE%C6%40%8A8Wo0%5C%9E%B8%5C%91%3F%8DM%C4%B9%A8%5C%E7Iy%140%B8%B8G%5E%C8%17%AF%8F%12%08%C3+%AA%29d%0E%B3%1A%60%A3%89%CB%22%E9%EE%29%E4%D4%C02-%AC%13%E9U%E80%97%03%D8%B9Y%9B%05%3CkQR%0CS%ABQ%11Z%B1-%FF7%0B%16%23%E8%F4%1B-Y%F7m%8A%C1%F2%7D%7BY&name=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.134.221.246 , France, ASN16276 (OVH, FR),
Reverse DNS
ip246.ip-91-134-221.eu
Software
Apache /
Resource Hash
b6a955b8ccaa5b3a59da38e5b6da1c06e4b66d7684efb4c9b56a762cc10180de
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://secure.paytweak.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Mon, 26 Jun 2023 08:01:03 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 31 Oct 2018 14:04:11 GMT
server
Apache
etag
"2163-57986c6c7c158"
x-dns-prefetch-control
on
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
content-length
8547
x-xss-protection
1; mode=block
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://secure.paytweak.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 24 Jun 2023 14:34:09 GMT
x-content-type-options
nosniff
age
149214
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 23 Jun 2024 14:34:09 GMT
paymentInit
payment-webinit.mercanet.bnpparibas.net/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payment-webinit.mercanet.bnpparibas.net/paymentInit
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.138 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://secure.paytweak.com
Referer
https://secure.paytweak.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
6822
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; object-src 'none'
Content-Type
text/html;charset=UTF-8
Date
Mon, 26 Jun 2023 08:01:08 GMT
Keep-Alive
timeout=15, max=100
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Primary Request ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/
Redirect Chain
  • https://payment-web.mercanet.bnpparibas.net/payment
  • https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
13 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
15feea9006f096e645419105db82e284506f1e360c35d5a23784151e9fe73f9e
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://payment-webinit.mercanet.bnpparibas.net
Referer
https://payment-webinit.mercanet.bnpparibas.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Type
text/html;charset=UTF-8
Date
Mon, 26 Jun 2023 08:01:09 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=15, max=99
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Date
Mon, 26 Jun 2023 08:01:09 GMT
Keep-Alive
timeout=15, max=100
Location
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
default.css
payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/ 		67 KB
67 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b684be633cb0e1cf4461691f86134e76f04816bf31be5150b6dc6b82ad39750
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:24 GMT
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
68332
X-XSS-Protection
1; mode=block
font-awesome.css
payment-web.mercanet.bnpparibas.net/assets/meta/zee34e021/tapestry5/font_awesome/css/ 		37 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/zee34e021/tapestry5/font_awesome/css/font-awesome.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
49f98506be0a6d9b2c7ca1a5ffb2f3b4fbde24146da8e6340d09a7c60eea1307
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
7515
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
bootstrap.css
payment-web.mercanet.bnpparibas.net/assets/meta/36e405aa/css/ 		19 B
544 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/36e405aa/css/bootstrap.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e32ba8c86ec4fbbb43e7f9aa480d4b68d332659f613c10e807adc6a999a8761
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
19
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
tapestry.css
payment-web.mercanet.bnpparibas.net/assets/meta/za5639df9/tapestry5/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/za5639df9/tapestry5/tapestry.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
95f77fab57ca23348535b880ce91aef1d0ec140c68eee444afca62f238f51067
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
812
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
exception-frame.css
payment-web.mercanet.bnpparibas.net/assets/meta/ze8a5779c/tapestry5/ 		515 B
806 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/ze8a5779c/tapestry5/exception-frame.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
6660afc15ed26d65a5cfb984c53da4d6034347b509d16f6ad396d9f469197199
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
256
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
tapestry-console.css
payment-web.mercanet.bnpparibas.net/assets/meta/zceffa0e4/tapestry5/ 		735 B
881 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/zceffa0e4/tapestry5/tapestry-console.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
7e75be123c7e57e6a0a6ae4f6948040c4317212ecf855389136a9078a3be0d85
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=100
Content-Length
331
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
tree.css
payment-web.mercanet.bnpparibas.net/assets/meta/z7cd0b108/tapestry5/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/z7cd0b108/tapestry5/tree.css
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
4da08776b681bfd2d2207c9f4f23f465230f4d8dcff0dea7d6d60892381af1df
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/css;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=97
Content-Length
863
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
logo_AMEX.png
payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/logo_AMEX.png
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef05db580775469f7c662b50bef1037fb981d324fd398b2cd530e4e8782c63b8
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
1355
X-XSS-Protection
1; mode=block
logo_VISA.png
payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/logo_VISA.png
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
518e2cc6e9696eff4543852f0eb348e9db1ea98852266ed8948ad5d41211f31b
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
10457
X-XSS-Protection
1; mode=block
logo_MASTERCARD.png
payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/logo_MASTERCARD.png
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
171eb72e167032b7f039572259f558b687517e6ecbc168be9daf2a854ab46602
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
1335
X-XSS-Protection
1; mode=block
logo_CB.png
payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/common/images/acceptanceLogos/medium/logo_CB.png
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
67b365582cc09a8c29a2bf8db839532a3ef3d176e907d6949b8619d717d468b3
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=96
Content-Length
1952
X-XSS-Protection
1; mode=block
core.js
payment-web.mercanet.bnpparibas.net/assets/stack/zd455a3b/fr/ 		477 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/stack/zd455a3b/fr/core.js
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/javascript;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=99
Content-Length
135474
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
pageloader-mask.gif
payment-web.mercanet.bnpparibas.net/assets/meta/313de0c7/tapestry5/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/meta/313de0c7/tapestry5/pageloader-mask.gif
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/assets/meta/za5639df9/tapestry5/tapestry.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/assets/meta/za5639df9/tapestry5/tapestry.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
image/gif
Connection
Keep-Alive
Keep-Alive
timeout=15, max=98
Content-Length
13270
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
logo.png
payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/images/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/images/logo.png
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=95
Content-Length
10520
X-XSS-Protection
1; mode=block
logo-grey.svg
payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/images/ 		14 B
14 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/images/logo-grey.svg
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Type
text/html; charset=iso-8859-1
Connection
Keep-Alive
Keep-Alive
timeout=15, max=98
Content-Length
14
X-XSS-Protection
1; mode=block
stag-book-webfont.woff
payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/stag-book-webfont.woff
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/css/default.css
Origin
https://payment-web.mercanet.bnpparibas.net
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Last-Modified
Mon, 20 Mar 2023 14:50:04 GMT
Content-Type
application/font-woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
30528
X-XSS-Protection
1; mode=block
modal.js
payment-web.mercanet.bnpparibas.net/assets/ctx/z4fa67866/static/common/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/ctx/z4fa67866/static/common/js/modal.js
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/assets/stack/zd455a3b/fr/core.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/javascript;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=98
Content-Length
777
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT
jquery-kawwa-modal.js
payment-web.mercanet.bnpparibas.net/assets/ctx/z3b7652e/static/common/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payment-web.mercanet.bnpparibas.net/assets/ctx/z3b7652e/static/common/js/jquery-kawwa-modal.js
Requested by
Host: payment-web.mercanet.bnpparibas.net
URL: https://payment-web.mercanet.bnpparibas.net/assets/stack/zd455a3b/fr/core.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.97.145 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://payment-web.mercanet.bnpparibas.net/fr/payment/selectpaymentmethod/ppc0;paypage_sessionid=SGBjXDCkMv9x--sAbYwtgkuXhOd3wEZS8YzyUuTM.35v
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Date
Mon, 26 Jun 2023 08:01:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https://*.gstatic.com 'self' data:; object-src 'none'
Content-Encoding
gzip
Last-Modified
Thu, 22 Jun 2023 00:59:18 GMT
Content-Type
text/javascript;charset=utf-8
Connection
Keep-Alive
Keep-Alive
timeout=15, max=97
Content-Length
737
X-XSS-Protection
1; mode=block
Expires
Sun, 19 Jun 2033 00:59:18 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

