boletos.appmax.com.br Open in urlscan Pro
2606:4700:10::ac43:2a55 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bitinyurl.com/?xbymalvjpdk8
Effective URL:
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
Submission: On November 04 via api (November 4th 2024, 11:00:23 pm UTC) from US — Scanned from DE

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 2606:4700:10::ac43:2a55, located in United States and belongs to CLOUDFLARENET, US. The main domain is boletos.appmax.com.br.
TLS certificate: Issued by E6 on October 29th 2024. Valid for: 3 months.

This is the only time boletos.appmax.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	154.12.255.250 154.12.255.250	40021 (NL-811-40021) (NL-811-40021)
11	2606:4700:10:... 2606:4700:10::ac43:2a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.18.95.41 104.18.95.41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	3

1 154.12.255.250 (New York, United States) 1 redirects

ASN40021 (NL-811-40021, US)
PTR: vmi1018697.contaboserver.net

bitinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:10::ac43:2a55 (United States)

ASN13335 (CLOUDFLARENET, US)

boletos.appmax.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.95.41 (None, )

ASN13335 (CLOUDFLARENET, US)

challenges.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	appmax.com.br boletos.appmax.com.br	126 KB
4	cloudflare.com challenges.cloudflare.com — Cisco Umbrella Rank: 3443	16 KB
1	bitinyurl.com 1 redirects bitinyurl.com	454 B
20	3

	Domain	Requested by
11	boletos.appmax.com.br	boletos.appmax.com.br
4	challenges.cloudflare.com	boletos.appmax.com.br challenges.cloudflare.com
1	bitinyurl.com	1 redirects
20	3

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
appmax.com.br E6	`2024-10-29` - `2025-01-27`	3 months	crt.sh
challenges.cloudflare.com WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
Frame ID: EC44D69751EEEF3623CE7A926F332338
Requests: 14 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/118la/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Frame ID: 88DFC15800B580BFC5A07CD39C7FFDFD
Requests: 1 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0vzv/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Frame ID: 8F935A3D6D072AF835182910F7C79511
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Nur einen Moment…

Page URL History Show full URLs

http://bitinyurl.com/?xbymalvjpdk8 HTTP 307
https://bitinyurl.com/?xbymalvjpdk8 HTTP 302
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Page URL
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Page URL

Page Statistics

20
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

142 kB
Transfer

362 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/?utm_source=challenge&utm_campaign=j
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bitinyurl.com/?xbymalvjpdk8 HTTP 307
https://bitinyurl.com/?xbymalvjpdk8 HTTP 302
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Page URL
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://bitinyurl.com/?xbymalvjpdk8 HTTP 307
https://bitinyurl.com/?xbymalvjpdk8 HTTP 302
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

403

6727b6073f5bd70eec7fc4d7 Show response
boletos.appmax.com.br/boleto/
Redirect Chain

http://bitinyurl.com/?xbymalvjpdk8
https://bitinyurl.com/?xbymalvjpdk8
https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

10 KB
8 KB

373ms
49ms

Document
text/html

2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60c1c1dbac700a2e34240787d085f44f4716872b1c6b1088d142368607a4deda

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out: ZWGG1w8J1PLr5z72JEklJfUOuRimws2DZH80gtyZiGQo8j2hXnhu2hsQuTWuyu6uxp16xezNjWOJAZUl7yttDbjGQjQXbNLKY76I4wpAWTDLfoxgwPQIdPR/5dAsakdvM+RFiABUsXV+mdd3LVUsyQ==$92SnBIUWel4V0Y2c1V3FiQ==
cf-mitigated: challenge
cf-ray: 8dd8382ffc612c41-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 04 Nov 2024 23:00:18 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-content-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

cache-control: Private
content-length: 182
content-type: text/html
date: Mon, 04 Nov 2024 23:00:18 GMT
expires: Mon, 04 Nov 2024 23:00:18 GMT
location: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
pragma: no-cache
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H2 200 v1 Show response
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 107 KB
41 KB 48ms
48ms Script
application/javascript 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd8382ffc612c41
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffa1849c3978fa16eb95c346a350a1e0207c5e7ee651f76a27be63f30ffc61af

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7?__cf_chl_rt_tk=nV827uCvyIP9GPztGTa81V3iC7U3UZLD8PXDdiI8WHQ-1730761218-1.0.1.1-axitW9HW_pQnqao4SryGtbQW6zSxHxpgTS0IbYMTRls

