lvns-hml.bancobmg.com.br Open in urlscan Pro
2.20.142.96 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://lvns-hml.bancobmg.com.br/
Effective URL:
https://lvns-hml.bancobmg.com.br/
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On August 13 via api (August 13th 2024, 2:58:01 pm UTC) from IT — Scanned from IT

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2.20.142.96, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is lvns-hml.bancobmg.com.br.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on August 12th 2024. Valid for: a year.

This is the only time lvns-hml.bancobmg.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2.20.142.96 2.20.142.96	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2.23.196.132 2.23.196.132	16625 (AKAMAI-AS) (AKAMAI-AS)
1	184.27.96.174 184.27.96.174	16625 (AKAMAI-AS) (AKAMAI-AS)
14	3

11 2.20.142.96 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-20-142-96.deploy.static.akamaitechnologies.com

lvns-hml.bancobmg.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api-partners-hml.bancobmg.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.23.196.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-196-132.deploy.static.akamaitechnologies.com

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0217991e.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.96.174 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-27-96-174.deploy.static.akamaitechnologies.com

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	bancobmg.com.br lvns-hml.bancobmg.com.br api-partners-hml.bancobmg.com.br	898 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 2168 c.go-mpulse.net — Cisco Umbrella Rank: 906	50 KB
1	akstat.io 0217991e.akstat.io — Cisco Umbrella Rank: 118802	233 B
14	3

	Domain	Requested by
7	lvns-hml.bancobmg.com.br	lvns-hml.bancobmg.com.br
4	api-partners-hml.bancobmg.com.br	lvns-hml.bancobmg.com.br
1	0217991e.akstat.io	s.go-mpulse.net
1	c.go-mpulse.net	s.go-mpulse.net
1	s.go-mpulse.net	lvns-hml.bancobmg.com.br
14	5

This site contains no links.

Subject Issuer	Validity	Valid
econtent.bancobmg.com.br DigiCert SHA2 Extended Validation Server CA	`2024-08-12` - `2025-07-02`	a year	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2024-07-31` - `2025-07-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lvns-hml.bancobmg.com.br/
Frame ID: EC47AF3B5881BBEC3D13F67C3AE249E0
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banco BMG

Page URL History Show full URLs

http://lvns-hml.bancobmg.com.br/ HTTP 307
https://lvns-hml.bancobmg.com.br/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

3
IPs

1
Countries

948 kB
Transfer

3630 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lvns-hml.bancobmg.com.br/ HTTP 307
https://lvns-hml.bancobmg.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
lvns-hml.bancobmg.com.br/
Redirect Chain

http://lvns-hml.bancobmg.com.br/
https://lvns-hml.bancobmg.com.br/

5 KB
3 KB

1673ms
1364ms

Document
text/html

2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lvns-hml.bancobmg.com.br/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

64a7e9a4983b7f93fdf9f69e20438110e8eb076115f5285372b16bcc8b1953fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 2438
content-type: text/html
date: Tue, 13 Aug 2024 14:57:55 GMT
etag: "a5076a177c03d1c2cdd077bcbd4d2237"
expires: Tue, 13 Aug 2024 14:57:55 GMT
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
pragma: no-cache
server-timing: cdn-cache; desc=MISS edge; dur=1101 origin; dur=153 ak_p; desc="1723561073785_34901596_511510971_125394_19232_31_186_255";dur=1
strict-transport-security: max-age=86400 ; includeSubDomains
vary: Accept-Encoding
x-akamai-transformed: 9 474 0 pmb=mRUM,2
x-amz-cf-id: zQbZmVEDHXGo2h07mKTdKYp0BrReaJbvN6KKN3L-zc8vOXGALjRfvg==
x-amz-cf-pop: FOR50-P3
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
x-amz-server-side-encryption: AES256
x-amz-version-id: ZnLnQfuDIpUONtdJBLC2WkWwU8HD6ykr

Redirect headers

Location: https://lvns-hml.bancobmg.com.br/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 index-629569ec.js Show response
lvns-hml.bancobmg.com.br/assets/ 1 MB
328 KB 114ms
113ms Script
application/javascript 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lvns-hml.bancobmg.com.br/assets/index-629569ec.js

