urlscan.io logo urlscan.io
SecurityTrails logo

contas.me Open in urlscan Pro
20.195.230.98  Public Scan

Go To Rescan Add Verdict Report
URL: https://contas.me/
Submission: On August 10 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 20.195.230.98, located in Campinas, Brazil and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is contas.me.
TLS certificate: Issued by R10 on August 10th 2024. Valid for: 3 months.
This is the only time contas.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 20.195.230.98 8075 (MICROSOFT...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
17 3
Apex Domain
Subdomains		 Transfer
11 contas.me
contas.me
565 KB
4 gstatic.com
fonts.gstatic.com
91 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
17 3
Domain Requested by
11 contas.me contas.me
4 fonts.gstatic.com contas.me
2 www.google-analytics.com contas.me
www.google-analytics.com
17 3

This site contains links to these domains. Also see Links.

Domain
www.messagecenter.com.br
pt-br.facebook.com
www.instagram.com
wa.me
Subject Issuer Validity Valid
contas.me
R10		 2024-08-10 -
2024-11-08		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://contas.me/
Frame ID: 0948342A3BB16C303A9205E6F8C4E2D3
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Envio de Boleto

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

677 kB
Transfer

705 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
contas.me/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5d6105e59d9140657727423c29257714fa2eef2b109006ad810da1d351b31ffd
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
private
content-length
4123
content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
content-type
text/html; charset=utf-8
date
Sat, 10 Aug 2024 05:03:48 GMT
permissions-policy
geolocation=(self)
referrer-policy
strict-origin-when-cross-origin
server
Microsoft-IIS/10.0
strict-transport-security
max-age=31536000;includeSubdomains
x-aspnet-version
4.0.30319
x-aspnetmvc-version
5.2
x-content-type-options
nosniff
x-frame-options
DENY
jquery-3.3.1.min.js
contas.me/Scripts/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contas.me/Scripts/jquery-3.3.1.min.js
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:23 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"1a4be6ca95b6da1:0"
x-frame-options
DENY
content-type
application/javascript
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
86929
fonts.css
contas.me/Content/ 		5 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://contas.me/Content/fonts.css
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2ae3d9a95e800a7fe34f186c6b979b79a4be7a95bbc8a3d03f7804a046900bb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:21 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"bb235ca95b6da1:0"
x-frame-options
DENY
content-type
text/css
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
4783
bootstrap.min-2.css
contas.me/Content/ 		195 KB
196 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://contas.me/Content/bootstrap.min-2.css
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e6044eb634e57c94cd06db0a48b41db077c0b0d2672dd01fd619abd63da09ebe
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:21 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"861229ca95b6da1:0"
x-frame-options
DENY
content-type
text/css
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
200052
padrao.css
contas.me/Content/ 		9 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://contas.me/Content/padrao.css
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d66aa364ae8daabe896a314f3561f430f0487135d340268c7419aa607f566a35
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:22 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"c02348ca95b6da1:0"
x-frame-options
DENY
content-type
text/css
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
8814
logopadrao.jpg
contas.me/Content/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contas.me/Content/images/logopadrao.jpg
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
72d103c2d6dd62b0092861f34b69051f122cf3f7e9bb284e430757b288d28c35
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:22 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"1cbc45ca95b6da1:0"
x-frame-options
DENY
content-type
image/jpeg
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
4808
bootstrap.4.1.3.min.js
contas.me/Scripts/ 		50 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contas.me/Scripts/bootstrap.4.1.3.min.js
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4f3faeec469294b610f6ca82aa1cc2b3368fd56611b31c551c2ee224feadb411
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:22 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"67bc70ca95b6da1:0"
x-frame-options
DENY
content-type
application/javascript
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
51045
scripts.js
contas.me/Scripts/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://contas.me/Scripts/scripts.js
Requested by
Host: contas.me
URL: https://contas.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d40f541ea13b8a8f20a9fe3709e1108e83176b79d91e9b444cc118f985b981db
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:26 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"1b3dcacc95b6da1:0"
x-frame-options
DENY
content-type
application/javascript
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
4551
bg-home.jpg
contas.me/Content/images/ 		172 KB
172 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contas.me/Content/images/bg-home.jpg
Requested by
Host: contas.me
URL: https://contas.me/Content/padrao.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a7a394a47063949357c069784ec57eaa85332297cb16deafe920ee014a2b5894
