urlscan.io logo urlscan.io
SecurityTrails logo

autorizador.tst.saude.gov.br Open in urlscan Pro
189.28.130.38  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://fns-domiciliobancario-api.tst.saude.gov.br/
Effective URL: https://autorizador.tst.saude.gov.br/login
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On September 29 via api from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 22 HTTP transactions. The main IP is 189.28.130.38, located in Brasília, Brazil and belongs to MINISTERIO DA SAUDE, BR. The main domain is autorizador.tst.saude.gov.br.
TLS certificate: Issued by R3 on September 21st 2023. Valid for: 3 months.
This is the only time autorizador.tst.saude.gov.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 20 189.28.130.38 28291 (MINISTERI...)
1 2a00:1450:400... 15169 (GOOGLE)
1 192.229.133.221 15133 (EDGECAST)
3 3 2400:52e0:1e0... 200325 (BUNNYCDN)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
22 6
20    189.28.130.38 (Brasília, Brazil)

ASN28291 (MINISTERIO DA SAUDE, BR)
fns-domiciliobancario-api.tst.saude.gov.br
autorizador.tst.saude.gov.br
captcha.tst.saude.gov.br
captcha-api.tst.saude.gov.br
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    192.229.133.221 (United States)

ASN15133 (EDGECAST, US)
www.w3schools.com
3    2400:52e0:1e00::1080:1 (Germany)

ASN200325 (BUNNYCDN, SI)
cdn.rawgit.com
3    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
20 saude.gov.br
fns-domiciliobancario-api.tst.saude.gov.br
autorizador.tst.saude.gov.br
captcha.tst.saude.gov.br
captcha-api.tst.saude.gov.br
177 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 558
240 KB
3 rawgit.com
cdn.rawgit.com — Cisco Umbrella Rank: 19074
2 KB
1 gstatic.com
fonts.gstatic.com
126 KB
1 w3schools.com
www.w3schools.com — Cisco Umbrella Rank: 31345
5 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113
781 B
22 6
Domain Requested by
10 autorizador.tst.saude.gov.br 1 redirects autorizador.tst.saude.gov.br
5 captcha.tst.saude.gov.br autorizador.tst.saude.gov.br
srcdoc
captcha.tst.saude.gov.br
3 cdn.jsdelivr.net autorizador.tst.saude.gov.br
3 cdn.rawgit.com 3 redirects
3 fns-domiciliobancario-api.tst.saude.gov.br 3 redirects
2 captcha-api.tst.saude.gov.br captcha.tst.saude.gov.br
1 fonts.gstatic.com fonts.googleapis.com
1 www.w3schools.com autorizador.tst.saude.gov.br
1 fonts.googleapis.com autorizador.tst.saude.gov.br
22 9

This site contains links to these domains. Also see Links.

Domain
scpa.tst.saude.gov.br
Subject Issuer Validity Valid
autorizador.tst.saude.gov.br
R3		 2023-09-21 -
2023-12-20		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
*.w3schools.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-04		 a year crt.sh
captcha.tst.saude.gov.br
R3		 2023-09-17 -
2023-12-16		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
captcha-api.tst.saude.gov.br
R3		 2023-09-17 -
2023-12-16		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://autorizador.tst.saude.gov.br/login
Frame ID: 6E553854A7DC8143711DD531D09FBD98
Requests: 17 HTTP requests in this frame

Frame: https://captcha.tst.saude.gov.br/lib/fontawesome/css/all.min.css
Frame ID: 12126C8C1E8BFEBB1DEC84189AE2A894
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DATASUS - Login para as aplicações do MS

Page URL History Show full URLs

  1. http://fns-domiciliobancario-api.tst.saude.gov.br/ HTTP 308
    https://fns-domiciliobancario-api.tst.saude.gov.br/ HTTP 302
    http://fns-domiciliobancario-api.tst.saude.gov.br/login HTTP 307
    https://fns-domiciliobancario-api.tst.saude.gov.br/login HTTP 302
    https://autorizador.tst.saude.gov.br/oauth/authorize?client_id=FNSDOMBANCARIOAPI&redirect_uri=http://fns-domicili... HTTP 302
    http://autorizador.tst.saude.gov.br/login HTTP 307
    https://autorizador.tst.saude.gov.br/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/material(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

