urlscan.io logo urlscan.io
SecurityTrails logo

account.carglass.com.br Open in urlscan Pro
34.65.209.240  Public Scan

Go To Rescan Add Verdict Report
URL: https://account.carglass.com.br/
Submission: On August 24 via automatic, source certstream-suspicious — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 34.65.209.240, located in Zurich, Switzerland and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is account.carglass.com.br.
TLS certificate: Issued by R10 on June 25th 2024. Valid for: 3 months.
This is the only time account.carglass.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 34.65.209.240 396982 (GOOGLE-CL...)
2 2a00:1450:400... 15169 (GOOGLE)
2 142.250.185.68 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
23 5
17    34.65.209.240 (Zurich, Switzerland)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.209.65.34.bc.googleusercontent.com
account.carglass.com.br
2    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net
www.google.com
1    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
17 carglass.com.br
account.carglass.com.br
476 KB
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
230 KB
2 google.com
www.google.com — Cisco Umbrella Rank: 10
993 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
23 4
Domain Requested by
17 account.carglass.com.br account.carglass.com.br
2 www.google.com account.carglass.com.br
www.gstatic.com
2 fonts.googleapis.com account.carglass.com.br
1 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com www.google.com
23 5

This site contains no links.

Subject Issuer Validity Valid
account.carglass.com.br
R10		 2024-06-25 -
2024-09-23		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://account.carglass.com.br/
Frame ID: 25A191AD8F3C9622A5852E0F04731F07
Requests: 22 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9LjApAAAAAIPdUNXxDyPngbTbMEQkEik146zP&co=aHR0cHM6Ly9hY2NvdW50LmNhcmdsYXNzLmNvbS5icjo0NDM.&hl=de-CH&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=3pyn65iz70ul
Frame ID: 599773D69F5FD9F3710BBD1FB82BA999
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Carglass®| Account

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+ionicons(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link[^>]+?href="[^"]+sweetalert2(?:\.min)?\.css
  • sweetalert2(?:\.all)?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