Response headers

cf-ray: 8dd83830bcc22c41-FRA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: br
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare

GET ea35c652-5c64-483a-bdb0-03d4dca50bfe
https://boletos.appmax.com.br/ Frame 0
0

GET
H3 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/ 47 KB
16 KB 87ms
51ms Script
application/javascript 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js?onload=clJo2&render=explicit
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd8382ffc612c41
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7595c3d2e94df7416308fa2ccf5ae8832137c76d2e9a8b02e6ed2cb2d92e2f7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://boletos.appmax.com.br
Referer

Response headers

cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding: br
cross-origin-resource-policy: cross-origin
cf-ray: 8dd838316e9d4528-TXL
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 19:08:47 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 403 favicon.ico
boletos.appmax.com.br/ 5 KB
5 KB 47ms
47ms Image
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://boletos.appmax.com.br/favicon.ico

Requested by

Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cf72a621d84c333a5dbf6aae6b0925aabbad779e6b31d2265158f9bc229c745

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Response headers

content-encoding: br
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-content-options: nosniff
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: h4fEX/KBBaa5TAQorqSuZL8cxiDpscA2fTOYDc82RMmhur65i84nTokt6YjzMP8ML3jOvKxldnLe6TWCJTd5uS/nq4g9F5kmtvUc7NHPgWPA1EgxNRps2EnzemmbPlKlVb79LdKeJB3ntSS1AWBFPA==$9sRLhmBwf/wDrrF76RPU2w==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
cf-ray: 8dd838314d0c2c41-FRA
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster: ?1
server: cloudflare

POST
H2 200 RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd Show response
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/671096965:1730759131:aOYX9--AtuDWCiQRdA4wXb40rX6O0wQAiN2Oi8_5J90/8dd8382ffc612c41/ 13 KB
9 KB 56ms
55ms XHR
text/plain 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/671096965:1730759131:aOYX9--AtuDWCiQRdA4wXb40rX6O0wQAiN2Oi8_5J90/8dd8382ffc612c41/RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd8382ffc612c41
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd751be3bb06ba85f8ae07880f100d534bff5bae0aac8e1a117800ff93e2ac14

Request headers

Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
CF-Challenge: RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd

Response headers

cf-ray: 8dd83831fd7c2c41-FRA
content-encoding: br
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: qHhhuJNmBsMfFlkfAqk6HBlZO3dMM+V7ESgqvGutvk5uvUapPICC1luwMnBQFM7RO3tDCQLnnS0=$8KCjL8WbW2910PpF
server: cloudflare

GET
H2 403 favicon.ico
boletos.appmax.com.br/ 8 KB
5 KB 45ms
45ms Other
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://boletos.appmax.com.br/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ab57a4ec8f2a49d43a3ab39458b1a031c8ce9bc2ce480c9aa1fd3201ceafa8a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Response headers

content-encoding: br
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-content-options: nosniff
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xG4tNqgGr84wTt/Jm4y7rk4FvUen0bLfoWb4YoQHz7m+M3xzWO1l8NSpkKsVlDHBF325zz/0jwtWIdG7YaJhfJrybKw6G6Ea30Zjt499EptMK0MhU4SGEbHk1cCMSZCSgTB9F3lgv7KlLl9iDeZL0Q==$FR3teNz1QaSrl2mCQshP8g==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
cf-ray: 8dd838320d802c41-FRA
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster: ?1
server: cloudflare

GET 9b4fca17-f06d-40e0-947a-f37838cf8543
https://boletos.appmax.com.br/ Frame 0
0

GET
H3 200 /
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/118la/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ Frame 88DF 0
0 67ms
36ms Document
text/html 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/118la/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js?onload=clJo2&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8dd838329dd64504-TXL
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 04 Nov 2024 23:00:18 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

POST
H2 200 RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd Show response
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/671096965:1730759131:aOYX9--AtuDWCiQRdA4wXb40rX6O0wQAiN2Oi8_5J90/8dd8382ffc612c41/ 2 KB
2 KB 58ms
56ms XHR
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/671096965:1730759131:aOYX9--AtuDWCiQRdA4wXb40rX6O0wQAiN2Oi8_5J90/8dd8382ffc612c41/RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd8382ffc612c41
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e2ba89ab6b3b9b28061a97044eec055dc69edddf1336fedfaaa65c6ad393ce0