22
Requests

86 %
HTTPS

67 %
IPv6

6
Domains

9
Subdomains

6
IPs

3
Countries

548 kB
Transfer

869 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://fns-domiciliobancario-api.tst.saude.gov.br/ HTTP 308
    https://fns-domiciliobancario-api.tst.saude.gov.br/ HTTP 302
    http://fns-domiciliobancario-api.tst.saude.gov.br/login HTTP 307
    https://fns-domiciliobancario-api.tst.saude.gov.br/login HTTP 302
    https://autorizador.tst.saude.gov.br/oauth/authorize?client_id=FNSDOMBANCARIOAPI&redirect_uri=http://fns-domiciliobancario-api.tst.saude.gov.br/login&response_type=code&scope=SCPA&state=331BxM HTTP 302
    http://autorizador.tst.saude.gov.br/login HTTP 307
    https://autorizador.tst.saude.gov.br/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-400.woff2 HTTP 301
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-400.woff2
Request Chain 13
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-500.woff2 HTTP 301
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-500.woff2
Request Chain 14
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-700.woff2 HTTP 301
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-700.woff2

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
autorizador.tst.saude.gov.br/
Redirect Chain
  • http://fns-domiciliobancario-api.tst.saude.gov.br/
  • https://fns-domiciliobancario-api.tst.saude.gov.br/
  • http://fns-domiciliobancario-api.tst.saude.gov.br/login
  • https://fns-domiciliobancario-api.tst.saude.gov.br/login
  • https://autorizador.tst.saude.gov.br/oauth/authorize?client_id=FNSDOMBANCARIOAPI&redirect_uri=http://fns-domiciliobancario-api.tst.saude.gov.br/login&response_type=code&scope=SCPA&state=331BxM
  • http://autorizador.tst.saude.gov.br/login
  • https://autorizador.tst.saude.gov.br/login
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
e96e2f5a5dc8e4bad260f280bfcd70f0f8a501998a68f4e78db37d0f7ed742a2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
fr-FR
content-type
text/html;charset=UTF-8
date
Fri, 29 Sep 2023 16:41:34 GMT
expires
0
pragma
no-cache
server
nginx/1.17.10
strict-transport-security
max-age=15724800; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://autorizador.tst.saude.gov.br/login
Non-Authoritative-Reason
HSTS
style.min.css
autorizador.tst.saude.gov.br/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/style.min.css?3.5.0
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
4de0cfa90564b1c0a24a4c5e71b24897d6f5d069ee3c26dce88586ecb485973c
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:34 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-allow-credentials
true
rawline.css
autorizador.tst.saude.gov.br/ 		14 KB
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/rawline.css?3.5.0
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
7e4daa72a24063d9e48bf578d9e05c246626d04cd100f77d1916822bdf504bb0
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:34 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-allow-credentials
true
icon
fonts.googleapis.com/ 		592 B
781 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons&display=block
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
15577a57bbdb4563a2244a7518f1558fe84c8e9aaf216a926762fd40d7f061a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 29 Sep 2023 16:41:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 29 Sep 2023 16:41:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 29 Sep 2023 16:41:34 GMT
material-blue-theme-with-font-rawline.min.css
autorizador.tst.saude.gov.br/ 		138 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/material-blue-theme-with-font-rawline.min.css
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
bd3a80432af2229bec77294f8dadf2888ff679d6b700168b90950b531915eec1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:34 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-allow-credentials
true
w3.css
www.w3schools.com/w3css/4/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.w3schools.com/w3css/4/w3.css
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.133.221 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (pab/6F8A) / ASP.NET
Resource Hash
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com;
X-Content-Security-Policy frame-ancestors 'self' https://mycourses.w3schools.com;