23
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

709 kB
Transfer

1499 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
account.carglass.com.br/ 		13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
6e76362be8f1073c414200766718a8946dc387878652379f8d454fddd59abb4b
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sat, 24 Aug 2024 03:19:34 GMT
permissions-policy
fullscreen=()
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
secured
By XLabs Security www.xlabs.com.br
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
strict-transport-security
max-age=63072000; preload
x-aspnet-version
4.0.30319
x-aspnetmvc-version
5.2
x-cdn
XLabs Security
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-pop
tyrell.armor.zone
x-powered-by
CG
bootstrap.min.css
account.carglass.com.br/Content/libs/bootstrap/dist/css/ 		118 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/bootstrap/dist/css/bootstrap.min.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
font-awesome.min.css
account.carglass.com.br/Content/libs/font-awesome/css/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/font-awesome/css/font-awesome.min.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
ionicons.min.css
account.carglass.com.br/Content/libs/Ionicons/css/ 		50 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/Ionicons/css/ionicons.min.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
77d332fac16a1e8c80df4f42b9f22c4c738f46234d5f962377d327cd9d7dd9fc
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
main.css
account.carglass.com.br/Content/css/ 		148 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/css/main.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
f051eeec7e9523cbcf437645f7aaf6065d6fb9de42987f41e731405c9cb6dc5e
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
skin-red.css
account.carglass.com.br/Content/css/skins/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/css/skins/skin-red.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
07838e90b9c648993ac0f7f9d4022e22c4ec007b320646ff7c7852a266b4c0f1
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
red.css
account.carglass.com.br/Content/libs/iCheck/square/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/iCheck/square/red.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
7612aec81d99d8b5d4c00ce844da0732761d88d82605245bdc3bc4c4b0b2246c
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
sweetalert2.css
account.carglass.com.br/Content/libs/sweetalert2/ 		20 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/sweetalert2/sweetalert2.css
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
7798892c0a41191aba37018ceff0fe1d36a47d5ab0441153ecfb977301fcfa4f
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
text/css
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
css
fonts.googleapis.com/ 		16 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
49afe8ea5f2d8846973068bb5c396b410f4864e8903589b6dc337bf71bf063e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Aug 2024 03:19:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Aug 2024 01:54:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Aug 2024 03:19:34 GMT
logo-white-big.png
account.carglass.com.br/Content/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.carglass.com.br/Content/img/logo-white-big.png
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
6587c1a7a34fd9022672c800b1043ab2b0455bc2b56f42cb3e1dc1c7738028e8
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
content-length
5116
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
"06af36c8643d81:0"
content-type
image/png
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
accept-ranges
bytes
api.js
www.google.com/recaptcha/ 		1 KB
993 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6Ld9LjApAAAAAIPdUNXxDyPngbTbMEQkEik146zP
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
GSE /
Resource Hash
dca2d827c379903e3162bdc12c4f2001015e5629b3ed9503672398efad35b68b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sat, 24 Aug 2024 03:19:34 GMT
jquery.min.js
account.carglass.com.br/Content/libs/jquery/dist/ 		85 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/jquery/dist/jquery.min.js
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
application/javascript; charset=utf-8
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
bootstrap.min.js
account.carglass.com.br/Content/libs/bootstrap/dist/js/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/bootstrap/dist/js/bootstrap.min.js
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
application/javascript; charset=utf-8
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
icheck.min.js
account.carglass.com.br/Content/libs/iCheck/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/iCheck/icheck.min.js
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
d302b68763dc52f17f8ba3f85b32a7e2e0b90628ef0bcac2641b0569f8ae2791
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
application/javascript; charset=utf-8
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
sweetalert2.js
account.carglass.com.br/Content/libs/sweetalert2/ 		98 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/sweetalert2/sweetalert2.js
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
f216a4b7288706e5df663fd0dfc4323fbe5efaaa6b2d2e06784b1f381d4a2332
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:35 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
content-encoding
gzip
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
W/"06af36c8643d81:0"
content-type
application/javascript; charset=utf-8
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
css
fonts.googleapis.com/ 		2 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/Content/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
11f0f33f9711ca7551b10cdff821a5c9b8ab7d74055c1d84adf61708991774a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 24 Aug 2024 03:19:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 24 Aug 2024 01:46:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 24 Aug 2024 03:19:36 GMT
recaptcha__de_ch.js
www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/ 		539 KB
215 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__de_ch.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Ld9LjApAAAAAIPdUNXxDyPngbTbMEQkEik146zP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ab3718e13044440edb4ce9a1b9b54933a338908c21c97d39e39820df0c35beb3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://account.carglass.com.br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 19 Aug 2024 22:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
364475
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
219515
x-xss-protection
0
last-modified
Mon, 19 Aug 2024 04:00:58 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 19 Aug 2025 22:05:01 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600,700,300italic,400italic,600italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://account.carglass.com.br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 13:55:28 GMT
x-content-type-options
nosniff
age
307448
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14892
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 22:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Aug 2025 13:55:28 GMT
glyphicons-halflings-regular.woff2
account.carglass.com.br/Content/libs/bootstrap/dist/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/Content/libs/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/Content/libs/bootstrap/dist/css/bootstrap.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://account.carglass.com.br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:36 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
content-length
18028
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
"06af36c8643d81:0"
content-type
application/font-woff2
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
accept-ranges
bytes
ajax-loader.gif
account.carglass.com.br/Content/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.carglass.com.br/Content/img/ajax-loader.gif
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/Content/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
056a4fc46b7b45abcdc5c645ba4944209f2ee6a0e2ec42349924e58e792f092a
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:36 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
content-length
1924
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
"06af36c8643d81:0"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
accept-ranges
bytes
bg-6.jpg
account.carglass.com.br/Content/img/ 		277 KB
278 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://account.carglass.com.br/Content/img/bg-6.jpg
Requested by
Host: account.carglass.com.br
URL: https://account.carglass.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
7ee660279801950e936fdfcb853ef5ceb6e0b1d4528f960d7a13f0271485c39a
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://account.carglass.com.br/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:36 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
content-length
283583
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Tue, 29 Mar 2022 16:02:44 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
"06af36c8643d81:0"
content-type
image/jpeg
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
accept-ranges
bytes
anchor
www.google.com/recaptcha/api2/ Frame 5997 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld9LjApAAAAAIPdUNXxDyPngbTbMEQkEik146zP&co=aHR0cHM6Ly9hY2NvdW50LmNhcmdsYXNzLmNvbS5icjo0NDM.&hl=de-CH&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=3pyn65iz70ul
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__de_ch.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-UZ3553oTQOwJiF8xYcillw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-UZ3553oTQOwJiF8xYcillw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 24 Aug 2024 03:19:36 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.ico
account.carglass.com.br/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://account.carglass.com.br/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.65.209.240 Zurich, Switzerland, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
240.209.65.34.bc.googleusercontent.com
Software
XLabs WAF v4.0 https://www.xlabs.com.br/waf / CG
Resource Hash
02775e9c314f1f66477f011e42ba9edac5246762333fab224e3ee6287f94d664
Security Headers
Name Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Sat, 24 Aug 2024 03:19:38 GMT
strict-transport-security
max-age=63072000; preload
x-content-type-options
nosniff
x-cdn
XLabs Security
x-powered-by
CG
secured
By XLabs Security www.xlabs.com.br
content-length
16958
public-key-pins
pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
referrer-policy
no-referrer
x-pop
tyrell.armor.zone
last-modified
Thu, 19 Jul 2018 21:36:36 GMT
server
XLabs WAF v4.0 https://www.xlabs.com.br/waf
etag
"04ab391a81fd41:0"
content-type
image/x-icon
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
permissions-policy
fullscreen=()
accept-ranges
bytes

