urlscan.io logo urlscan.io
SecurityTrails logo

formalizacaovarejo-hml.bancobmg.com.br Open in urlscan Pro
104.126.37.177  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://formalizacaovarejo-hml.bancobmg.com.br/
Effective URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On May 08 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 22 HTTP transactions. The main IP is 104.126.37.177, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is formalizacaovarejo-hml.bancobmg.com.br.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on November 27th 2023. Valid for: a year.
This is the only time formalizacaovarejo-hml.bancobmg.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 104.126.37.177 20940 (AKAMAI-ASN1)
1 216.58.206.42 15169 (GOOGLE)
4 151.101.1.229 54113 (FASTLY)
3 2.19.216.168 16625 (AKAMAI-AS)
1 216.58.212.163 15169 (GOOGLE)
6 18.228.122.60 16509 (AMAZON-02)
22 7
6    104.126.37.177 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-177.deploy.static.akamaitechnologies.com
formalizacaovarejo-hml.bancobmg.com.br
1    216.58.206.42 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f10.1e100.net
fonts.googleapis.com
4    151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
3    2.19.216.168 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-216-168.deploy.static.akamaitechnologies.com
s.go-mpulse.net
c.go-mpulse.net
02179910.akstat.io
1    216.58.212.163 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f3.1e100.net
fonts.gstatic.com
6    18.228.122.60 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
api-bmg.sensedia.com
Apex Domain
Subdomains		 Transfer
6 sensedia.com
api-bmg.sensedia.com
3 KB
6 bancobmg.com.br
formalizacaovarejo-hml.bancobmg.com.br
1 MB
4 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 310
252 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1444
c.go-mpulse.net — Cisco Umbrella Rank: 647
50 KB
1 akstat.io
02179910.akstat.io — Cisco Umbrella Rank: 73161
242 B
1 gstatic.com
fonts.gstatic.com
33 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
22 7
Domain Requested by
6 api-bmg.sensedia.com formalizacaovarejo-hml.bancobmg.com.br
6 formalizacaovarejo-hml.bancobmg.com.br formalizacaovarejo-hml.bancobmg.com.br
4 cdn.jsdelivr.net formalizacaovarejo-hml.bancobmg.com.br
1 02179910.akstat.io s.go-mpulse.net
1 c.go-mpulse.net s.go-mpulse.net
1 fonts.gstatic.com fonts.googleapis.com
1 s.go-mpulse.net formalizacaovarejo-hml.bancobmg.com.br
1 fonts.googleapis.com formalizacaovarejo-hml.bancobmg.com.br
22 8

This site contains no links.

Subject Issuer Validity Valid
www.bancobmg.com.br
DigiCert SHA2 Extended Validation Server CA		 2023-11-27 -
2024-11-26		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-06 -
2025-03-06		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.sensedia.com
Go Daddy Secure Certificate Authority - G2		 2023-08-26 -
2024-09-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://formalizacaovarejo-hml.bancobmg.com.br/
Frame ID: 4555B02218AF40BA60FF1A6AE0499568
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Formalize seu cadastro

Page URL History Show full URLs

  1. http://formalizacaovarejo-hml.bancobmg.com.br/ HTTP 307
    https://formalizacaovarejo-hml.bancobmg.com.br/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

22
Requests

95 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

1406 kB
Transfer

4198 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://formalizacaovarejo-hml.bancobmg.com.br/ HTTP 307
    https://formalizacaovarejo-hml.bancobmg.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
formalizacaovarejo-hml.bancobmg.com.br/
Redirect Chain
  • http://formalizacaovarejo-hml.bancobmg.com.br/
  • https://formalizacaovarejo-hml.bancobmg.com.br/
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dde8484a67a3b44b832c641b6be83a9f0dd8d550aad0d8ab0210a9d430314789
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
2742
content-type
text/html
date
Wed, 08 May 2024 21:05:42 GMT
etag
"0488cbefb85b9da8f22a133f9eee6b38"
expires
Wed, 08 May 2024 21:05:42 GMT
last-modified
Mon, 28 Aug 2023 12:43:56 GMT
pragma
no-cache
server-timing
cdn-cache; desc=MISS edge; dur=406 origin; dur=2205 ak_p; desc="1715202340145_1753097645_49280070_261073_14761_9_63_255";dur=1
strict-transport-security
max-age=86400 ; includeSubDomains
vary
Accept-Encoding
x-akamai-transformed
9 1439 0 pmb=mRUM,2
x-amz-cf-id
0v8EDBg_pE9HjbiEZhz4sAbIMOuNyqGC7_c-5xPNZe_nlFf9nlv2Gw==
x-amz-cf-pop
CPT52-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
lXMhl3dVcRqEDZg2V76TGwdogOgM7tXK

