urlscan.io logo urlscan.io
SecurityTrails logo

pluspay.minhaconta.zoop.com.br Open in urlscan Pro
2600:9000:247b:3c00:1c:7c92:480:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://pluspay.minhaconta.zoop.com.br/
Submission: On March 28 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 7 domains to perform 20 HTTP transactions. The main IP is 2600:9000:247b:3c00:1c:7c92:480:93a1, located in United States and belongs to AMAZON-02, US. The main domain is pluspay.minhaconta.zoop.com.br.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 13th 2023. Valid for: a year.
This is the only time pluspay.minhaconta.zoop.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 2600:9000:247... 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 108.138.106.124 16509 (AMAZON-02)
1 52.95.164.59 16509 (AMAZON-02)
1 18.164.96.77 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 108.138.125.36 16509 (AMAZON-02)
1 18.164.96.52 16509 (AMAZON-02)
1 142.250.72.110 15169 (GOOGLE)
20 10
6    2600:9000:247b:3c00:1c:7c92:480:93a1 (United States)

ASN16509 (AMAZON-02, US)
pluspay.minhaconta.zoop.com.br
2    2607:f8b0:4006:817::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    108.138.106.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-124.jfk50.r.cloudfront.net
static.hotjar.com
1    52.95.164.59 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: s3-sa-east-1.amazonaws.com
s3-sa-east-1.amazonaws.com
1    18.164.96.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-77.jfk50.r.cloudfront.net
script.hotjar.com
2    2607:f8b0:4006:80d::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    108.138.125.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-125-36.jfk50.r.cloudfront.net
cdn.amplitude.com
1    18.164.96.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-52.jfk50.r.cloudfront.net
vc.hotjar.io
1    142.250.72.110 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f14.1e100.net
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
6 zoop.com.br
pluspay.minhaconta.zoop.com.br
34 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
21 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 712
script.hotjar.com — Cisco Umbrella Rank: 959
60 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 42
156 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 2704
232 B
1 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 2926
19 KB
1 amazonaws.com
s3-sa-east-1.amazonaws.com
516 B
20 7
Domain Requested by
6 pluspay.minhaconta.zoop.com.br pluspay.minhaconta.zoop.com.br
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com pluspay.minhaconta.zoop.com.br
www.google-analytics.com
1 vc.hotjar.io script.hotjar.com
1 cdn.amplitude.com pluspay.minhaconta.zoop.com.br
1 script.hotjar.com static.hotjar.com
1 s3-sa-east-1.amazonaws.com pluspay.minhaconta.zoop.com.br
1 static.hotjar.com pluspay.minhaconta.zoop.com.br
20 8

This site contains no links.

Subject Issuer Validity Valid
*.minhaconta.zoop.com.br
Amazon RSA 2048 M02		 2023-12-13 -
2025-01-10		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M03		 2024-02-07 -
2025-03-08		 a year crt.sh
*.s3-sa-east-1.amazonaws.com
Amazon RSA 2048 M01		 2024-02-08 -
2025-01-17		 a year crt.sh
cdn.amplitude.com
Amazon RSA 2048 M02		 2023-12-14 -
2025-01-12		 a year crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-02-07 -
2025-03-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pluspay.minhaconta.zoop.com.br/
Frame ID: 4A158923FC3C8A553D98D2E4BECE28E8
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Minha Conta

