urlscan.io logo urlscan.io
SecurityTrails logo

www2.bancomercantil.com.br Open in urlscan Pro
177.154.95.28  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www2.bancomercantil.com.br/
Effective URL: https://www2.bancomercantil.com.br/
Submission: On March 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 177.154.95.28, located in Betim, Brazil and belongs to BANCO MERCANTIL DO BRASIL SA, BR. The main domain is www2.bancomercantil.com.br.
TLS certificate: Issued by Valid Certificadora RSA OV SSL CA on October 10th 2023. Valid for: a year.
This is the only time www2.bancomercantil.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 177.154.95.28 263376 (BANCO MER...)
4 2600:9000:264... 16509 (AMAZON-02)
5 15.197.226.17 16509 (AMAZON-02)
13 3
Apex Domain
Subdomains		 Transfer
9 securiti.ai
cdn-prod.securiti.ai — Cisco Umbrella Rank: 21752
app.securiti.ai — Cisco Umbrella Rank: 38020
103 KB
4 bancomercantil.com.br
www2.bancomercantil.com.br
164 KB
13 2
Domain Requested by
5 app.securiti.ai cdn-prod.securiti.ai
4 cdn-prod.securiti.ai www2.bancomercantil.com.br
cdn-prod.securiti.ai
4 www2.bancomercantil.com.br www2.bancomercantil.com.br
13 3

This site contains links to these domains. Also see Links.

Domain
mercantildobrasil.com.br
Subject Issuer Validity Valid
www2.bancomercantil.com.br
Valid Certificadora RSA OV SSL CA		 2023-10-10 -
2024-10-09		 a year crt.sh
app.securiti.ai
Amazon RSA 2048 M03		 2024-03-18 -
2025-04-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www2.bancomercantil.com.br/
Frame ID: 1AF11124E15679E47B44D6F092211120
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login do Access Manager for e-business

Page URL History Show full URLs

  1. http://www2.bancomercantil.com.br/ HTTP 307
    https://www2.bancomercantil.com.br/ Page URL

Page Statistics

13
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

267 kB
Transfer

595 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www2.bancomercantil.com.br/ HTTP 307
    https://www2.bancomercantil.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www2.bancomercantil.com.br/
Redirect Chain
  • http://www2.bancomercantil.com.br/
  • https://www2.bancomercantil.com.br/
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www2.bancomercantil.com.br/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
177.154.95.28 Betim, Brazil, ASN263376 (BANCO MERCANTIL DO BRASIL SA, BR),
Reverse DNS
Software
/
Resource Hash
ffb05218726a725a54dbb6347106448f0d4ee0be6648fe92177033d02a20c295
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
content-length
7314
content-security-policy
frame-ancestors 'none'
content-type
text/html
date
Tue, 26 Mar 2024 12:18:17 GMT
p3p
CP="NON CUR OTPi OUR NOR UNI"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1