Redirect headers

Location
https://formalizacaovarejo-hml.bancobmg.com.br/
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;600;700&display=swap
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f10.1e100.net
Software
ESF /
Resource Hash
7c68c0208cecad69fb80c0a9fee76b374dd777a869fcd0fbcf234e8af8a20640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 08 May 2024 21:05:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 08 May 2024 20:20:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 08 May 2024 21:05:42 GMT
main.ba13e7c7.js
formalizacaovarejo-hml.bancobmg.com.br/static/js/ 		3 MB
891 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/static/js/main.ba13e7c7.js
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
da845360e22404c200d1ff32de75d358c25df1d79e1bbd59494cb09a32363088
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
tMDuRUjgyP2bzuQsJrMrcnJ_qPGQboVm
content-encoding
gzip
date
Wed, 08 May 2024 21:05:43 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
x-amz-cf-pop
LOS50-P1
x-amz-server-side-encryption
AES256
x-amz-storage-class
STANDARD_IA
server-timing
cdn-cache; desc=HIT, edge; dur=229, origin; dur=0, ak_p; desc="1715202342895_1753097645_49292484_22926_14676_9_0_146";dur=1
content-length
911441
last-modified
Mon, 28 Aug 2023 12:43:57 GMT
etag
"22dbfe526e3e786a4e27fbce4f4adf21"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=580957
accept-ranges
bytes
x-amz-cf-id
fSWMGNnZCkuQuChJB0uLD6yjflS31Dbg8dWLUt08DEIMLy2MjsvKRA==
main.b3eeeea7.css
formalizacaovarejo-hml.bancobmg.com.br/static/css/ 		22 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/static/css/main.b3eeeea7.css
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2fd451d95e390059167423525e288fe63c18daebaa762f8c0356a5434e3b0ef8
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
g1UPO8.5WCHLlO27GSX0XKiXrwEdjsaZ
content-encoding
gzip
date
Wed, 08 May 2024 21:05:42 GMT
last-modified
Mon, 28 Aug 2023 12:43:57 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
x-amz-cf-pop
LOS50-P1
x-amz-server-side-encryption
AES256
etag
"fe3f595a81355c8d7d9b9cafd9ffa3ae"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=76335
server-timing
cdn-cache; desc=HIT, edge; dur=13, ak_p; desc="1715202342924_1753097645_49292482_4251_15524_9_0_255";dur=1
accept-ranges
bytes
x-amz-cf-id
Oa1mNYoBqyzOUtP9fXBgf1d5x5ihyWFsAW114JQhL82e6_o_yfKTdA==
content-length
2752
tfjs-core
cdn.jsdelivr.net/npm/@tensorflow/ 		287 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@tensorflow/tfjs-core
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
49fc23a9fe9349703a303f52d834d9e9d3a05c7a260e2b6fc857518693667d3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 08 May 2024 21:05:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
9117
x-jsd-version
4.19.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
84647
x-served-by
cache-fra-etou8220144-FRA, cache-lin1730028-LIN
x-jsd-version-type
version
etag
W/"47cae-Sr+OAVtuu4gEMO4913aCVRxB7o8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
tfjs-converter
cdn.jsdelivr.net/npm/@tensorflow/ 		315 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@tensorflow/tfjs-converter
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
310773d121c4b5880c17d00eb8dd58a99a728e6b9c118e5cc37dadf0d8f40118
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 08 May 2024 21:05:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
42545
x-jsd-version
4.19.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
78901
x-served-by
cache-fra-eddf8230137-FRA, cache-lin1730028-LIN
x-jsd-version-type
version
etag
W/"4ec19-bXR7eTEA2uDmSK8/0nLjTHYXK6Q"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
tfjs-backend-webgl
cdn.jsdelivr.net/npm/@tensorflow/ 		390 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@tensorflow/tfjs-backend-webgl
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2542b9ee5c4529c1a883938ea3b89374d566eb1dec026bdd097a8938d2326922
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 08 May 2024 21:05:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
17189
x-jsd-version
4.19.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
88576
x-served-by
cache-fra-eddf8230144-FRA, cache-lin1730028-LIN
x-jsd-version-type
version
etag
W/"6183a-32fyv8IenIERB835wG5jtb33BMo"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