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com;
content-encoding
gzip
date
Fri, 29 Sep 2023 16:41:34 GMT
last-modified
Fri, 29 Sep 2023 06:48:12 GMT
server
ECS (pab/6F8A)
age
4380
etag
"0de13eaa0f2d91:0"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
cache-control
public,max-age=14400,public
accept-ranges
bytes
content-length
5250
x-content-security-policy
frame-ancestors 'self' https://mycourses.w3schools.com;
jquery-3.6.1.min.js
autorizador.tst.saude.gov.br/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/jquery-3.6.1.min.js
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:34 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
ms-captcha-api.js
captcha.tst.saude.gov.br/api/ 		14 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://captcha.tst.saude.gov.br/api/ms-captcha-api.js
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
2e8baeff028661e344fbfb414e3d81428bdbad5e7d86a597d0b3159954efc042
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:35 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 14 Jun 2023 21:58:50 GMT
server
nginx/1.17.10
etag
W/"648a381a-391a"
vary
Accept-Encoding
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
logo-ms.png
autorizador.tst.saude.gov.br/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://autorizador.tst.saude.gov.br/logo-ms.png?3.5.0
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
872c944fac7f9c30ed3f6f2e03e027473ab6f675534036bdb538d18c51734f4a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:35 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
content-type
image/png
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ranges
bytes
content-length
5075
logo-datasus.png
autorizador.tst.saude.gov.br/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://autorizador.tst.saude.gov.br/logo-datasus.png?3.5.0
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
1d1d1c501fcce46cb1a58f5d200f1dd4eea2ead5a468de088dc89abd0675f06e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:35 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
content-type
image/png
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ranges
bytes
content-length
2469
login.min.js
autorizador.tst.saude.gov.br/ 		1 KB
820 B 		Script
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/login.min.js?3.5.0
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
48df9d2dab910d65a4d2841edf3a24387a538726899b300fcd10a5af948a36a1
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:35 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
material.min.js
autorizador.tst.saude.gov.br/ 		61 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://autorizador.tst.saude.gov.br/material.min.js
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
c9595996785edde30342b57e94ac7125b5e23d0708afe70647576b64b88e7bd8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:35 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 18 Sep 2023 18:26:58 GMT
server
nginx/1.17.10
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
rawline-400.woff2
cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/
Redirect Chain
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-400.woff2
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-400.woff2
79 KB
80 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-400.woff2
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/rawline.css?3.5.0
Protocol
H2
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
37246
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
81280
x-served-by
cache-fra-eddf8230089-FRA, cache-yyz4562-YYZ
x-jsd-version-type
branch
server
cloudflare
etag
W/"13d80-+/nB7BCaPnm9ysI/3lmMoxxtxtA"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGmiqlL01RKmClQZSA9Af%2F%2F4ppcmLk5guHYaqCNjv7mOhAVAY500LPuNO%2F8DgF4D19Ui1JulOMrwVwbclOR4IpjVhErO9Q5r26a3pdeCTywJ3Spq0E2tNUTDWiF%2FlSBIcv6O5KKCNb8YUAPfGrU%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80e5acb15c4a153b-CDG

Redirect headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1080
age
33796
x-cache
MISS, HIT
cdn-cachedat
09/29/2023 16:41:36
cdn-pullzone
201235
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443", h3-29=":443", h3-27=":443"
content-length
123
x-served-by
cache-fra-etou8220064-FRA, cache-chi-kigq8000142-CHI
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
301
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-400.woff2
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
access-control-expose-headers
*
cache-control
public, max-age=2592000
cdn-cache
EXPIRED
cdn-requestid
1e41b9f0061437f013ce55cc14b4cd9f
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
301
cdn-requestpullsuccess
True
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons&display=block
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://autorizador.tst.saude.gov.br
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 07:35:16 GMT
x-content-type-options
nosniff
age
32780
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Sep 2024 07:35:16 GMT
rawline-500.woff2
cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/
Redirect Chain
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-500.woff2
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-500.woff2
79 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-500.woff2
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/rawline.css?3.5.0
Protocol
H2
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b27371e0d1c15bc18ad3ee3f2f68a51ca0d8f53ae9a92b651d3410aabe1fd92c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
32644
x-jsd-version
master
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
80524
x-served-by
cache-fra-eddf8230098-FRA, cache-yyz4522-YYZ
x-jsd-version-type
branch
server
cloudflare
etag
W/"13a8c-cVXLJ08+GMUiDp2qewI6WRO+Vy8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YtGkDC62FQhmmw%2BhEvhI4XVotnytw7GhT3YlR%2BkcO4tujF2K6pa2bf%2BbjibaCMdwLa6H3l9XyCCsHTyK%2BJaJTB2VSehe3I2ucoVJIyzMPAFlq1G5OMP6lMxeW4ulprGh%2FvFPUGqWjdOMj%2BdAPo%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80e5acb15c4e153b-CDG

Redirect headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1080
age
29037
x-cache
MISS, HIT
cdn-cachedat
09/29/2023 16:41:36
cdn-pullzone
201235
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443", h3-29=":443", h3-27=":443"
content-length
123
x-served-by
cache-fra-etou8220097-FRA, cache-chi-kigq8000132-CHI
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
301
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-500.woff2
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
access-control-expose-headers
*
cache-control
public, max-age=2592000
cdn-cache
EXPIRED
cdn-requestid
ca2d785553c8a1355f782f274a8b36cf
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
301
cdn-requestpullsuccess
True
rawline-700.woff2
cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/
Redirect Chain
  • https://cdn.rawgit.com/h-ibaldo/Raleway_Fixed_Numerals/master/font/rawline-700.woff2
  • https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-700.woff2
81 KB
81 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-700.woff2
Requested by
Host: autorizador.tst.saude.gov.br
URL: https://autorizador.tst.saude.gov.br/rawline.css?3.5.0
Protocol
H2
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff634420069ce898e30ab4d72b61c67ece52f12718dc06818367726292d8da7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
37246
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
82580
x-served-by
cache-fra-eddf8230085-FRA, cache-yyz4524-YYZ
x-jsd-version-type
branch
server
cloudflare
etag
W/"14294-CkhmUGTkm5aLjkdwsGTwWnyQWi0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cwU2Ms8RNY3X%2B6XmAuWp8OXJJ45ec3VxD%2Bxq%2B2eLd3xyC94osMrbWaIrC5osQD%2BdE%2F37n9mT7GZOy0x1lVRJ1w81PRoKGZHnjNlwvII5DQBSCnEdW4%2BWsXXPsbMn1p3J7HZKxqW9WU5acHfEzQw%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
80e5acb15c4c153b-CDG