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/Content/padrao.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:22 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:49 GMT
etag
"e25543ca95b6da1:0"
x-frame-options
DENY
content-type
image/jpeg
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
175783
S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v15/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh7USSwiPGQ.woff2
Requested by
Host: contas.me
URL: https://contas.me/Content/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://contas.me/
Origin
https://contas.me
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 23:48:28 GMT
x-content-type-options
nosniff
age
278122
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23248
x-xss-protection
0
last-modified
Mon, 25 Mar 2019 20:11:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 06 Aug 2025 23:48:28 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v15/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: contas.me
URL: https://contas.me/Content/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://contas.me/
Origin
https://contas.me
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 07 Aug 2024 00:25:57 GMT
x-content-type-options
nosniff
age
275873
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22572
x-xss-protection
0
last-modified
Mon, 25 Mar 2019 20:11:27 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Aug 2025 00:25:57 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v15/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: contas.me
URL: https://contas.me/Content/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://contas.me/
Origin
https://contas.me
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 07 Aug 2024 18:48:09 GMT
x-content-type-options
nosniff
age
209741
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22992
x-xss-protection
0
last-modified
Mon, 25 Mar 2019 20:11:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 07 Aug 2025 18:48:09 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v15/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v15/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: contas.me
URL: https://contas.me/Content/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://contas.me/
Origin
https://contas.me
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 01:23:46 GMT
x-content-type-options
nosniff
age
186004
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23484
x-xss-protection
0
last-modified
Mon, 25 Mar 2019 20:11:26 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Aug 2025 01:23:46 GMT
mcenter.woff
contas.me/Content/fonts/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://contas.me/Content/fonts/mcenter.woff
Requested by
Host: contas.me
URL: https://contas.me/Content/padrao.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f0a60f93829cdf1f2fde657b720bd2873aff5af69e2e977a7b555ab5427e139e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/Content/padrao.css
Origin
https://contas.me
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:22 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:50 GMT
etag
"5fcb39ca95b6da1:0"
x-frame-options
DENY
content-type
font/x-woff
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
4212
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: contas.me
URL: https://contas.me/Scripts/scripts.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 04:40:39 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1391
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 10 Aug 2024 06:40:39 GMT
collect
www.google-analytics.com/j/ 		3 B
203 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1045096382&t=pageview&_s=1&dl=https%3A%2F%2Fcontas.me%2F&ul=de-de&de=UTF-8&dt=Envio%20de%20Boleto&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=852786671&gjid=1529940399&cid=451847364.1723266231&tid=UA-24996081-3&_gid=2078781087.1723266231&_r=1&_slc=1&z=1838872355
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:03:50 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://contas.me
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
contas.me/ 		31 KB
31 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://contas.me/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
20.195.230.98 Campinas, Brazil, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://contas.me/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
strict-transport-security
max-age=31536000;includeSubdomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Tue, 04 Jun 2024 15:42:26 GMT
server
Microsoft-IIS/10.0
date
Sat, 10 Aug 2024 05:03:50 GMT
etag
"26125cd95b6da1:0"
x-frame-options
DENY
content-type
image/x-icon
permissions-policy
geolocation=(self)
accept-ranges
bytes
content-length
32038

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap function| acessar function| geraAgenda string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

3 Cookies

Domain/Path Name / Value
.contas.me/ Name: _ga
Value: GA1.2.451847364.1723266231
.contas.me/ Name: _gid
Value: GA1.2.2078781087.1723266231
.contas.me/ Name: _gat
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: www.google-analytics.com; img-src 'self' https://imagens.servicodecampanhas.com data:; script-src 'self'; style-src 'self'; font-src 'self' https://fonts.gstatic.com; script-src-elem 'self' https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'self' https://www.google.com;
Strict-Transport-Security max-age=31536000;includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options DENY