Requested by

Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

b2f417410b1f4ccc28c0796e7bfd333541f657563dab3dd90d706fb96c2bfa3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
Origin: https://lvns-hml.bancobmg.com.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: hQY1A7YZYJo86a4bjciN9u1H3OSToRMV
content-encoding: br
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
date: Tue, 13 Aug 2024 14:57:55 GMT
x-amz-cf-pop: FOR50-P3
x-amz-server-side-encryption: AES256
etag: "63832628f8109e9d34cbfd52866eca74"
content-type: application/javascript
strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=280795
server-timing: cdn-cache; desc=HIT, edge; dur=15, ak_p; desc="1723561075353_34901596_511511793_1526_9211_31_0_219";dur=1
accept-ranges: bytes
x-amz-cf-id: CnmGqnaa52JrFQyLC11LjvFQbnuqaEEgKoXBJGDJvDGw_g2i0T-VcQ==

GET
H2 200 index-9a590437.css
lvns-hml.bancobmg.com.br/assets/ 491 KB
38 KB 249ms
248ms Stylesheet
text/css 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lvns-hml.bancobmg.com.br/assets/index-9a590437.css

Requested by

Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a5904378bea69ce7fa41212337b281fb41da165f03e4e1622462b8c2b007a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: sFyZvo_aMVOysvNHJY.vD.zf8ffYe2d8
content-encoding: br
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
date: Tue, 13 Aug 2024 14:57:55 GMT
x-amz-cf-pop: FOR50-P3
x-amz-server-side-encryption: AES256
etag: "5b6dd9259a6e250b07af715604592f08"
content-type: text/css
strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=280737
server-timing: cdn-cache; desc=HIT, edge; dur=96, ak_p; desc="1723561075353_34901596_511511792_9610_9308_31_0_255";dur=1
accept-ranges: bytes
x-amz-cf-id: qW-2i40I_Utl5507NYp3Ocrp7D3Q-ocUkXCM5WsOIS6nRwoPxc8R3Q==
content-length: 38652

GET
H2 200 FaceTecSDK.js Show response
lvns-hml.bancobmg.com.br/core-sdk/FaceTecSDK.js/ 1 MB
521 KB 675ms
675ms Script
application/javascript 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lvns-hml.bancobmg.com.br/core-sdk/FaceTecSDK.js/FaceTecSDK.js

Requested by

Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

c4478ba650ce6bfac45944b86d4bd52f92b8aa709587384fbe95bad1dd731c19

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: r.xSvbjQffhAHnLeNzkQJShgTFQRvyf3
content-encoding: br
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
date: Tue, 13 Aug 2024 14:57:55 GMT
x-amz-cf-pop: FOR50-P3
x-amz-server-side-encryption: AES256
etag: "6a193df2b0d1a286c0e3228ed8b5b45f"
content-type: application/javascript
strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=280705
server-timing: cdn-cache; desc=HIT, edge; dur=580, ak_p; desc="1723561075353_34901596_511511794_58036_9310_31_0_219";dur=1
accept-ranges: bytes
x-amz-cf-id: 1q3i3rhk01GNZhH__xpGBq8v4bHKBkwiS9-1s9CHDBINLv4OUfpzsA==

GET
H2 200 6KC2J-PJSNP-8CN7T-GLYY4-LBHNB Show response
s.go-mpulse.net/boomerang/ 205 KB
49 KB 801ms
647ms Script
application/javascript 2.23.196.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/6KC2J-PJSNP-8CN7T-GLYY4-LBHNB
Requested by: Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.23.196.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-23-196-132.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 13 Aug 2024 14:57:56 GMT
content-encoding: br
customappheader: mpulse-ab-boomr__git__361fdb1__git__361fdb1__p19.alsi10-lite
last-modified: Sun, 11 Aug 2024 11:00:49 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
H2 200 Frame%203528.png
lvns-hml.bancobmg.com.br/images/ 2 KB
2 KB 984ms
983ms Image
image/png 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lvns-hml.bancobmg.com.br/images/Frame%203528.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

d0d3f744122e900758c8b18c0cde4414bf2c8cb9709b79c775910841e6b38ba1

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 89kDpwyDrKWPDqoQ0TS7Aal6Sr5tke_u
date: Tue, 13 Aug 2024 14:57:57 GMT
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
x-amz-cf-pop: FOR50-P3
x-amz-server-side-encryption: AES256
etag: "3ce8446f51faa4a38b5a4e10ff4f97cb"
content-type: image/png
cache-control: max-age=2590721
server-timing: cdn-cache; desc=HIT, edge; dur=902, origin; dur=0, ak_p; desc="1723561076330_34901596_511512642_90277_10087_31_0_146";dur=1
accept-ranges: bytes
content-length: 1928
x-amz-cf-id: -H6s72Vtlw8ZJIHIcVgcRQEIqP08ck9oP2c930bT7Sgp5NyaH-qSpw==