Request headers

Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
CF-Challenge: RC4L309siHPh_uQfcWRYJrMCfhRZiLr2oojpgVrVe10-1730761218-1.2.1.1-2xK.csRUHs0tzsyPwvvxOFoEnq2vMtJAo9mF0otizpyvqJK5n_Y8HWHhpJpQFAvd

Response headers

cf-chl-out: pT5ouTilcvN9GeBNrjDUkC0pxO2quBKZOb6dq/ml6naa+CFtRHX/K930AyVnwbypzolr5IdHR554+AjHhIprUke/1WOnpMxZZzlisSbAUnyFIjTq1USs6Yk=$JrUCpGsPTu1JU/aH
cf-ray: 8dd8383848bf2c41-FRA
content-encoding: br
cf-chl-out-s: 7I/vEIVv3RNJCRqUE/n0UTw5n+BGnMomnrCDVlnYIcayEDiN4QVpBBE2kUL6Tq9ycFGzB21ZZMBU2XuPBJBNC1b35RBowg7IHyT4c324eCs5uKG/uxLJNgz//StQQGC5Jau3u8+0BoxEZ4H+v6UEC+o/ZnmUsz7GjBeZxBa+Ta2lXlXA8jsWv8LS10UzqB7vgAPiwbOgnuX6/hN7LzpOB8KAJE1r280CUWX2lctFDrXh0jmg5lVi6yk+a2li+vlG6KxgOwKxaUcY895aD1fkCuZKumtZC+aNdkKMWWSuVZMGKhbrOzvrw4mp6egaFKh6gWHPXaO4nAcEwUrKNr5uROuNtuZJoHT1wGhu0cH86OB88zjVyu4wd8Ehhx8XQlopHwI+Z0Exv7O1ya8TPM8LcyTL3VDJfQvEZOwOBkkg7pbcGt0MRhkhyITRfGQ8$UAayaww2Eqnd3zKI
date: Mon, 04 Nov 2024 23:00:19 GMT
content-type: text/html; charset=UTF-8
server: cloudflare

GET
H2 403 Primary Request 6727b6073f5bd70eec7fc4d7 Show response
boletos.appmax.com.br/boleto/ 8 KB
5 KB 55ms
55ms Document
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Requested by

Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e20024ff7c5bec78d8ccd27f8673c79d62f9bb63b07ad3532635609eb5d2f45b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out: i7IwxsZfdl6XSRHwvYV14FWx7xSCV4zZyaAt7uEmWpWFGWsoSsjYmc+uNuwGcUKaOyJov8yiduXQgeTASe59lMVZIgb32GiOrMidYk4BVZxTXJRN5SFcqwoHLQapjG7LiB3iNUyE6T/656gnpMRdfQ==$1Qz9lzyIajL9RnjYB/fP3w==
cf-mitigated: challenge
cf-ray: 8dd83845884c2c41-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
date: Mon, 04 Nov 2024 23:00:22 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-content-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 v1 Show response
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 94 KB
35 KB 58ms
58ms Script
application/javascript 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd83845884c2c41
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70f32a7098e258eacfc3bcdf287515bf1f226c17d0ab96c04fec45a1efbbbdb7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7?__cf_chl_rt_tk=phCZLir4IPh0gjeDVskaYHaCHWvY6Hvfm3XSuoNaIUg-1730761222-1.0.1.1-f_SdoDEwbQEx7F84LsaKE8TyJR.n4rx4hRNsJhYlZJE

Response headers

cf-ray: 8dd83845f8832c41-FRA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: br
date: Mon, 04 Nov 2024 23:00:22 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare

GET 6b151385-5567-4843-ab36-9655ec467d02
https://boletos.appmax.com.br/ Frame 0
0

GET
H3 200 api.js Show response
challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/ 47 KB
0 0ms
0ms Script
application/javascript 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js?onload=clJo2&render=explicit
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd83845884c2c41
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7595c3d2e94df7416308fa2ccf5ae8832137c76d2e9a8b02e6ed2cb2d92e2f7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://boletos.appmax.com.br
Referer

Response headers

cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding: br
cross-origin-resource-policy: cross-origin
cf-ray: 8dd838316e9d4528-TXL
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
date: Mon, 04 Nov 2024 23:00:18 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 19:08:47 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 403 favicon.ico
boletos.appmax.com.br/ 3 KB
3 KB 46ms
45ms Image
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://boletos.appmax.com.br/favicon.ico

Requested by

Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ace9198dc02f57f893eedc2b0563760e1c24da1c73ae465e548f5217fc133a5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Response headers

content-encoding: br
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-content-options: nosniff
date: Mon, 04 Nov 2024 23:00:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: IyC6KPAJCuQshharjju8mgW9U2BZ14GoEXYdNLmAkh5QE+ZvnKUzyU2O9PbAvawYDUOcxCng/oIG14DZUrHEht/OpMwuF01gvcft1Tn+8dnxRQb1Rq5nlbljGsSpi3VvoylxeqRbAoAsJbWfoDmbyg==$CNOCk/ZWbWnt/ADYLf8xkg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
cf-ray: 8dd83846a8cf2c41-FRA
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster: ?1
server: cloudflare

GET
H2 403 favicon.ico
boletos.appmax.com.br/ 8 KB
5 KB 49ms
48ms Other
text/html 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://boletos.appmax.com.br/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11a8ef7ead241adcaa4ccd4af79626754b3b653553c5d71ee472772394404714

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7

Response headers

content-encoding: br
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-content-options: nosniff
date: Mon, 04 Nov 2024 23:00:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: LCfNQslfrLKIgHEBMmZYgyfimqk3fhq8UKArjKo5pM2nLP23v/qfCo1wSJ6vhEzOOK94wCYfwwG6GpsCFXuNkTXYJ2ZQxa9awxQJjL5GMy7S1b9+lTwtWqdtVVVn645AlnIMrYj0ckjIKshrJTey7Q==$aHuTOtSml41NZeGUX7iuEg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: same-origin
referrer-policy: same-origin
cf-ray: 8dd83846f9232c41-FRA
cross-origin-embedder-policy: require-corp
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster: ?1
server: cloudflare

POST AgboUcLU2V5jugqlbDwTPHAiVg4HZ8BnrDljM2W5LkY-1730761222-1.2.1.1-T8RNBitoXe0nXcMi3lyGSYD5Vf4GxIe5qSVZfk_LDEg5XXXU7G16sPpDR.uHwgdU
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/1911264430:1730759122:3lmmSkOyAqGCG3I-jipAQFHmW_ULRisMQxH74yoy1R0/8dd83845884c2c41/ 0
0

POST
H2 200 AgboUcLU2V5jugqlbDwTPHAiVg4HZ8BnrDljM2W5LkY-1730761222-1.2.1.1-T8RNBitoXe0nXcMi3lyGSYD5Vf4GxIe5qSVZfk_LDEg5XXXU7G16sPpDR.uHwgdU Show response
boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/1911264430:1730759122:3lmmSkOyAqGCG3I-jipAQFHmW_ULRisMQxH74yoy1R0/8dd83845884c2c41/ 13 KB
9 KB 61ms
59ms XHR
text/plain 2606:4700:10::ac43:2a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/1911264430:1730759122:3lmmSkOyAqGCG3I-jipAQFHmW_ULRisMQxH74yoy1R0/8dd83845884c2c41/AgboUcLU2V5jugqlbDwTPHAiVg4HZ8BnrDljM2W5LkY-1730761222-1.2.1.1-T8RNBitoXe0nXcMi3lyGSYD5Vf4GxIe5qSVZfk_LDEg5XXXU7G16sPpDR.uHwgdU
Requested by: Host: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8dd83845884c2c41
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: efbaf46f1ac95b03e02254d2e68d08c7da70fbaaeb57dd0cce097ae4b75e1e35

Request headers

Referer: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
CF-Challenge: AgboUcLU2V5jugqlbDwTPHAiVg4HZ8BnrDljM2W5LkY-1730761222-1.2.1.1-T8RNBitoXe0nXcMi3lyGSYD5Vf4GxIe5qSVZfk_LDEg5XXXU7G16sPpDR.uHwgdU

Response headers

cf-ray: 8dd838490a382c41-FRA
content-encoding: br
date: Mon, 04 Nov 2024 23:00:22 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: tX8A57VsiDJduSFHRXL9oXgdWheouIAeVeLA6TKDMS1v+m0VotvmST/a6lrwKaIOgpv+C8DgghI=$Ib8blarIzO/n+x0E
server: cloudflare