handpose
cdn.jsdelivr.net/npm/@tensorflow-models/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@tensorflow-models/handpose
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8c23bd73b3da42e8ceac006949faefbf4f7758701508149335eb5167cb25885f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 08 May 2024 21:05:42 GMT
x-content-type-options
nosniff
content-encoding
br
age
8273
x-jsd-version
0.1.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4815
x-served-by
cache-fra-eddf8230120-FRA, cache-lin1730028-LIN
x-jsd-version-type
version
etag
W/"3295-RG6c3Ep7wv7eFVYiPNxkVDqZ/dA"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
95YYB-PA29E-2YYUY-U2G7X-UWAHQ
s.go-mpulse.net/boomerang/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/95YYB-PA29E-2YYUY-U2G7X-UWAHQ
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.168 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-168.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 08 May 2024 21:05:43 GMT
content-encoding
br
last-modified
Wed, 08 May 2024 02:23:26 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
logo.png
formalizacaovarejo-hml.bancobmg.com.br/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/images/logo.png
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3ae70bd83d3887621e8d62edf145858f3c2677834ff0e7118b18d203c772f96d
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
rBnkhubHxbmGG0SglQ28k4R6reT_k6Wq
date
Wed, 08 May 2024 21:05:43 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
last-modified
Mon, 28 Aug 2023 12:43:56 GMT
x-amz-cf-pop
LOS50-P1
x-amz-server-side-encryption
AES256
etag
"df9c960213f6c3308d9d464abb159d6a"
content-type
image/png
cache-control
max-age=2568184
server-timing
cdn-cache; desc=HIT, edge; dur=197, origin; dur=0, ak_p; desc="1715202343567_1753097645_49295399_22192_26196_9_0_146";dur=1
accept-ranges
bytes
content-length
1742
x-amz-cf-id
WaKMH74yQyJiXAl7y0Wv8rlKOlbFbAO_SH7IxkIwUUVTqEEuoSq6ww==
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f3.1e100.net
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://formalizacaovarejo-hml.bancobmg.com.br
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 06:41:12 GMT
x-content-type-options
nosniff
age
138271
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 May 2025 06:41:12 GMT
access-token
api-bmg.sensedia.com/hml/oauth/v1/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/oauth/v1/access-token
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce 0b9e803f38a3d234a3341f05feabcc72ab85626d
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
access_token,authorization,content-type
Access-Control-Request-Method
POST
Origin
https://formalizacaovarejo-hml.bancobmg.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
access_token,authorization,content-type
access-control-allow-methods
HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH
access-control-allow-origin
*
content-disposition
inline
content-security-policy
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce 0b9e803f38a3d234a3341f05feabcc72ab85626d
date
Wed, 08 May 2024 21:05:44 GMT
server
****
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;
transfer-encoding
chunked
x-content-type-options
nosniff
access-token
api-bmg.sensedia.com/hml/oauth/v1/ 		159 B
721 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/oauth/v1/access-token
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/static/js/main.ba13e7c7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** /
Resource Hash
0be8a349444eef8a581550f670c54948dd1634069075fd558045f04455357bf8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Basic YWI5MTcyODgtNjVlMy00MTE3LWEyNDYtZTI0NjUyNGJkNmY2Ojc4OGY1ZTRjLTVmMTAtNDhmYi1iZDE5LWQwOWYzNzUzNGMxYg==
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json, text/plain, */*
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
access_token
Basic YWI5MTcyODgtNjVlMy00MTE3LWEyNDYtZTI0NjUyNGJkNmY2Ojc4OGY1ZTRjLTVmMTAtNDhmYi1iZDE5LWQwOWYzNzUzNGMxYg==
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
content-security-policy
frame-ancestors 'none'
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;
x-content-type-options
nosniff
date
Wed, 08 May 2024 21:05:44 GMT
referrer-policy
no-referrer
server
****
x-frame-options
DENY