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

20
Requests

80 %
HTTPS

33 %
IPv6

7
Domains

8
Subdomains

10
IPs

2
Countries

290 kB
Transfer

824 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
53
content-length
3771
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
content-type
text/html
date
Thu, 28 Mar 2024 14:29:44 GMT
etag
"cde232cb6270a5f907562e931efc6fee"
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
referrer-policy
strict-origin-when-cross-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-amz-cf-id
aOQseXEtI5O2xCg4RZkdWVnaROHB_eOLvbXclnKD2hh9t1nm4s2AoQ==
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
1.styles.css
pluspay.minhaconta.zoop.com.br/ 		0
0
0.styles.css
pluspay.minhaconta.zoop.com.br/ 		0
0
runtime.62e51cb047458c0fe76a.js
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/runtime.62e51cb047458c0fe76a.js
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:29:44 GMT
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P2
age
53
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
3771
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
server
AmazonS3
etag
"cde232cb6270a5f907562e931efc6fee"
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
accept-ranges
bytes
x-amz-cf-id
4R10HpDJsB4lEJWRm3Z1wH_zUn0q844AiMYQWiaxSBiN4wU-oVtZKw==
vendors.62e51cb047458c0fe76a.js
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/vendors.62e51cb047458c0fe76a.js
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:29:44 GMT
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P2
age
53
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
3771
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
server
AmazonS3
etag
"cde232cb6270a5f907562e931efc6fee"
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
accept-ranges
bytes
x-amz-cf-id
dbflQ1AmL-hjKlCaFGx5ejh82hg2Af_YTrJ0UvLpX2OAzkt-UMZggQ==
main.62e51cb047458c0fe76a.js
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/main.62e51cb047458c0fe76a.js
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:29:44 GMT
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P2
age
53
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
3771
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
server
AmazonS3
etag
"cde232cb6270a5f907562e931efc6fee"
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
accept-ranges
bytes
x-amz-cf-id
obQWIh2r_X2XbVyXZz0bwfhZav6jg9avaQRlVmXzxYTXTlJAS3T8fQ==
gtm.js
www.googletagmanager.com/ 		200 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M8QGDHP
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
21c9d1cb0beb5d088b448d41e83fca6b6214d57fe0114518b2e38a1d2f7284a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:30:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65128
x-xss-protection
0
last-modified
Thu, 28 Mar 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 28 Mar 2024 14:30:36 GMT
hotjar-3057155.js
static.hotjar.com/c/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-3057155.js?sv=6
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-124.jfk50.r.cloudfront.net
Software
/
Resource Hash
5181da4bbca73a53a9f14795b40df5ded52bdf5e5b901a1199000915910567e4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 28 Mar 2024 14:30:36 GMT
via
1.1 264f765d2ad734b490f4728d6de8ce04.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
etag
W/b0accd805729bbe8913f7564f03320bf
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
-DiRO2gQ0DrqzoMVdeNUE2HyJmboEa1mYZRzM3xefG0XbsNeAUySHQ==
bg.png
s3-sa-east-1.amazonaws.com/frame-image-br/ 		0
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-sa-east-1.amazonaws.com/frame-image-br/bg.png?x-id=d794af5eb3207c3665c21a5ef8bfd9b0&x-r=
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.164.59 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-sa-east-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 28 Mar 2024 14:30:37 GMT
Last-Modified
Thu, 04 May 2017 08:21:21 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:502/gname:staff/uname:user/gid:20/mode:33188/mtime:1493416832/atime:1493796970/md5:d41d8cd98f00b204e9800998ecf8427e/ctime:1493416832
x-amz-request-id
8YSDKDWDNRC0B8SB
ETag
"d41d8cd98f00b204e9800998ecf8427e"
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
0
x-amz-id-2
O/pXgJ/PwSDnvszbXJy4HSKRqIqtbxZjrZ7us3GzVPxGXl75ifa6b2wrSbrVktlOxuZ7BGwIuoE=
1.styles.css
pluspay.minhaconta.zoop.com.br/ 		0
0
0.styles.css
pluspay.minhaconta.zoop.com.br/ 		0
0
modules.ad6500eebe72fe1c39dd.js
script.hotjar.com/ 		220 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.ad6500eebe72fe1c39dd.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3057155.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
6265ca724f73e24568a94c7ea752b44e491c10231bfc8e80e86cd3f02eab2e71
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 14:57:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 48fa2d8b9525abe889eff7ccc8591f7e.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
age
171210
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55561
last-modified
Tue, 26 Mar 2024 14:56:24 GMT
etag
"f703d086dd13480e3864cec4546e74ca"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
1I4BIOVLsWbzzo-zhjG3Ecm3Oud1Zu8lVZpW9d220m_RAEWyxHQAkA==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M8QGDHP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 28 Mar 2024 14:06:53 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1424
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 28 Mar 2024 16:06:53 GMT
amplitude-5.8.0-min.gz.js
cdn.amplitude.com/libs/ 		57 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-5.8.0-min.gz.js
Requested by
Host: pluspay.minhaconta.zoop.com.br
URL: https://pluspay.minhaconta.zoop.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.125.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-125-36.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
54234dbc5f94f0c00e43abfab5b835783474b7259ab5ba5ba4024e0ef212e181

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
Origin
https://pluspay.minhaconta.zoop.com.br
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 14:29:40 GMT
content-encoding
gzip
via
1.1 25c8a58d4773aeef98fa0f0f950689bc.cloudfront.net (CloudFront)
x-amz-version-id
JayGW0K7hcKEk8hUb5nZ1QRH3tobN7O9
x-amz-cf-pop
JFK50-P4
age
259258
x-cache
Hit from cloudfront
content-length
18497
last-modified
Fri, 06 Dec 2019 21:57:52 GMT
server
AmazonS3
etag
"208999c2bfaa80353f3f37c256fd3a3d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
l5hl5Ov0uyzoJeoH_xTHRQcm8qlun8lMzWLFV6e3nTgrVW7qfez29w==
3057155
vc.hotjar.io/sessions/ 		0
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/3057155?s=0.25&r=0.11804130826451753
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.ad6500eebe72fe1c39dd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.96.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-52.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
date
Thu, 28 Mar 2024 14:30:37 GMT
cache-control
no-store
via
1.1 241db89625f6ef70a00b0e19e0cfc332.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
x-amz-cf-id
Qm4twXDf73nclfJqUoC6zdjUMV5Ek9k88-iSUjqjV8A0ZECZA3HG2g==
x-cache
Miss from cloudfront
collect
www.google-analytics.com/j/ 		15 B
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1490728581&t=pageview&_s=1&dl=https%3A%2F%2Fpluspay.minhaconta.zoop.com.br%2F&ul=en-us&de=UTF-8&dt=Minha%20Conta&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=YEBAAEABAAAAACAAI~&jid=2115985474&gjid=29485646&cid=269966910.1711636238&tid=UA-153786727-2&_gid=198168472.1711636238&_r=1&_slc=1&gtm=45He43p0n81M8QGDHPza200&gcd=13l3l3l3l1&dma=0&z=1300355519
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f61215bf9fd7b0ef9636b98b98fc9ff78022bb90ed68e1a25dd942e4c2aab1f2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 28 Mar 2024 14:30:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pluspay.minhaconta.zoop.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		263 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B39HL63RXM&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
357073d585cbe0f035e05790be6529163497b5054cc779b84c7d7adbcec46fba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:30:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94253
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 28 Mar 2024 14:30:38 GMT
favicon.ico
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:29:44 GMT
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P2
age
55
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
3771
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
server
AmazonS3
etag
"cde232cb6270a5f907562e931efc6fee"
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
accept-ranges
bytes
x-amz-cf-id
e78bnj8WoUkQu8xnLdLsHfnERYuzr5ixhVtyu4C7dZHapf_bdoAJlw==
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-B39HL63RXM&gtm=45je43p0v9125803075za200&_p=1711636236383&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=800x600&cid=269966910.1711636238&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fpluspay.minhaconta.zoop.com.br%2F&dt=Minha%20Conta&sid=1711636238&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2692
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B39HL63RXM&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.72.110 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s32-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 28 Mar 2024 14:30:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://pluspay.minhaconta.zoop.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
favicon.ico
pluspay.minhaconta.zoop.com.br/ 		4 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pluspay.minhaconta.zoop.com.br/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:3c00:1c:7c92:480:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5799d36e666f1e59004cda8b44536f795f9ba1d4f15bf19d88373cda3353658d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://pluspay.minhaconta.zoop.com.br/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 14:29:44 GMT
via
1.1 65302a67852221313e65b936cd8d6b68.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P2
age
55
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
content-length
3771
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 14 Mar 2024 21:22:35 GMT
server
AmazonS3
etag
"cde232cb6270a5f907562e931efc6fee"
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(self), speaker-selection=(self)
accept-ranges
bytes
x-amz-cf-id
WGrMYLEY5hZftT5QBUAxVxsOTOu-mOIjBycXJqSSrS-t4ZA9c0jefA==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pluspay.minhaconta.zoop.com.br
URL
https://pluspay.minhaconta.zoop.com.br/1.styles.css
Domain
pluspay.minhaconta.zoop.com.br
URL
https://pluspay.minhaconta.zoop.com.br/0.styles.css
Domain
pluspay.minhaconta.zoop.com.br
URL
https://pluspay.minhaconta.zoop.com.br/1.styles.css
Domain
pluspay.minhaconta.zoop.com.br
URL
https://pluspay.minhaconta.zoop.com.br/0.styles.css

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onpagereveal object| dataLayer function| hj object| _hjSettings string| u function| myFunction object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| amplitude object| gaplugins object| gaGlobal object| gaData

7 Cookies

Domain/Path Name / Value
.zoop.com.br/ Name: _hjSessionUser_3057155
Value: eyJpZCI6ImM3NmQxYTM1LWM3MzgtNTg2MC04ZTZhLWQ1N2E0NjJkNmRiNiIsImNyZWF0ZWQiOjE3MTE2MzYyMzcyNzcsImV4aXN0aW5nIjpmYWxzZX0=
.zoop.com.br/ Name: _hjSession_3057155
Value: eyJpZCI6IjJhYjU5MTJhLWE4N2YtNDBlMi1hMzA2LTBhMDdkMmE2YTIyMiIsImMiOjE3MTE2MzYyMzczMTYsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.zoop.com.br/ Name: amplitude_id_6e5ed76d3dccf192c6d39c5745608195zoop.com.br
Value: eyJkZXZpY2VJZCI6Ijk4ZmRkMTU1LTgzODQtNDk3Ny1iN2JhLTU3MTcxZGFhZmVhMFIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTcxMTYzNjIzNzU4NCwibGFzdEV2ZW50VGltZSI6MTcxMTYzNjIzNzU4NCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9
.zoop.com.br/ Name: _ga
Value: GA1.3.269966910.1711636238
.zoop.com.br/ Name: _gid
Value: GA1.3.198168472.1711636238
.zoop.com.br/ Name: _gat_UA-153786727-2
Value: 1
.zoop.com.br/ Name: _ga_B39HL63RXM
Value: GS1.3.1711636238.1.0.1711636238.0.0.0

15 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker-selection'.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to apply style from 'https://pluspay.minhaconta.zoop.com.br/1.styles.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to apply style from 'https://pluspay.minhaconta.zoop.com.br/0.styles.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to execute script from 'https://pluspay.minhaconta.zoop.com.br/runtime.62e51cb047458c0fe76a.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to apply style from 'https://pluspay.minhaconta.zoop.com.br/1.styles.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to apply style from 'https://pluspay.minhaconta.zoop.com.br/0.styles.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to execute script from 'https://pluspay.minhaconta.zoop.com.br/vendors.62e51cb047458c0fe76a.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://pluspay.minhaconta.zoop.com.br/
Message:
Refused to execute script from 'https://pluspay.minhaconta.zoop.com.br/main.62e51cb047458c0fe76a.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'none'; frame-src https://www.google.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' blob: data: https://api.zoop.ws/ https://s3-sa-east-1.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.hotjar.com https://www.google-analytics.com https://cdn.amplitude.com https://www.google.com https://www.gstatic.com; connect-src 'self' https://api.amplitude.com/ https://api.zoop.ws/ https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.da.zoop.ws https://api.ra.zoop.ws https://api.pagzoop.com https://api.credit.zoop.ws https://api.postmon.com.br https://www.googletagmanager.com https://www.google-analytics.com https://rum-http-intake.logs.datadoghq.com https://cognito-idp.sa-east-1.amazonaws.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block