Redirect headers

Location
https://www2.bancomercantil.com.br/
Non-Authoritative-Reason
HttpsUpgrades
estilos.css
www2.bancomercantil.com.br/includes/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www2.bancomercantil.com.br/includes/estilos.css
Requested by
Host: www2.bancomercantil.com.br
URL: https://www2.bancomercantil.com.br/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
177.154.95.28 Betim, Brazil, ASN263376 (BANCO MERCANTIL DO BRASIL SA, BR),
Reverse DNS
Software
/
Resource Hash
e6b519bc3f34bc2101037efc82af991ba11fac8023dc6e883a91cee038fbdaa5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/css
date
Tue, 26 Mar 2024 12:18:17 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 19 Sep 2019 15:11:36 GMT
transfer-encoding
chunked
p3p
CP="NON CUR OTPi OUR NOR UNI"
cookie-consent.css
cdn-prod.securiti.ai/consent/ 		45 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie-consent.css
Requested by
Host: www2.bancomercantil.com.br
URL: https://www2.bancomercantil.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:ca00:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6eebacb4467fcf863339daac6eb21e851dabb9ee73cd7c038e5cd7f5e9e375dc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
katJb4hplzLNFul6D8idEOHng34BGEEz
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
content-encoding
gzip
date
Tue, 26 Mar 2024 12:03:07 GMT
via
1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
age
911
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 25 Mar 2024 23:02:44 GMT
server
AmazonS3
etag
W/"36b0f5e23b1b5d81ff8822d2c317bc2d"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-amz-cf-id
2DoEX39NeUpGTyKpahDFeQkiOJFih4Lst4J0_HYv0tFEvG9HyxADHQ==
img_logo_mercantil.png
www2.bancomercantil.com.br/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bancomercantil.com.br/img/img_logo_mercantil.png
Requested by
Host: www2.bancomercantil.com.br
URL: https://www2.bancomercantil.com.br/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
177.154.95.28 Betim, Brazil, ASN263376 (BANCO MERCANTIL DO BRASIL SA, BR),
Reverse DNS
Software
/
Resource Hash
8b7952d72d9a341e8ff3f1baf673f832b0404c34cbe0f6de3913bf805632acf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/plain
date
Tue, 26 Mar 2024 12:18:17 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Tue, 29 Aug 2023 13:53:55 GMT
transfer-encoding
chunked
p3p
CP="NON CUR OTPi OUR NOR UNI"
cookie-consent-sdk.js
cdn-prod.securiti.ai/consent/ 		343 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Requested by
Host: www2.bancomercantil.com.br
URL: https://www2.bancomercantil.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:ca00:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ee5bc370f85710c82353160a1d13a3629e467bf8190b1fd0833a0d6c720ddb52
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
aOJSUQMt7FzTmgSNWiIAJM7xqhcpb2sl
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
content-encoding
gzip
date
Tue, 26 Mar 2024 12:03:19 GMT
via
1.1 d4b0acc43b96f7849332ef0fcc29ac32.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
age
900
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Mon, 25 Mar 2024 23:02:40 GMT
server
AmazonS3
etag
W/"d83718fd49741251fc8209e433c17865"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
x-amz-cf-id
mPdv140XSufu61aKdNkFA6f0RmMBLwogJFxFQWcWFBlRGpg6nyKQKQ==
en.json
cdn-prod.securiti.ai/consent/cookie_banner/fb3a86bf-1b43-4104-903b-c46223d731e9/d0cefc07-2268-46f5-90ef-1f6e02923725/ 		17 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie_banner/fb3a86bf-1b43-4104-903b-c46223d731e9/d0cefc07-2268-46f5-90ef-1f6e02923725/en.json
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:ca00:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9a2adca732efe6791edc96708c6ec9b30af6cfad1b301ef7cac7ed53d916bb74
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 12:18:19 GMT
x-amz-version-id
RJxpqF7.FhoTgNtV6FVpooNmnOuLvyxM
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
via
1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 04 Jan 2023 14:41:28 GMT
server
AmazonS3
etag
W/"c22700ad5384d5ced616f77a39ff7edf"
access-control-max-age
0
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
public,max-age=86400
x-frame-options
DENY
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
_QsrwqfnDklC28E5ccU8WtPKWof94lEgm-J5iOPKjrmJFpAIAAmpfw==
location
app.securiti.ai/core/v1/utils/geo/ 		580 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/core/v1/utils/geo/location
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.226.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aedf1f689f9b4287e.awsglobalaccelerator.com
Software
/
Resource Hash
9b25062d1343cc917ea0ef02f02375f98706eaf6665c49734ebca10a0d363e92
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 12:18:18 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=315360000
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www2.bancomercantil.com.br
access-control-allow-credentials
true
content-length
580
x-xss-protection
1; mode=block
favicon.ico
www2.bancomercantil.com.br/ 		149 KB
149 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www2.bancomercantil.com.br/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
177.154.95.28 Betim, Brazil, ASN263376 (BANCO MERCANTIL DO BRASIL SA, BR),
Reverse DNS
Software
/
Resource Hash
f33817f8c5e2ef50225afe861ad6a0b8156a0eeb491f1b11041cb0c5775fafff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
image/x-icon
date
Tue, 26 Mar 2024 12:18:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Wed, 23 Aug 2023 19:58:18 GMT
content-length
152126
p3p
CP="NON CUR OTPi OUR NOR UNI"
pt-br.json
cdn-prod.securiti.ai/consent/cookie_banner/fb3a86bf-1b43-4104-903b-c46223d731e9/d0cefc07-2268-46f5-90ef-1f6e02923725/ 		17 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-prod.securiti.ai/consent/cookie_banner/fb3a86bf-1b43-4104-903b-c46223d731e9/d0cefc07-2268-46f5-90ef-1f6e02923725/pt-br.json