GET
H2 200 logo.png
lvns-hml.bancobmg.com.br/images/ 2 KB
2 KB 1081ms
1080ms Image
image/png 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lvns-hml.bancobmg.com.br/images/logo.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

2e09dd6fcb739910d3da79cfc0b9d4a160014b36a17737497b3c092659377f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Pj3nB8oJimujNanPc510aJbculnAVExW
date: Tue, 13 Aug 2024 14:57:57 GMT
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
x-amz-cf-pop: FOR50-P3
etag: "150e279003bb07aa392a902c7714c5dd"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: max-age=2590730
server-timing: cdn-cache; desc=HIT, edge; dur=1001, origin; dur=0, ak_p; desc="1723561076330_34901596_511512643_100119_10007_31_0_146";dur=1
accept-ranges: bytes
content-length: 1783
x-amz-cf-id: I5Lr_5GX36yB6xkz2CplsAyYyN3IIxPBDOSocHF-mGWOW7PPZeLmmQ==

OPTIONS
H2 200 access-token
api-partners-hml.bancobmg.com.br/oauth/v1/ 0
0 2139ms
1792ms Preflight 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api-partners-hml.bancobmg.com.br/oauth/v1/access-token

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce c4251878d37054e60047bbc6531dd70348edf524
Strict-Transport-Security	max-age=86400 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://lvns-hml.bancobmg.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-disposition: inline
content-length: 6
content-security-policy: default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce c4251878d37054e60047bbc6531dd70348edf524
content-security-policy-report-only: script-src 'self' http://*.help.com.br/* https://*.help.com.br/* assets.adobedtm.com https://static.hotjar.com/* http://static.hotjar.com/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; style-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; img-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*;
content-type: nosniff
date: Tue, 13 Aug 2024 14:57:58 GMT
expires: Tue, 13 Aug 2024 14:57:58 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), encrypted-media=(), fullscreen=(), gyroscope=(), payment=(), picture-in-picture=(), speaker=(), vr=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), notifications=(), push=(), midi=();
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin;
server-timing: ak_p; desc="1723561076433_1551554334_356308636_169215_27535_31_248_219";dur=1
strict-transport-security: max-age=86400 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

POST
H2 200 access-token Show response
api-partners-hml.bancobmg.com.br/oauth/v1/ 159 B
1 KB 304ms
301ms XHR
application/json 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api-partners-hml.bancobmg.com.br/oauth/v1/access-token

Requested by

Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/assets/index-629569ec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

f4d424ac0f5231ecdcdff89e6430fab58700b2832ad5d3251b3b3b74d59860f1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY, SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://lvns-hml.bancobmg.com.br/
Authorization: Basic NDY2NDEzY2YtMDc2Ny00MDkwLWI2MDUtM2I0ZTVjOGU0ZGJhOjIzZTgxNzI5LTBiZjQtNDQxMy05Y2ZhLWRhOGVlYTkxYTkzNA==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: frame-ancestors 'none'
date: Tue, 13 Aug 2024 14:57:58 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=86400 ; includeSubDomains
content-security-policy-report-only: script-src 'self' http://*.help.com.br/* https://*.help.com.br/* assets.adobedtm.com https://static.hotjar.com/* http://static.hotjar.com/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; style-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; img-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*;
content-disposition: inline
server-timing: cdn-cache; desc=MISS, edge; dur=198, origin; dur=26, ak_p; desc="1723561078472_1551554334_356310907_22375_8779_31_0_219";dur=1
content-length: 159
x-application-context: application:8084
pragma: no-cache
referrer-policy: no-referrer, strict-origin-when-cross-origin;
x-frame-options: DENY, SAMEORIGIN
content-type: application/json;charset=UTF-8, nosniff
access-control-allow-origin: https://lvns-hml.bancobmg.com.br
cache-control: max-age=0, no-cache, no-store
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), encrypted-media=(), fullscreen=(), gyroscope=(), payment=(), picture-in-picture=(), speaker=(), vr=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), notifications=(), push=(), midi=();
expires: Tue, 13 Aug 2024 14:57:58 GMT