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| $ function| jQuery function| Sweetalert2 function| swal function| sweetAlert string| urlLogin function| checkEmail function| btnSubmit object| recaptcha object| closure_lm_475663

14 Cookies

Domain/Path Name / Value
account.carglass.com.br/Content/libs/bootstrap/dist/fonts Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/bootstrap/dist/css Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/bootstrap/dist/js Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/font-awesome/css Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/iCheck/square Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/Ionicons/css Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/sweetalert2 Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/jquery/dist Name:
Value: HttpOnly
account.carglass.com.br/Content/libs/iCheck Name:
Value: HttpOnly
account.carglass.com.br/Content/css/skins Name:
Value: HttpOnly
account.carglass.com.br/Content/css Name:
Value: HttpOnly
account.carglass.com.br/Content/img Name:
Value: HttpOnly
account.carglass.com.br/ Name: __RequestVerificationToken
Value: wkA4N7P4BzaCUkB7JARm8r3ViR4p1cKdklArgX-MDzn2MYKu4zhgF4tRrc72e9ckyayIXEeBapwAEh0SCPN8DWi-IboU8OEDONngZOANQRo1
account.carglass.com.br/ Name:
Value: HttpOnly

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://account.carglass.com.br/
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Public-Key-Pins pin-sha256="bhQ53fe+uTBFfby+aUvaOIWIr1KfGq3xBVcDq9rA9uk="; pin-sha256="d8/agDt8zEIHaxnp+b/AVs+AQH2ppl3w6vqaSjezmWM="; max-age=300
Strict-Transport-Security max-age=63072000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.carglass.com.br
fonts.googleapis.com
fonts.gstatic.com
www.google.com
www.gstatic.com
142.250.185.68
2a00:1450:4001:829::2003
2a00:1450:4001:829::200a
2a00:1450:4001:831::2003
34.65.209.240
02775e9c314f1f66477f011e42ba9edac5246762333fab224e3ee6287f94d664
056a4fc46b7b45abcdc5c645ba4944209f2ee6a0e2ec42349924e58e792f092a
07838e90b9c648993ac0f7f9d4022e22c4ec007b320646ff7c7852a266b4c0f1
11f0f33f9711ca7551b10cdff821a5c9b8ab7d74055c1d84adf61708991774a4
36460e494e4c628443afded40b2743b5ede9a4a76fb4f7b9ef2345cc7e59fd64
49afe8ea5f2d8846973068bb5c396b410f4864e8903589b6dc337bf71bf063e1
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6587c1a7a34fd9022672c800b1043ab2b0455bc2b56f42cb3e1dc1c7738028e8
6e76362be8f1073c414200766718a8946dc387878652379f8d454fddd59abb4b
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7612aec81d99d8b5d4c00ce844da0732761d88d82605245bdc3bc4c4b0b2246c
7798892c0a41191aba37018ceff0fe1d36a47d5ab0441153ecfb977301fcfa4f
77d332fac16a1e8c80df4f42b9f22c4c738f46234d5f962377d327cd9d7dd9fc
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
7ee660279801950e936fdfcb853ef5ceb6e0b1d4528f960d7a13f0271485c39a
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
ab3718e13044440edb4ce9a1b9b54933a338908c21c97d39e39820df0c35beb3
d302b68763dc52f17f8ba3f85b32a7e2e0b90628ef0bcac2641b0569f8ae2791
dca2d827c379903e3162bdc12c4f2001015e5629b3ed9503672398efad35b68b
f051eeec7e9523cbcf437645f7aaf6065d6fb9de42987f41e731405c9cb6dc5e
f216a4b7288706e5df663fd0dfc4323fbe5efaaa6b2d2e06784b1f381d4a2332
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c