urlscan.io logo urlscan.io
SecurityTrails logo

www.gotrack.wesec.com.br Open in urlscan Pro
173.236.227.128  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.gotrack.wesec.com.br/
Submission: On October 31 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 173.236.227.128, located in United States and belongs to DREAMHOST-AS, US. The main domain is www.gotrack.wesec.com.br.
TLS certificate: Issued by R3 on October 31st 2022. Valid for: 3 months.
This is the only time www.gotrack.wesec.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 173.236.227.128 26347 (DREAMHOST-AS)
1 18.66.112.77 16509 (AMAZON-02)
4 54.94.1.76 16509 (AMAZON-02)
6 3
Apex Domain
Subdomains		 Transfer
5 track.co
app.track.co
api.track.co
18 KB
1 wesec.com.br
www.gotrack.wesec.com.br
636 B
6 2
Domain Requested by
4 api.track.co app.track.co
1 app.track.co www.gotrack.wesec.com.br
1 www.gotrack.wesec.com.br
6 3

This site contains no links.

Subject Issuer Validity Valid
www.gotrack.wesec.com.br
R3		 2022-10-31 -
2023-01-29		 3 months crt.sh
*.track.co
Amazon		 2022-08-09 -
2023-09-07		 a year crt.sh
track.co
Amazon		 2022-06-21 -
2023-07-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.gotrack.wesec.com.br/
Frame ID: 123119C200893AC80F097A69553A8E09
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