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://formalizacaovarejo-hml.bancobmg.com.br
cache-control
no-store
content-disposition
inline
x-application-context
application:8084
Loading.17ec3b77199ab7741e06.gif
formalizacaovarejo-hml.bancobmg.com.br/static/media/ 		166 KB
167 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/static/media/Loading.17ec3b77199ab7741e06.gif
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
989758d23b0407f4d5fe1e94a4234ab8e3adfeebabd4c2eca366f16cca904948
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
H2BZRPsdmMYb66_V1Tw0D3pgfyLuX5qV
date
Wed, 08 May 2024 21:05:44 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
last-modified
Mon, 28 Aug 2023 12:43:58 GMT
x-amz-cf-pop
LOS50-P1
x-amz-server-side-encryption
AES256
etag
"4de977ed6d253f12842d0a11132d8c1d"
content-type
image/gif
x-amz-storage-class
STANDARD_IA
cache-control
max-age=2568110
server-timing
cdn-cache; desc=HIT, edge; dur=207, origin; dur=0, ak_p; desc="1715202343566_1753097645_49295400_23007_13204_9_0_146";dur=1
accept-ranges
bytes
content-length
170097
x-amz-cf-id
j6Dx-1uEnLfgf7dgpkIIGCGv0sLwVAmpgiyDwK9g5ZavSeXrOwU4fQ==
config.json
c.go-mpulse.net/api/ 		613 B
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=95YYB-PA29E-2YYUY-U2G7X-UWAHQ&d=formalizacaovarejo-hml.bancobmg.com.br&t=5717341&v=1.720.0&sl=0&si=3a1ec0bd-4aec-4735-a5fa-3ec397419e0d-sd6qlg&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=963832
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/95YYB-PA29E-2YYUY-U2G7X-UWAHQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.168 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-168.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cfef3a663cacfbb0070c20c55326506c3926b8eee1380dcf0205307a303bfc9b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Wed, 08 May 2024 21:05:43 GMT
cache-control
private, max-age=300, stale-while-revalidate=60, stale-if-error=120
timing-allow-origin
*
alt-svc
h3=":443"; ma=93600
content-length
613
content-type
application/json
/
02179910.akstat.io/ 		0
242 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://02179910.akstat.io/
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/95YYB-PA29E-2YYUY-U2G7X-UWAHQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.168 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-168.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Wed, 08 May 2024 21:05:44 GMT
content-type
image/gif
access-control-allow-origin
https://formalizacaovarejo-hml.bancobmg.com.br
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
timing-allow-origin
*
alt-svc
h3=":443"; ma=93600
x-xss-protection
0
expires
Wed, 08 May 2024 21:05:44 GMT
favicon.svg
formalizacaovarejo-hml.bancobmg.com.br/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://formalizacaovarejo-hml.bancobmg.com.br/favicon.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.177 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-177.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7039967ef7d7493a084b9e2a050f703ac7a343e2fccf0835e7d28ec279032e03
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
lXMhl3dVcRqEDZg2V76TGwdogOgM7tXK
content-encoding
gzip
date
Wed, 08 May 2024 21:05:44 GMT
last-modified
Mon, 28 Aug 2023 12:43:56 GMT
strict-transport-security
max-age=86400 ; includeSubDomains
x-amz-cf-pop
LOS50-P1
x-amz-server-side-encryption
AES256
etag
"0488cbefb85b9da8f22a133f9eee6b38"
vary
Accept-Encoding
content-type
text/html
cache-control
max-age=1937163
server-timing
cdn-cache; desc=HIT, edge; dur=9, ak_p; desc="1715202344190_1753097645_49298235_1111_14813_9_0_219";dur=1
accept-ranges
bytes
x-amz-cf-id
z3bqj0cgnVGpv2DAItw5Wa3-yz_FwlF3Pi45Bir71bqx1giTbMAe0g==
content-length
673
session-token
api-bmg.sensedia.com/hml/varejista/v1/seguranca/face-match/ 		0
0
undefined
api-bmg.sensedia.com/hml/varejista/v1/proposta/hash-termo-aceite/ 		230 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/varejista/v1/proposta/hash-termo-aceite/undefined
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/static/js/main.ba13e7c7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** / Express
Resource Hash
ab19c7ffb003974ae102bdd8484bcf7c21e27b237e9a2f70720ae7e143cde6d9
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
access_token
fd8cc452-5aaa-414f-b8ce-c54b9d7a976c
client_id
ab917288-65e3-4117-a246-e246524bd6f6