GET
H2 200 favicon.ico
lvns-hml.bancobmg.com.br/ 474 B
755 B 686ms
685ms Other
text/html 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://lvns-hml.bancobmg.com.br/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

00b06db7d204bf5212e90e761709cb6152d8e7aae9d21d845a20a648d36b744d

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: ZnLnQfuDIpUONtdJBLC2WkWwU8HD6ykr
content-encoding: br
x-amz-expiration: expiry-date="Wed, 05 Feb 2025 00:00:00 GMT", rule-id="basic-lifecycle-rule"
last-modified: Thu, 08 Aug 2024 19:54:56 GMT
date: Tue, 13 Aug 2024 14:57:56 GMT
x-amz-cf-pop: FOR50-P3
x-amz-server-side-encryption: AES256
etag: "a5076a177c03d1c2cdd077bcbd4d2237"
vary: Accept-Encoding
content-type: text/html
strict-transport-security: max-age=86400 ; includeSubDomains
cache-control: max-age=2297674
server-timing: cdn-cache; desc=HIT, edge; dur=597, origin; dur=0, ak_p; desc="1723561076341_34901596_511512653_59737_11225_31_0_219";dur=1
x-amz-cf-id: vvW7zpnxNlqsQoecY2WSlIhFqScveb5THQcdemsuVhkZP7k_NUNDow==
content-length: 222

GET
H2 200 config.json Show response
c.go-mpulse.net/api/ 613 B
777 B 256ms
118ms XHR
application/json 184.27.96.174
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=6KC2J-PJSNP-8CN7T-GLYY4-LBHNB&d=lvns-hml.bancobmg.com.br&t=5745204&v=1.720.0&sl=0&si=3fee9f0f-a13b-4377-b1e4-2d0f84bf8080-si5w8i&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=1087387
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/6KC2J-PJSNP-8CN7T-GLYY4-LBHNB
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.27.96.174 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-27-96-174.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 49c0b0ae5c58b6ae404c2304734327f910d7ebb62ce1d7d667882eba9cd08d22

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Aug 2024 14:57:56 GMT
cache-control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
timing-allow-origin: *
alt-svc: h3=":443"; ma=93600
content-length: 613
content-type: application/json

POST
H2 204 /
0217991e.akstat.io/ 0
233 B 415ms
386ms Ping
image/gif 2.23.196.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://0217991e.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/6KC2J-PJSNP-8CN7T-GLYY4-LBHNB

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.23.196.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-23-196-132.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://lvns-hml.bancobmg.com.br/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 13 Aug 2024 14:57:57 GMT
content-type: image/gif
access-control-allow-origin: https://lvns-hml.bancobmg.com.br
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
alt-svc: h3=":443"; ma=93600
x-xss-protection: 0
expires: Tue, 13 Aug 2024 14:57:57 GMT

GET
H2 500 session-token Show response
api-partners-hml.bancobmg.com.br/parceiro/formalizacao/v1/face-validator/ 121 B
1 KB 1406ms
1402ms XHR
application/json 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api-partners-hml.bancobmg.com.br/parceiro/formalizacao/v1/face-validator/session-token

Requested by

Host: lvns-hml.bancobmg.com.br
URL: https://lvns-hml.bancobmg.com.br/assets/index-629569ec.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

c0126837d7c36cafad460c88c588cdf2ecb240019ca92c7027eb288a4f18db47

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=86400 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY, SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://lvns-hml.bancobmg.com.br/
platform: WEB_DIGITAL
Authorization: Bearer NDY2NDEzY2YtMDc2Ny00MDkwLWI2MDUtM2I0ZTVjOGU0ZGJhOjExOWE3NzU4LTVhNTgtNGVjZi1iZDM5LTA4MTgyYjFhYTQ3MA==
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-type: Bmg.Bff.Default.Error.ObjectResponseError
content-security-policy: frame-ancestors 'none'
date: Tue, 13 Aug 2024 14:58:00 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=86400 ; includeSubDomains
api-supported-versions: 1
content-security-policy-report-only: script-src 'self' http://*.help.com.br/* https://*.help.com.br/* assets.adobedtm.com https://static.hotjar.com/* http://static.hotjar.com/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; style-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; img-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*;
content-disposition: inline
server-timing: cdn-cache; desc=MISS, edge; dur=193, origin; dur=1126, ak_p; desc="1723561079080_1551554334_356311717_131907_12148_31_0_219";dur=1
content-length: 121
pragma: no-cache
referrer-policy: no-referrer, strict-origin-when-cross-origin;
x-frame-options: DENY, SAMEORIGIN
content-type: application/json;x-api-version=1;charset=utf-8, nosniff
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-bmg-id: a5987899-5c93-48f8-bfba-bb2968297d5c
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), encrypted-media=(), fullscreen=(), gyroscope=(), payment=(), picture-in-picture=(), speaker=(), vr=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), notifications=(), push=(), midi=();
expires: Tue, 13 Aug 2024 14:58:00 GMT