Redirect headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cdn-edgestorageid
1082
age
45731
x-cache
MISS, HIT
cdn-cachedat
09/29/2023 16:41:36
cdn-pullzone
201235
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443", h3-29=":443", h3-27=":443"
content-length
123
x-served-by
cache-fra-eddf8230139-FRA, cache-chi-kigq8000039-CHI
server
BunnyCDN-DE1-1080
cdn-proxyver
1.04
cdn-requestpullcode
301
content-type
text/plain; charset=utf-8
location
https://cdn.jsdelivr.net/gh/h-ibaldo/Raleway_Fixed_Numerals@master/font/rawline-700.woff2
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
access-control-expose-headers
*
cache-control
public, max-age=2592000
cdn-cache
EXPIRED
cdn-requestid
5f6c2c683f2690c497baf1732cc550bc
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
301
cdn-requestpullsuccess
True
all.min.css
captcha.tst.saude.gov.br/lib/fontawesome/css/ Frame 1212 		58 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://captcha.tst.saude.gov.br/lib/fontawesome/css/all.min.css
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 28 Jul 2021 23:12:00 GMT
server
nginx/1.17.10
etag
W/"6101e440-e7d0"
vary
Accept-Encoding
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
content-type
text/css
access-control-allow-origin
*
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
style.css
captcha.tst.saude.gov.br/css/ Frame 1212 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://captcha.tst.saude.gov.br/css/style.css
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
dd44077e6c995c6b4ced2e63eec01bba42fda3a6ca5153c59641dc76eb5a9d79
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
content-encoding
gzip
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 01 Oct 2021 18:23:00 GMT
server
nginx/1.17.10
etag
W/"61575204-10b1"
vary
Accept-Encoding
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
content-type
text/css
access-control-allow-origin
*
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
captcha-image-loading.png
captcha.tst.saude.gov.br/img/ Frame 1212 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://captcha.tst.saude.gov.br/img/captcha-image-loading.png
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
a1c5066d9d7f15724c5ee1b22f3f32af262d94bab42efe1b3c108a468055a78b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://autorizador.tst.saude.gov.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:36 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 28 Jul 2021 23:12:00 GMT
server
nginx/1.17.10
etag
"6101e440-899"
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
content-length
2201
challenge
captcha-api.tst.saude.gov.br/v1/captcha/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://captcha-api.tst.saude.gov.br/v1/captcha/challenge
Requested by
Host: captcha.tst.saude.gov.br
URL: https://captcha.tst.saude.gov.br/api/ms-captcha-api.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
3b5a227c525c2b40b6ba69782b3704f51d7228f8c44274201504e903a3c06003
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://autorizador.tst.saude.gov.br/
accept-language
fr-FR,fr;q=0.9
Authorization
Basic U0NQQUFVVE9SSVpBRE9SOjYzOTMxQzQ5NDE4MzdBRTYwOUUyMUI1N0NGNzU0QTgzN0QxODI0NDk0N0EwMDU1RjdBRjE5QTU0OTk3MDhBNzc=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 29 Sep 2023 16:41:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15724800; includeSubDomains
server
nginx/1.17.10
x-frame-options
DENY
vary
accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://autorizador.tst.saude.gov.br
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
0
challenge
captcha-api.tst.saude.gov.br/v1/captcha/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://captcha-api.tst.saude.gov.br/v1/captcha/challenge
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization
Access-Control-Request-Method
GET
Origin
https://autorizador.tst.saude.gov.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
access-control-allow-origin
https://autorizador.tst.saude.gov.br
access-control-max-age
3600
content-length
0
date
Fri, 29 Sep 2023 16:41:37 GMT
server
nginx/1.17.10
strict-transport-security
max-age=15724800; includeSubDomains
fa-solid-900.woff2
captcha.tst.saude.gov.br/lib/fontawesome/webfonts/ Frame 1212 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://captcha.tst.saude.gov.br/lib/fontawesome/webfonts/fa-solid-900.woff2
Requested by
Host: captcha.tst.saude.gov.br
URL: https://captcha.tst.saude.gov.br/lib/fontawesome/css/all.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
189.28.130.38 Brasília, Brazil, ASN28291 (MINISTERIO DA SAUDE, BR),
Reverse DNS
Software
nginx/1.17.10 /
Resource Hash
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://captcha.tst.saude.gov.br/lib/fontawesome/css/all.min.css
Origin
https://autorizador.tst.saude.gov.br
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Fri, 29 Sep 2023 16:41:37 GMT
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Wed, 28 Jul 2021 23:12:00 GMT
server
nginx/1.17.10
etag
"6101e440-13174"
access-control-allow-methods
POST, GET, DELETE, PUT, OPTIONS, HEAD
content-type
font/woff2
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
Authorization, Content-Type, Accept, X-REQUESTED-WITH, Origin, publicKey, tokenId
content-length
78196
truncated
/ Frame 1212 		1009 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1fc0a32a560b48baae3665f8a443dd956c3f85aa9c97009bd151604e03f90de3