Response headers

content-security-policy
frame-ancestors none
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;, max-age=15552000; includeSubDomains
x-content-type-options
nosniff, nosniff
date
Wed, 08 May 2024 21:05:46 GMT
x-amzn-remapped-content-length
230
x-amzn-requestid
795ecf11-56a9-4588-b47b-4ad09c84584a
x-amzn-remapped-connection
keep-alive
transfer-encoding
chunked
x-powered-by
Express
content-disposition
inline
x-amz-apigw-id
XeFenEP7iYcFZNw=
referrer-policy
no-referrer
server
****
etag
W/"e6-yNIQWVy3CT+E0UFaSNWSnmFCHgo"
x-frame-options
DENY
x-ratelimit-remaining
49
content-type
application/json;charset=utf-8
access-control-allow-origin
*
cache-control
no-store
permissions-policy
()
x-ratelimit-reset
0
x-ratelimit-limit
50
x-amzn-remapped-date
Wed, 08 May 2024 21:05:46 GMT
parametros-selfie
api-bmg.sensedia.com/hml/varejista/v1/formalizacao/undefined/ 		191 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/varejista/v1/formalizacao/undefined/parametros-selfie
Requested by
Host: formalizacaovarejo-hml.bancobmg.com.br
URL: https://formalizacaovarejo-hml.bancobmg.com.br/static/js/main.ba13e7c7.js
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** / Express
Resource Hash
4523c755c678d9d39b6421589fa66f7f0c99c73fa994b589a8a94c592752612a
Security Headers
Name Value
Content-Security-Policy frame-ancestors none
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;, max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
application/json
Referer
https://formalizacaovarejo-hml.bancobmg.com.br/
access_token
fd8cc452-5aaa-414f-b8ce-c54b9d7a976c
client_id
ab917288-65e3-4117-a246-e246524bd6f6