teste track

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

19 kB
Transfer

46 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.gotrack.wesec.com.br/ 		721 B
636 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.gotrack.wesec.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.236.227.128 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
apache2-whippit.john-dickinson.dreamhost.com
Software
Apache /
Resource Hash
f4ae24b448d3a55594b7f2e2c3d617dfa0300c83b2e245f0cefa269cf1f508e7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=600
content-encoding
gzip
content-length
456
content-type
text/html
date
Mon, 31 Oct 2022 13:12:24 GMT
etag
"2d1-5ec5459a0f57b-gzip"
expires
Mon, 31 Oct 2022 13:22:24 GMT
last-modified
Mon, 31 Oct 2022 13:11:48 GMT
server
Apache
vary
Accept-Encoding,User-Agent
widget.min.js
app.track.co/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.track.co/widget.min.js
Requested by
Host: www.gotrack.wesec.com.br
URL: https://www.gotrack.wesec.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-77.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d1d634d98b152c4958fa7b5b26360197f2d19eedf1f41a42688d15b9bb76761f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://cdn.app.movidesk.com https://chat.movidesk.com; script-src 'self' 'report-sample' https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/ https://script.hotjar.com/ https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js https://chat.movidesk.com/Scripts/chat-widget.min.js https://chat.movidesk.com https://cdn.mouseflow.com/projects/c1c552ec-2693-46f0-823a-233f968ff126.js https://code.jquery.com/jquery-3.6.0.min.js https://cdn.headwayapp.co/widget.js https://session-replay.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://chat.movidesk.com/Content/css/chat-widget.min.css https://cdn.headwayapp.co/headway-animate.css; frame-src 'self' https://www.google.com https://chat.movidesk.com https://headway-widget.net https://vars.hotjar.com; child-src 'self' https://www.google.com; img-src 'self' https://static-dev.track.co https://static.track.co https: data: ; object-src 'none'; worker-src 'self' blob: ; connect-src 'self' https://api.track.co https://feature-toggle.track.co https://cdn.app.movidesk.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://n2.mouseflow.com https://in.hotjar.com wss://*.hotjar.com https://*.hotjar.com; base-uri 'self'; frame-ancestors 'none'; manifest-src 'none'; prefetch-src 'none'; form-action 'self'; media-src 'self'; upgrade-insecure-requests; report-to default
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gotrack.wesec.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
95cwrTwIV6aA9E783hgNBlwJ3jXD6VVa
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://cdn.app.movidesk.com https://chat.movidesk.com; script-src 'self' 'report-sample' https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/ https://script.hotjar.com/ https://www.gstatic.com/recaptcha/releases/ https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js https://chat.movidesk.com/Scripts/chat-widget.min.js https://chat.movidesk.com https://cdn.mouseflow.com/projects/c1c552ec-2693-46f0-823a-233f968ff126.js https://code.jquery.com/jquery-3.6.0.min.js https://cdn.headwayapp.co/widget.js https://session-replay.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://chat.movidesk.com/Content/css/chat-widget.min.css https://cdn.headwayapp.co/headway-animate.css; frame-src 'self' https://www.google.com https://chat.movidesk.com https://headway-widget.net https://vars.hotjar.com; child-src 'self' https://www.google.com; img-src 'self' https://static-dev.track.co https://static.track.co https: data: ; object-src 'none'; worker-src 'self' blob: ; connect-src 'self' https://api.track.co https://feature-toggle.track.co https://cdn.app.movidesk.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://n2.mouseflow.com https://in.hotjar.com wss://*.hotjar.com https://*.hotjar.com; base-uri 'self'; frame-ancestors 'none'; manifest-src 'none'; prefetch-src 'none'; form-action 'self'; media-src 'self'; upgrade-insecure-requests; report-to default
content-encoding
gzip
date
Mon, 31 Oct 2022 13:12:24 GMT
via
1.1 b30b1c2659a3fb836783824fe37110ee.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
age
1038
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 26 Oct 2022 19:45:46 GMT
server
AmazonS3
etag
W/"1af71f30e65d7c4e7030aa79ed34f7af"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
geolocation=(self)
x-amz-cf-id
b81zCPmdNAlUygDacR0SZiG7_Wl-Vq5t2VDG0aGZPaa0smio73U2-Q==
check
api.track.co/widget/pKkCZBZl/ 		55 B
575 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.track.co/widget/pKkCZBZl/check
Requested by
Host: app.track.co
URL: https://app.track.co/widget.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.94.1.76 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-94-1-76.sa-east-1.compute.amazonaws.com
Software
/
Resource Hash
3588304b50b9fb4ffafd355c5b68e27e517f6017f5d3de4af6f1a425d62c7e70
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
Strict-Transport-Security max-age=15768000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://www.gotrack.wesec.com.br/
pathname
/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 31 Oct 2022 13:12:25 GMT
content-security-policy
default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15768000; includeSubdomains
x-content-type-options
nosniff
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
content-length
55
x-xss-protection
1; mode=block
check
api.track.co/widget/pKkCZBZl/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.track.co/widget/pKkCZBZl/check
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.94.1.76 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-94-1-76.sa-east-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
Strict-Transport-Security max-age=15768000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,pathname
Access-Control-Request-Method
POST
Origin
https://www.gotrack.wesec.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-headers
content-type,pathname
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
content-security-policy
default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
date
Mon, 31 Oct 2022 13:12:25 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15768000; includeSubdomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
pKkCZBZl
api.track.co/widget/ 		84 B
604 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.track.co/widget/pKkCZBZl
Requested by
Host: app.track.co
URL: https://app.track.co/widget.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.94.1.76 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-94-1-76.sa-east-1.compute.amazonaws.com
Software
/
Resource Hash
c29c3fe4fad48c110d38c34a9b1c5ee4d7733ee5b6b7ecd2838865fc5807a993
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
Strict-Transport-Security max-age=15768000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.gotrack.wesec.com.br/
pathname
/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 13:12:26 GMT
content-security-policy
default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15768000; includeSubdomains
x-content-type-options
nosniff
vary
Origin
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
content-length
84
x-xss-protection
1; mode=block
pKkCZBZl
api.track.co/widget/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.track.co/widget/pKkCZBZl
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.94.1.76 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-94-1-76.sa-east-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
Strict-Transport-Security max-age=15768000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
pathname
Access-Control-Request-Method
GET
Origin
https://www.gotrack.wesec.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

access-control-allow-headers
pathname
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
content-security-policy
default-src 'self' *.track-hmg.com *.track.co *.sendgrid.net *.googleapis.com *.gstatic.com ; img-src 'self' *.track-hmg.com *.track.co *.sendgrid.net data: ; script-src 'self' *.sendgrid.net cdn.lr-ingest.io 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' *.googleapis.com 'unsafe-inline';
date
Mon, 31 Oct 2022 13:12:25 GMT
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15768000; includeSubdomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| TrackWidget

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: https://api.track.co/widget/pKkCZBZl
Message:
Failed to load resource: the server responded with a status of 400 ()