2 Cookies

Domain/Path Name / Value
payment-webinit.mercanet.bnpparibas.net/ Name: JSESSIONID
Value: lct1CkGOCunu5723sC2YsSpPjzhCiDYlwVWHOMRi.34v
payment-webinit.mercanet.bnpparibas.net/ Name: TS01af447f
Value: 018154f51bc757dbd9925bbfc7e64709a183a7b5f2263d26a1a22404dca7e7fe8303133a5ade873b834d26a078ec39d35a6479c6e2

1 Console Messages

Source Level URL
Text
network error URL: https://payment-web.mercanet.bnpparibas.net/static/offers/23.3/BNP/default/images/logo-grey.svg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
payment-web.mercanet.bnpparibas.net
payment-webinit.mercanet.bnpparibas.net
ptwk.co
secure.paytweak.com
www.paytweak.com
160.92.97.138
160.92.97.145
2a00:1450:4001:802::200a
2a00:1450:4001:812::2003
2a00:1450:4001:82a::200a
82.165.103.246
91.134.221.246
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
07969a3bca118e86b7ef06878cb21a6798eb5bf5646f06f11477d234fc69b4ec
0b684be633cb0e1cf4461691f86134e76f04816bf31be5150b6dc6b82ad39750
15feea9006f096e645419105db82e284506f1e360c35d5a23784151e9fe73f9e
171eb72e167032b7f039572259f558b687517e6ecbc168be9daf2a854ab46602
27acc86da90f2185c90643751f335475143fab0c7b484d5cea7530ce1f038907
3de2966e60635e41aae621651bd78b90517eb11706d20169467f7085c795945a
49f98506be0a6d9b2c7ca1a5ffb2f3b4fbde24146da8e6340d09a7c60eea1307
4da08776b681bfd2d2207c9f4f23f465230f4d8dcff0dea7d6d60892381af1df
518e2cc6e9696eff4543852f0eb348e9db1ea98852266ed8948ad5d41211f31b
5697adac7697ced594bcfceafa161f5792d4ea3d8c717f835971b32461c68996
6660afc15ed26d65a5cfb984c53da4d6034347b509d16f6ad396d9f469197199
67b365582cc09a8c29a2bf8db839532a3ef3d176e907d6949b8619d717d468b3
6ed09379db599eeeb498b4a890b797a5d5ca7346d77251edafc219e6d361ad18
70f676760b815d594b5c486a302fd29e6ddf30298b24efe775fb8a80d0cd7b6b
7e75be123c7e57e6a0a6ae4f6948040c4317212ecf855389136a9078a3be0d85
8e32ba8c86ec4fbbb43e7f9aa480d4b68d332659f613c10e807adc6a999a8761
95f77fab57ca23348535b880ce91aef1d0ec140c68eee444afca62f238f51067
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
b6a955b8ccaa5b3a59da38e5b6da1c06e4b66d7684efb4c9b56a762cc10180de
ef05db580775469f7c662b50bef1037fb981d324fd398b2cd530e4e8782c63b8