Response headers

content-security-policy
frame-ancestors none
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;, max-age=15552000; includeSubDomains
x-content-type-options
nosniff, nosniff
date
Wed, 08 May 2024 21:05:46 GMT
x-amzn-remapped-content-length
191
x-amzn-requestid
66c263ef-578c-484f-b8e3-35bed1b2527e
x-amzn-remapped-connection
keep-alive
transfer-encoding
chunked
x-powered-by
Express
content-disposition
inline
x-amz-apigw-id
XeFemE-UCYcFfxw=
referrer-policy
no-referrer
server
****
etag
W/"bf-xXQiMqJ26lXzDshG+o+2D4jXTUk"
x-frame-options
DENY
x-ratelimit-remaining
49
content-type
application/json;charset=utf-8
access-control-allow-origin
*
cache-control
no-store
permissions-policy
()
x-ratelimit-reset
0
x-ratelimit-limit
50
x-amzn-remapped-date
Wed, 08 May 2024 21:05:46 GMT
undefined
api-bmg.sensedia.com/hml/varejista/v1/proposta/hash-termo-aceite/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/varejista/v1/proposta/hash-termo-aceite/undefined
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce cfe1f23c544aa514e16abe71315c9194695df73e
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
access_token,client_id
Access-Control-Request-Method
GET
Origin
https://formalizacaovarejo-hml.bancobmg.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
access_token,client_id
access-control-allow-methods
HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH
access-control-allow-origin
*
content-disposition
inline
content-security-policy
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce cfe1f23c544aa514e16abe71315c9194695df73e
date
Wed, 08 May 2024 21:05:44 GMT
server
****
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;
transfer-encoding
chunked
x-content-type-options
nosniff
parametros-selfie
api-bmg.sensedia.com/hml/varejista/v1/formalizacao/undefined/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api-bmg.sensedia.com/hml/varejista/v1/formalizacao/undefined/parametros-selfie
Protocol
HTTP/1.1
Security
TLS 1.3, , CHACHA20_POLY1305
Server
18.228.122.60 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-228-122-60.sa-east-1.compute.amazonaws.com
Software
**** /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce 32e3a48304ba89e7ce5d2cc054d1be892a5d7d04
Strict-Transport-Security max-age=31622400; includeSubDomains; preload; always;
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
access_token,client_id
Access-Control-Request-Method
GET
Origin
https://formalizacaovarejo-hml.bancobmg.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
access_token,client_id
access-control-allow-methods
HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH
access-control-allow-origin
*
content-disposition
inline
content-security-policy
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce 32e3a48304ba89e7ce5d2cc054d1be892a5d7d04
date
Wed, 08 May 2024 21:05:44 GMT
server
****
strict-transport-security
max-age=31622400; includeSubDomains; preload; always;
transfer-encoding
chunked
x-content-type-options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api-bmg.sensedia.com
URL
https://api-bmg.sensedia.com/hml/varejista/v1/seguranca/face-match/session-token

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| BOOMR_mq string| BOOMR_API_key object| BOOMR object| tf object| _tfGlobals object| _tfengine object| handpose function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression number| BOOMR_onload

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://api-bmg.sensedia.com/hml/varejista/v1/proposta/hash-termo-aceite/undefined
Message:
Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)
network error URL: https://api-bmg.sensedia.com/hml/varejista/v1/formalizacao/undefined/parametros-selfie
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=86400 ; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

02179910.akstat.io
api-bmg.sensedia.com
c.go-mpulse.net
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
formalizacaovarejo-hml.bancobmg.com.br
s.go-mpulse.net
api-bmg.sensedia.com
104.126.37.177
151.101.1.229
18.228.122.60
2.19.216.168
216.58.206.42
216.58.212.163
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0be8a349444eef8a581550f670c54948dd1634069075fd558045f04455357bf8
2542b9ee5c4529c1a883938ea3b89374d566eb1dec026bdd097a8938d2326922
2fd451d95e390059167423525e288fe63c18daebaa762f8c0356a5434e3b0ef8
310773d121c4b5880c17d00eb8dd58a99a728e6b9c118e5cc37dadf0d8f40118
3ae70bd83d3887621e8d62edf145858f3c2677834ff0e7118b18d203c772f96d
4523c755c678d9d39b6421589fa66f7f0c99c73fa994b589a8a94c592752612a
49fc23a9fe9349703a303f52d834d9e9d3a05c7a260e2b6fc857518693667d3a
7039967ef7d7493a084b9e2a050f703ac7a343e2fccf0835e7d28ec279032e03
7c68c0208cecad69fb80c0a9fee76b374dd777a869fcd0fbcf234e8af8a20640
8c23bd73b3da42e8ceac006949faefbf4f7758701508149335eb5167cb25885f
989758d23b0407f4d5fe1e94a4234ab8e3adfeebabd4c2eca366f16cca904948
ab19c7ffb003974ae102bdd8484bcf7c21e27b237e9a2f70720ae7e143cde6d9
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
cfef3a663cacfbb0070c20c55326506c3926b8eee1380dcf0205307a303bfc9b
da845360e22404c200d1ff32de75d358c25df1d79e1bbd59494cb09a32363088
dde8484a67a3b44b832c641b6be83a9f0dd8d550aad0d8ab0210a9d430314789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855