GET
H3 200 /
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0vzv/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ Frame 8F93 0
0 43ms
42ms Document
text/html 104.18.95.41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/t0vzv/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/

Requested by

Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js?onload=clJo2&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.95.41 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc: h3=":443"; ma=86400
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 8dd8384a5de74504-TXL
content-encoding: br
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Mon, 04 Nov 2024 23:00:22 GMT
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare

GET 04d2d96d-891b-45c8-93e3-393de5be96b4
https://boletos.appmax.com.br/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: boletos.appmax.com.br
URL: blob:https://boletos.appmax.com.br/ea35c652-5c64-483a-bdb0-03d4dca50bfe

Domain: boletos.appmax.com.br
URL: blob:https://boletos.appmax.com.br/9b4fca17-f06d-40e0-947a-f37838cf8543

Domain: boletos.appmax.com.br
URL: blob:https://boletos.appmax.com.br/6b151385-5567-4843-ab36-9655ec467d02

Domain: boletos.appmax.com.br
URL: https://boletos.appmax.com.br/cdn-cgi/challenge-platform/h/b/flow/ov1/1911264430:1730759122:3lmmSkOyAqGCG3I-jipAQFHmW_ULRisMQxH74yoy1R0/8dd83845884c2c41/AgboUcLU2V5jugqlbDwTPHAiVg4HZ8BnrDljM2W5LkY-1730761222-1.2.1.1-T8RNBitoXe0nXcMi3lyGSYD5Vf4GxIe5qSVZfk_LDEg5XXXU7G16sPpDR.uHwgdU

Domain: boletos.appmax.com.br
URL: blob:https://boletos.appmax.com.br/04d2d96d-891b-45c8-93e3-393de5be96b4

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bitinyurl.com/	1969-12-31 23:59:59	Name: ASPSESSIONIDCWBSSQRC Value: KLAGEFIANFADJPGGBCJJFOMH
			boletos.appmax.com.br/	1970-01-21 00:46:04	Name: cf_chl_rc_ni Value: 1

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://boletos.appmax.com.br/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://boletos.appmax.com.br/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://boletos.appmax.com.br/boleto/6727b6073f5bd70eec7fc4d7 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://boletos.appmax.com.br/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://boletos.appmax.com.br/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bitinyurl.com
boletos.appmax.com.br
challenges.cloudflare.com
boletos.appmax.com.br
104.18.95.41
154.12.255.250
2606:4700:10::ac43:2a55
11a8ef7ead241adcaa4ccd4af79626754b3b653553c5d71ee472772394404714
2e2ba89ab6b3b9b28061a97044eec055dc69edddf1336fedfaaa65c6ad393ce0
4ace9198dc02f57f893eedc2b0563760e1c24da1c73ae465e548f5217fc133a5
60c1c1dbac700a2e34240787d085f44f4716872b1c6b1088d142368607a4deda
70f32a7098e258eacfc3bcdf287515bf1f226c17d0ab96c04fec45a1efbbbdb7
7cf72a621d84c333a5dbf6aae6b0925aabbad779e6b31d2265158f9bc229c745
9ab57a4ec8f2a49d43a3ab39458b1a031c8ce9bc2ce480c9aa1fd3201ceafa8a
b7595c3d2e94df7416308fa2ccf5ae8832137c76d2e9a8b02e6ed2cb2d92e2f7
bd751be3bb06ba85f8ae07880f100d534bff5bae0aac8e1a117800ff93e2ac14
e20024ff7c5bec78d8ccd27f8673c79d62f9bb63b07ad3532635609eb5d2f45b
efbaf46f1ac95b03e02254d2e68d08c7da70fbaaeb57dd0cce097ae4b75e1e35
ffa1849c3978fa16eb95c346a350a1e0207c5e7ee651f76a27be63f30ffc61af

boletos.appmax.com.br Open in urlscan Pro 2606:4700:10::ac43:2a55 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

75 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

142 kBTransfer

362 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

2 Cookies

6 Console Messages

Security Headers

Indicators

boletos.appmax.com.br Open in urlscan Pro
2606:4700:10::ac43:2a55 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

75 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

142 kB
Transfer

362 kB
Size

2
Cookies

20 HTTP transactions
0 data transactions