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:ca00:12:1bf:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ff4c1fa3eda214ccdd40f9ed551592edd453c442ff2d4a895b4372b4002c6180
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www2.bancomercantil.com.br/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 12:18:20 GMT
x-amz-version-id
CK58XcolnI85dzgnBdq5TBlVuPftvfMz
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
content-security-policy
default-src 'none'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none'
via
1.1 b4f72de8ce5f3b4b4240eccfbd3d12a6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Wed, 04 Jan 2023 14:41:28 GMT
server
AmazonS3
etag
W/"ab896ba3a3748107f7d3b9f5dc5e3e47"
access-control-max-age
0
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
public,max-age=86400
x-frame-options
DENY
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
Y7tXGYjvVH9xQXGaVzOUyhyPv7ow9SiUWCY2MeiEoQJamWA5mmV6mg==
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.226.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aedf1f689f9b4287e.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-auth-token
Access-Control-Request-Method
POST
Origin
https://www2.bancomercantil.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,content-type,x-request-id,x-correlation-id,X-Xsrftoken,X-Auth-Token,X-User-Auth-Token,X-Tenant-Id,X-CMP-UUID,x-xsrf-token,X-DSP-USERID,X-CMP-DOMAIN-ID,X-CMP-FORM-ID,isotype,X-CMP-PrefCenter-Id,X-ORG-ID,x-api-secret,x-tident,x-api-key,X-USER-TOKEN,Authorization,X-Email-Id
access-control-allow-origin
https://www2.bancomercantil.com.br
access-control-request-method
POST
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
date
Tue, 26 Mar 2024 12:18:19 GMT
strict-transport-security
max-age=315360000
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ 		67 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.226.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aedf1f689f9b4287e.awsglobalaccelerator.com
Software
/
Resource Hash
f1e25328be62ee5aca4777d33ecfbaf64a502f80dac2008bd7197e236cac8dc7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www2.bancomercantil.com.br/
X-Auth-Token
c4dce696-bdcd-4ee1-8d3a-d0f6b4315f10
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 12:18:19 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=315360000
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www2.bancomercantil.com.br
access-control-allow-credentials
true
content-length
67
x-xss-protection
1; mode=block
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ 		67 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Requested by
Host: cdn-prod.securiti.ai
URL: https://cdn-prod.securiti.ai/consent/cookie-consent-sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.226.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aedf1f689f9b4287e.awsglobalaccelerator.com
Software
/
Resource Hash
f1e25328be62ee5aca4777d33ecfbaf64a502f80dac2008bd7197e236cac8dc7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://www2.bancomercantil.com.br/
X-Auth-Token
c4dce696-bdcd-4ee1-8d3a-d0f6b4315f10
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 12:18:20 GMT
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
x-content-type-options
nosniff
strict-transport-security
max-age=315360000
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www2.bancomercantil.com.br
access-control-allow-credentials
true
content-length
67
x-xss-protection
1; mode=block
singleupload
app.securiti.ai/privaci/v1/consent/cookie/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.securiti.ai/privaci/v1/consent/cookie/singleupload
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.197.226.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aedf1f689f9b4287e.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-auth-token
Access-Control-Request-Method
POST
Origin
https://www2.bancomercantil.com.br
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin,content-type,x-request-id,x-correlation-id,X-Xsrftoken,X-Auth-Token,X-User-Auth-Token,X-Tenant-Id,X-CMP-UUID,x-xsrf-token,X-DSP-USERID,X-CMP-DOMAIN-ID,X-CMP-FORM-ID,isotype,X-CMP-PrefCenter-Id,X-ORG-ID,x-api-secret,x-tident,x-api-key,X-USER-TOKEN,Authorization,X-Email-Id
access-control-allow-origin
https://www2.bancomercantil.com.br
access-control-request-method
POST
content-length
0
content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';
date
Tue, 26 Mar 2024 12:18:19 GMT
strict-transport-security
max-age=315360000
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| AlterarMensagem string| warningString object| TCFUtils function| ARIAtabs object| bannerConfigUtils object| bannerGenerator object| commonConstants object| commonUtils object| consentBannerUtils object| consentTuningUtils object| cookieconsent object| getterUtils object| GPPBannerGeneration object| GPPUtils function| setConsentBannerParams function| showConsentPreferencesPopup function| overrideThemeMatching function| initCmp object| preferenceCenterGeneration object| regeneratorRuntime boolean| isUsNationalEnabled

4 Cookies

Domain/Path Name / Value
www2.bancomercantil.com.br/ Name: PD-S-SESSION-ID
Value: 0_i1gZ7IJVszv0tP0Yf7jcR4OuKD76I1J1NvfsStWauKKyD7wKBu4=
www2.bancomercantil.com.br/ Name: __privaci_cookie_consent_uuid
Value: 1a5c76de-8bdd-42b2-bedc-d3b4d4f6a2d1:1
www2.bancomercantil.com.br/ Name: __privaci_cookie_consent_generated
Value: 1a5c76de-8bdd-42b2-bedc-d3b4d4f6a2d1:1
www2.bancomercantil.com.br/ Name: __privaci_cookie_consents
Value: {"consents":{"166":1,"169":0},"location":"null#DE","lang":"pt-br","gpcInBrowserOnConsent":false,"gpcStatusInPortalOnConsent":false,"status":"record-consent-success","implicit_consent":true,"suppressNonEssentials":false}

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://www2.bancomercantil.com.br/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1