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| $ function| jQuery function| msCaptchaApi function| myFunction object| componentHandler function| MaterialButton function| MaterialCheckbox function| MaterialIconToggle function| MaterialMenu function| MaterialProgress function| MaterialRadio function| MaterialSlider function| MaterialSnackbar function| MaterialSpinner function| MaterialSwitch function| MaterialTabs function| MaterialTextfield function| MaterialTooltip function| MaterialLayout function| MaterialLayoutTab function| MaterialDataTable function| MaterialRipple

3 Cookies

Domain/Path Name / Value
fns-domiciliobancario-api.tst.saude.gov.br/ Name: fnsdomiciliobancario
Value: 5C9E5FF8DDF00AF268DEBC2DD1C63D2F
autorizador.tst.saude.gov.br/ Name: INGRESSCOOKIE
Value: 1696005694.682.6532.858653
autorizador.tst.saude.gov.br/ Name: authorization-server
Value: 4BB14176DCCEB60D794F92D2C1CC798C

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

autorizador.tst.saude.gov.br
captcha-api.tst.saude.gov.br
captcha.tst.saude.gov.br
cdn.jsdelivr.net
cdn.rawgit.com
fns-domiciliobancario-api.tst.saude.gov.br
fonts.googleapis.com
fonts.gstatic.com
www.w3schools.com
189.28.130.38
192.229.133.221
2400:52e0:1e00::1080:1
2606:4700::6810:5614
2a00:1450:4001:813::200a
2a00:1450:4001:828::2003
15577a57bbdb4563a2244a7518f1558fe84c8e9aaf216a926762fd40d7f061a4
1d1d1c501fcce46cb1a58f5d200f1dd4eea2ead5a468de088dc89abd0675f06e
1fc0a32a560b48baae3665f8a443dd956c3f85aa9c97009bd151604e03f90de3
2e8baeff028661e344fbfb414e3d81428bdbad5e7d86a597d0b3159954efc042
3b5a227c525c2b40b6ba69782b3704f51d7228f8c44274201504e903a3c06003
48df9d2dab910d65a4d2841edf3a24387a538726899b300fcd10a5af948a36a1
4de0cfa90564b1c0a24a4c5e71b24897d6f5d069ee3c26dce88586ecb485973c
7e4daa72a24063d9e48bf578d9e05c246626d04cd100f77d1916822bdf504bb0
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
872c944fac7f9c30ed3f6f2e03e027473ab6f675534036bdb538d18c51734f4a
8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401
a1c5066d9d7f15724c5ee1b22f3f32af262d94bab42efe1b3c108a468055a78b
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
b27371e0d1c15bc18ad3ee3f2f68a51ca0d8f53ae9a92b651d3410aabe1fd92c
bd3a80432af2229bec77294f8dadf2888ff679d6b700168b90950b531915eec1
c4f2aba13970ecf8303fb9329f97c8824861569273b0aa27acce48abc61d04f5
c9595996785edde30342b57e94ac7125b5e23d0708afe70647576b64b88e7bd8
d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
dd44077e6c995c6b4ced2e63eec01bba42fda3a6ca5153c59641dc76eb5a9d79
e96e2f5a5dc8e4bad260f280bfcd70f0f8a501998a68f4e78db37d0f7ed742a2
ff634420069ce898e30ab4d72b61c67ece52f12718dc06818367726292d8da7f