OPTIONS
H2 200 session-token
api-partners-hml.bancobmg.com.br/parceiro/formalizacao/v1/face-validator/ 0
0 294ms
293ms Preflight 2.20.142.96
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api-partners-hml.bancobmg.com.br/parceiro/formalizacao/v1/face-validator/session-token

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.20.142.96 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-20-142-96.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce e9d8ef2bec522167f915468341f52733362e9666
Strict-Transport-Security	max-age=86400 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,platform
Access-Control-Request-Method: GET
Origin: https://lvns-hml.bancobmg.com.br
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,platform
access-control-allow-methods: HEAD, DELETE, POST, GET, OPTIONS, PUT, PATCH
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-disposition: inline
content-length: 6
content-security-policy: default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'none';style-src 'self';img-src 'self';form-action 'self';connect-src 'self';plugin-types application/pdf application/x-shockwave-flash;reflected-xss block;script-nonce e9d8ef2bec522167f915468341f52733362e9666
content-security-policy-report-only: script-src 'self' http://*.help.com.br/* https://*.help.com.br/* assets.adobedtm.com https://static.hotjar.com/* http://static.hotjar.com/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; style-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*; img-src 'self' http://*.help.com.br/* https://*.help.com.br/* https://*.bancobmg.com.br/* http://*.bancobmg.com.br/* http://*.bmgemconta.com.br/* https://*.bmgemconta.com.br/*;
content-type: nosniff
date: Tue, 13 Aug 2024 14:57:59 GMT
expires: Tue, 13 Aug 2024 14:57:59 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), encrypted-media=(), fullscreen=(), gyroscope=(), payment=(), picture-in-picture=(), speaker=(), vr=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), notifications=(), push=(), midi=();
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin;
server-timing: ak_p; desc="1723561078779_1551554334_356311290_21009_13064_31_0_219";dur=1
strict-transport-security: max-age=86400 ; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api-partners-hml.bancobmg.com.br/parceiro/formalizacao/v1/face-validator/session-token Message: Failed to load resource: the server responded with a status of 500 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0217991e.akstat.io
api-partners-hml.bancobmg.com.br
c.go-mpulse.net
lvns-hml.bancobmg.com.br
s.go-mpulse.net
184.27.96.174
2.20.142.96
2.23.196.132
00b06db7d204bf5212e90e761709cb6152d8e7aae9d21d845a20a648d36b744d
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
2e09dd6fcb739910d3da79cfc0b9d4a160014b36a17737497b3c092659377f22
49c0b0ae5c58b6ae404c2304734327f910d7ebb62ce1d7d667882eba9cd08d22
64a7e9a4983b7f93fdf9f69e20438110e8eb076115f5285372b16bcc8b1953fe
9a5904378bea69ce7fa41212337b281fb41da165f03e4e1622462b8c2b007a6c
b2f417410b1f4ccc28c0796e7bfd333541f657563dab3dd90d706fb96c2bfa3c
c0126837d7c36cafad460c88c588cdf2ecb240019ca92c7027eb288a4f18db47
c4478ba650ce6bfac45944b86d4bd52f92b8aa709587384fbe95bad1dd731c19
d0d3f744122e900758c8b18c0cde4414bf2c8cb9709b79c775910841e6b38ba1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4d424ac0f5231ecdcdff89e6430fab58700b2832ad5d3251b3b3b74d59860f1

lvns-hml.bancobmg.com.br Open in urlscan Pro 2.20.142.96 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

3 Domains

5 Subdomains

3 IPs

1 Countries

948 kBTransfer

3630 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

lvns-hml.bancobmg.com.br Open in urlscan Pro
2.20.142.96 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

3
IPs

1
Countries

948 kB
Transfer

3630 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions