Professional Documents
Culture Documents
Contains the vulnerability analysis of OWASP and related potential security issues for Tokenlab
Divi Report: Report based on a conjuntction of custom Divi scripts, OWASP validation, and also on OpenSource solutions.
Summary of Alerts
High 1
Medium 4
Low 4
Informational 5
Alerts
Alert Detail
URL https://learning.tokenlab.dev/latest/meta-data/
Method GET
Parameter
Attack 169.254.169.254
Evidence
Based on the successful response status code cloud metadata may have been returned in the response. Check the response data to see if any cloud metadata has been returned.
Other Info
The meta data returned can include information that would allow an attacker to completely compromise the system.
Instances 1
Solution Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
Reference https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
CWE Id
WASC Id
Plugin Id 90034
URL https://www.tokenlab.com.br/.htaccess
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Other Info
Instances 1
Solution Ensure the .htaccess file is not accessible.
Reference http://www.htaccess-guide.com/
CWE Id 94
WASC Id 14
Plugin Id 40032
URL https://www.tokenlab.com.br/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence
Other Info
Instances 14
Solution Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
Reference http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
URL https://static.hotjar.com/c/hotjar-3106680.js?sv=7
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser
Other Info implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used
by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser
Other Info implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used
by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
Instances 2
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
Solution
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same
Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
CWE Id 264
WASC Id 14
Plugin Id 10098
URL https://www.tokenlab.com.br/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter x-frame-options
Attack
Evidence
Other Info
Instances 14
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
Solution
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be
framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Low Server Leaks Version Information via "Server" HTTP Response Header Field
The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities
Description
your web/application server is subject to.
URL https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://d335luupugsy2.cloudfront.net/js/loader-scripts/1e91f88f-ef83-413a-b385-1f07ce22b0e3-loader.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://d335luupugsy2.cloudfront.net/scout/bundle.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Golfe2
Other Info
URL https://www.tokenlab.com.br/
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/128.ab6c0c382d402661.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/170.61771addbd460c63.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/383.21e175cdaeffcc68.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/543.a2d1b3e2a7095fab.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/605.9199830677b027ef.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/698.f1f03b3837748b26.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/763.020c312be3f1e1c1.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/93.506a992b6f2bdc70.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/962.a26819458b1fc8b5.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Black.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff2
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/agile-management-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/design-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devmobile-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devweb-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/facebook-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/instagram-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/linkedin-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/quality-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btbodytech/bt-bodytech-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btfit/btfit-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/cinemark/cinemark-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/onda/onda-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/saint-gobain/sg-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/seguros-unimed/unimed-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/angular-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/arrival.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/calendar.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/chevron-right.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/clients.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/close.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/cookie.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/drop-down.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/exercise.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw01.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw02.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw03.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/grails-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/java-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-br.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-en.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-es.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/live.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/menu-chevron.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/news.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/node-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/notebook.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/plan.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/schedule.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/signature.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/swift-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/token-logo-dark.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/business-contact-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/careers-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/chevron-down.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/others-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/sponsorships-events-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/facebook.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/instagram.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/linkedin.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/logo-token.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bancoPan.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bodytech.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/cinemark.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/DHL.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/exame.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/flex.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/hsm.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/saint-gobain.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/sirio-libanes.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/unimed.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/home-section/play-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-left.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-right.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-bodytech.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-btfit.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-onda.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/about-us/token-frontage.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/bodytech-app.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-device-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/customer-bodytech.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/mockup-banner.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/plan.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/search-academies.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-1.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-2.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-3.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-4.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/training-visualization.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/bt-device-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/collective-classes-online.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/customer-btfit.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/mockup-banner.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-challenge.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-personal-trainer.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-1.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-2.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-3.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-4.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/training-programs.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-device-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/client-management.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/contact.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/customer-onda.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/map.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/mockup-banner.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/news-and-promotions.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-device-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/qr-code.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-1.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-2.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-3.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/wallet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saintgobain-device-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-our-cases-tablet.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-left.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-right.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/company-background.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/cta-section/cta_logo.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/home-section-bg.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/institucional-tokenlab-poster.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/mask-tokenlab-icon.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/elipse.svg
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.webp
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/subtitles/subtitle-pt.vtt
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/assets/videos/landingpage/institucional-tokenlab.webm
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/common.03c32c2bb2758b6f.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/favicon.ico
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/flags@2x.2704c069d12ee746.png
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/main.828229131f1b1e63.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/polyfills.33afb6a5640f31ab.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/robots.txt
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/runtime.ef14e6c1f424c3e6.js
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/sitemap.xml
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
URL https://www.tokenlab.com.br/styles.883d752722b92374.css
Method GET
Parameter
Attack
Evidence AmazonS3
Other Info
Instances 187
Solution Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.
http://httpd.apache.org/docs/current/mod/core.html#servertokens
http://msdn.microsoft.com/en-us/library/ff648552.aspx#ht_urlscan_007
Reference
http://blogs.msdn.com/b/varunm/archive/2013/04/23/remove-unwanted-http-response-headers.aspx
http://www.troyhunt.com/2012/02/shhh-dont-let-your-response-headers.html
CWE Id 200
WASC Id 13
Plugin Id 10036
URL https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://d335luupugsy2.cloudfront.net/js/loader-scripts/1e91f88f-ef83-413a-b385-1f07ce22b0e3-loader.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter
Attack
Evidence
Other Info
URL https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://d335luupugsy2.cloudfront.net/scout/bundle.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/128.ab6c0c382d402661.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/170.61771addbd460c63.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/383.21e175cdaeffcc68.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/543.a2d1b3e2a7095fab.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/605.9199830677b027ef.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/698.f1f03b3837748b26.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/763.020c312be3f1e1c1.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/93.506a992b6f2bdc70.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/962.a26819458b1fc8b5.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Black.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff2
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/agile-management-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/design-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devmobile-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devweb-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/facebook-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/instagram-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/linkedin-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/quality-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btbodytech/bt-bodytech-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btfit/btfit-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/cinemark/cinemark-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/onda/onda-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/saint-gobain/sg-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/seguros-unimed/unimed-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/angular-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/arrival.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/calendar.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/chevron-right.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/clients.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/close.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/cookie.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/drop-down.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/exercise.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw01.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw02.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw03.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/grails-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/java-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-br.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-en.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-es.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/live.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/menu-chevron.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/news.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/node-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/notebook.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/plan.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/schedule.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/signature.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/swift-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/token-logo-dark.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/business-contact-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/careers-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/chevron-down.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/others-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/sponsorships-events-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/facebook.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/instagram.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/linkedin.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/logo-token.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bancoPan.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bodytech.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/cinemark.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/DHL.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/exame.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/flex.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/hsm.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/saint-gobain.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/sirio-libanes.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/unimed.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/home-section/play-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-left.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-right.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-bodytech.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-btfit.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-onda.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/about-us/token-frontage.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/bodytech-app.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-device-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/customer-bodytech.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/mockup-banner.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/plan.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/search-academies.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-1.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-2.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-3.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-4.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/training-visualization.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/bt-device-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/collective-classes-online.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/customer-btfit.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/mockup-banner.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-challenge.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-personal-trainer.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-1.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-2.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-3.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-4.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/training-programs.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-device-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/client-management.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/contact.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/customer-onda.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/map.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/mockup-banner.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/news-and-promotions.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-device-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/qr-code.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-1.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-2.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-3.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/wallet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saintgobain-device-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-our-cases-tablet.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-left.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-right.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/company-background.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/cta-section/cta_logo.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/home-section-bg.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/institucional-tokenlab-poster.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/mask-tokenlab-icon.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/elipse.svg
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.webp
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/subtitles/subtitle-pt.vtt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/assets/videos/landingpage/institucional-tokenlab.webm
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/common.03c32c2bb2758b6f.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/favicon.ico
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/flags@2x.2704c069d12ee746.png
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/main.828229131f1b1e63.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/polyfills.33afb6a5640f31ab.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/robots.txt
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/runtime.ef14e6c1f424c3e6.js
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/sitemap.xml
Method GET
Parameter
Attack
Evidence
Other Info
URL https://www.tokenlab.com.br/styles.883d752722b92374.css
Method GET
Parameter
Attack
Evidence
Other Info
Instances 186
Solution Ensure that your web server, application server, load balancer, etc. is configured to enforce Strict-Transport-Security.
https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
https://owasp.org/www-community/Security_Headers
Reference http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
http://caniuse.com/stricttransportsecurity
http://tools.ietf.org/html/rfc6797
CWE Id 319
WASC Id 15
Plugin Id 10035
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter
Attack
Evidence 1560538149
Other Info 1560538149, which evaluates to: 2019-06-14 15:49:09
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1409305260
Other Info 1409305260, which evaluates to: 2014-08-29 06:41:00
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1481256789
Other Info 1481256789, which evaluates to: 2016-12-09 02:13:09
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1520123456
Other Info 1520123456, which evaluates to: 2018-03-03 21:30:56
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1523456789
Other Info 1523456789, which evaluates to: 2018-04-11 11:26:29
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1534456789
Other Info 1534456789, which evaluates to: 2018-08-16 18:59:49
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1546012345
Other Info 1546012345, which evaluates to: 2018-12-28 13:52:25
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1599123456
Other Info 1599123456, which evaluates to: 2020-09-03 05:57:36
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1600123456
Other Info 1600123456, which evaluates to: 2020-09-14 19:44:16
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1624756789
Other Info 1624756789, which evaluates to: 2021-06-26 22:19:49
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1700123456
Other Info 1700123456, which evaluates to: 2023-11-16 05:30:56
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1781234567
Other Info 1781234567, which evaluates to: 2026-06-12 00:22:47
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1800123456
Other Info 1800123456, which evaluates to: 2027-01-16 15:17:36
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1812345678
Other Info 1812345678, which evaluates to: 2027-06-07 02:21:18
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1850123456
Other Info 1850123456, which evaluates to: 2028-08-17 08:10:56
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1882352941
Other Info 1882352941, which evaluates to: 2029-08-25 08:49:01
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1900123456
Other Info 1900123456, which evaluates to: 2030-03-19 01:04:16
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1919123456
Other Info 1919123456, which evaluates to: 2030-10-24 22:50:56
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 1921234567
Other Info 1921234567, which evaluates to: 2030-11-18 09:16:07
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 2001234567
Other Info 2001234567, which evaluates to: 2033-06-01 07:29:27
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 2012345678
Other Info 2012345678, which evaluates to: 2033-10-07 21:54:38
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence 2015550123
Other Info 2015550123, which evaluates to: 2033-11-14 00:02:03
Instances 22
Solution Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
CWE Id 200
WASC Id 13
Plugin Id 10096
URL https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://d335luupugsy2.cloudfront.net/js/loader-scripts/1e91f88f-ef83-413a-b385-1f07ce22b0e3-loader.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://d335luupugsy2.cloudfront.net/scout/bundle.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/128.ab6c0c382d402661.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/170.61771addbd460c63.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/383.21e175cdaeffcc68.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/543.a2d1b3e2a7095fab.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/605.9199830677b027ef.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/698.f1f03b3837748b26.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/763.020c312be3f1e1c1.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/93.506a992b6f2bdc70.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/962.a26819458b1fc8b5.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Black.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff2
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/agile-management-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/design-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/devmobile-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/devweb-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/facebook-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/instagram-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/linkedin-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/about-us/quality-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/btbodytech/bt-bodytech-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/btfit/btfit-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/cinemark/cinemark-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/onda/onda-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/saint-gobain/sg-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/cases/seguros-unimed/unimed-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/angular-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/arrival.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/aws-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/aws-logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/calendar.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/chevron-right.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/clients.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/close.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/cookie.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/drop-down.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/exercise.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/gptw01.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/gptw02.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/gptw03.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/grails-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/java-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/lang-br.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/lang-en.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/lang-es.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/live.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/menu-chevron.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/news.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/node-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/notebook.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/plan.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/schedule.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/signature.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/swift-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/common/token-logo-dark.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/contact-us/business-contact-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/contact-us/careers-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/contact-us/chevron-down.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/contact-us/others-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/contact-us/sponsorships-events-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/footer/facebook.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/footer/instagram.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/footer/linkedin.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/footer/logo-token.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bancoPan.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bodytech.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/cinemark.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/DHL.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/exame.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/flex.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/hsm.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/saint-gobain.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/sirio-libanes.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/unimed.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/home-section/play-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-left.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-right.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-bodytech.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-btfit.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-onda.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/about-us/token-frontage.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/bodytech-app.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-device-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/customer-bodytech.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/mockup-banner.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/plan.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/search-academies.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-1.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-2.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-3.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-4.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/training-visualization.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/bt-device-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/collective-classes-online.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/customer-btfit.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/mockup-banner.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-challenge.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-personal-trainer.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-1.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-2.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-3.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-4.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/training-programs.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-device-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/client-management.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/contact.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/customer-onda.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/map.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/mockup-banner.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/news-and-promotions.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-device-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/qr-code.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-1.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-2.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/slide-3.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/wallet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saintgobain-device-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-our-cases-tablet.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-left.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-right.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/company-background.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/cta-section/cta_logo.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/home-section-bg.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/institucional-tokenlab-poster.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/mask-tokenlab-icon.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/elipse.svg
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.webp
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/subtitles/subtitle-pt.vtt
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/assets/videos/landingpage/institucional-tokenlab.webm
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/common.03c32c2bb2758b6f.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/favicon.ico
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/flags@2x.2704c069d12ee746.png
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/main.828229131f1b1e63.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/polyfills.33afb6a5640f31ab.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/robots.txt
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/runtime.ef14e6c1f424c3e6.js
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/sitemap.xml
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
URL https://www.tokenlab.com.br/styles.883d752722b92374.css
Method GET
Parameter x-content-type-options
Attack
Evidence
This issue still applies to error type pages (401, 403, 500, etc.) as those pages are often still affected by injection issues, in which case there is still concern for browsers sniffing
Other Info
pages away from their actual content type. At "High" threshold this scan rule will not alert on client or server error responses.
Instances 187
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.
Solution
If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web
application/web server to not perform MIME-sniffing.
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
Reference
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
URL https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://d335luupugsy2.cloudfront.net/js/loader-scripts/1e91f88f-ef83-413a-b385-1f07ce22b0e3-loader.js
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://d335luupugsy2.cloudfront.net/scout/bundle.js
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://static.hotjar.com/c/hotjar-3106680.js?sv=7
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter
Attack
Evidence token
Other Info The URL in the HTTP referrer header field appears to contain sensitive information.
Instances 8
Solution Do not pass sensitive information in URIs.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10025
URL https://d335luupugsy2.cloudfront.net/js/integration/2.0.0/rd-js-integration.min.js?v=1
Method GET
Parameter
Attack
Evidence user
The following pattern was used: \bUSER\b and was detected in the element starting with: "var RdstationFormsIntegration=function(e){var t={};function n(r){if(t[r])return t[r].exports;var
Other Info
o=t[r]={i:r,l:!1,exports:{}};re", see evidence field for the suspicious comment/snippet.
URL https://d335luupugsy2.cloudfront.net/js/rdstation-popups/bricks/rdstation-popup.min.js?v=1
Method GET
Parameter
Attack
Evidence user
The following pattern was used: \bUSER\b and was detected in the element starting with: "var RdstationPopup=function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]=
Other Info
{i:i,l:!1,exports:{}};return e[i].c", see evidence field for the suspicious comment/snippet.
URL https://static.hotjar.com/c/hotjar-3106680.js?sv=7
Method GET
Parameter
Attack
Evidence debug
The following pattern was used: \bDEBUG\b and was detected in the element starting with: "!function(){"use strict";function e(e,t){for(var r=0;r<t.length;r++){var
Other Info
n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,", see evidence field for the suspicious comment/snippet.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence db
The following pattern was used: \bDB\b and was detected 5 times, the first in the element starting with: "function hf(a,b){var c=gf[a];c&&J(c);"displayFeaturesTask"===a&&void
Other Info
0==b&&J(96);/.*Task$/.test(a)&&J(92)}function mf(a,b){if(a)", see evidence field for the suspicious comment/snippet.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence debug
The following pattern was used: \bDEBUG\b and was detected in the element starting with: "function Pe(a){try{if(!a.get(Qe)&&(a.set(Qe,!0),!a.get(">m"))){var b=void 0,c=void
Other Info
0;lf(be("gtm_debug"))&&(b=2);!b&&D(M.referr", see evidence field for the suspicious comment/snippet.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence query
The following pattern was used: \bQUERY\b and was detected 5 times, the first in the element starting with: "c=0>c?a.href:a.href.substr(0,c));a=c;break;case
Other Info
"protocol":a=d;break;case "host":a=a.hostname.replace(N,"").toLowerCase();c&&(c=", see evidence field for the suspicious comment/snippet.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter
Attack
Evidence db
The following pattern was used: \bDB\b and was detected 6 times, the first in the element starting with: "ab=function(a,b){for(var c={},d=c,e=a.split("."),f=0;f<e.length-
Other Info
1;f++)d=d[e[f]]={};d[e[e.length-1]]=b;return c},bb=/^\w{1,9}$/,c", see evidence field for the suspicious comment/snippet.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter
Attack
Evidence debug
The following pattern was used: \bDEBUG\b and was detected 2 times, the first in the element starting with: ""__googtag":{"logging":{"environments":"debug"},"access_globals":
Other Info
{"keys":[{"key":"gtag","read":true,"write":true,"execute":true}", see evidence field for the suspicious comment/snippet.
URL https://www.googletagmanager.com/gtm.js?id=GTM-N5W4P3G
Method GET
Parameter
Attack
Evidence query
The following pattern was used: \bQUERY\b and was detected 9 times, the first in the element starting with: "(f=f.substr(k[0].length))}break;case "port":f=String(Number(a.port)||
Other Info
("http"===g?80:"https"===g?443:""));break;case "path":a.pat", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/383.21e175cdaeffcc68.js
Method GET
Parameter
Attack
Evidence from
The following pattern was used: \bFROM\b and was detected in the element starting with: ""use strict";
Other Info
(self.webpackChunktokenlab_novo_website=self.webpackChunktokenlab_novo_website||[]).push([[383],{3057:(P,O,g)=>{g.d", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence SELECT
The following pattern was used: \bSELECT\b and was detected in the element starting with: "
Other Info (self.webpackChunktokenlab_novo_website=self.webpackChunktokenlab_novo_website||[]).push([[837],{2837:(t,o,s)=>{"use strict";s.r", see evidence field for the suspicious
comment/snippet.
URL https://www.tokenlab.com.br/93.506a992b6f2bdc70.js
Method GET
Parameter
Attack
Evidence user
The following pattern was used: \bUSER\b and was detected in the element starting with: "
Other Info (self.webpackChunktokenlab_novo_website=self.webpackChunktokenlab_novo_website||[]).push([[93],{6703:(Yt,Z,b)=>{"use strict";b.d", see evidence field for the suspicious
comment/snippet.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/main.828229131f1b1e63.js
Method GET
Parameter
Attack
Evidence query
The following pattern was used: \bQUERY\b and was detected in the element starting with: "
Other Info (self.webpackChunktokenlab_novo_website=self.webpackChunktokenlab_novo_website||[]).push([[179],{5847:(Ct,Se,T)=>{"use strict";T", see evidence field for the suspicious
comment/snippet.
URL https://www.tokenlab.com.br/polyfills.33afb6a5640f31ab.js
Method GET
Parameter
Attack
Evidence select
The following pattern was used: \bSELECT\b and was detected in the element starting with: ""use strict";
Other Info
(self.webpackChunktokenlab_novo_website=self.webpackChunktokenlab_novo_website||[]).push([[429],{5565:(rr,Ar,ds)=>{", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence todo
The following pattern was used: \bTODO\b and was detected in the element starting with: "<script id="serverApp-state" type="application/json">{&q;transfer-translate-pt&q;:
Other Info
{&q;header&q;:{&q;link1&q;:&q;O QUE FAZEMOS&q;", see evidence field for the suspicious comment/snippet.
Instances 28
Solution Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027
URL https://www.tokenlab.com.br/
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/assets/subtitles/subtitle-pt.vtt
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/robots.txt
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
URL https://www.tokenlab.com.br/sitemap.xml
Method GET
Parameter cache-control
Attack
Evidence max-age=2592000
Other Info
Instances 16
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public,
Solution
max-age, immutable".
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
https://grayduck.mn/2021/09/13/cache-control-recommendations/
CWE Id 525
WASC Id 13
Plugin Id 10015
URL https://d335luupugsy2.cloudfront.net/js/traffic-source-cookie/stable/traffic-source-cookie.min.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://static.hotjar.com/c/hotjar-3106680.js?sv=7
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2481
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2482
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2484
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2488
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2490
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2495
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2498
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2504
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2513
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2515
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2521
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2531
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2540
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2549
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2550
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2551
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2556
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2570
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2578
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2580
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2586
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2591
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2596
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2600
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2602
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2609
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2615
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2621
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2623
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2627
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2634
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2637
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2642
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2646
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2657
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2667
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 2674
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5663
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5673
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5687
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5715
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5734
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5735
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5739
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5752
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5754
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5755
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5756
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5757
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5765
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5768
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5777
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5788
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5791
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5796
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5800
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5809
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5813
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5824
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5825
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5826
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5841
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5847
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5857
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5873
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5884
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5906
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5913
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5918
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5924
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5926
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 5934
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6148
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6150
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6158
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6164
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6169
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6176
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6179
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6181
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6185
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6191
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6196
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6197
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6207
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6224
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6225
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6233
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6234
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6235
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6248
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6252
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6253
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6257
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6262
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6266
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6281
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6282
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6292
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6296
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6303
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6304
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6305
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6313
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6317
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6326
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6334
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6335
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6338
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6344
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6348
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6352
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6356
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6362
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6369
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6374
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6375
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6377
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6384
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6393
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6398
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6401
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6404
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6406
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6413
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6435
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6436
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6441
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6447
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6454
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6460
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6472
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6476
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6477
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6479
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6482
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6495
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6498
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6504
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6512
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6519
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6526
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6529
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6531
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6535
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6536
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6552
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6559
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6563
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6564
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6565
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6571
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6577
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6585
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6589
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6595
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6602
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6610
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6613
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6624
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6628
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6633
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6635
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.google-analytics.com/analytics.js
Method GET
Parameter
Attack
Evidence Age: 6636
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/128.ab6c0c382d402661.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/170.61771addbd460c63.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/383.21e175cdaeffcc68.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/543.a2d1b3e2a7095fab.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/605.9199830677b027ef.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/698.f1f03b3837748b26.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/763.020c312be3f1e1c1.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/837.b80c1610bf1f2b1d.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/93.506a992b6f2bdc70.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/962.a26819458b1fc8b5.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Black.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Bold.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Light.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Medium.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Regular.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/fonts/Montserrat-Semibold.woff2
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/agile-management-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/design-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devmobile-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/devweb-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/facebook-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/instagram-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/linkedin-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/about-us/quality-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btbodytech/bt-bodytech-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/btfit/btfit-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/cinemark/cinemark-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/onda/onda-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/saint-gobain/sg-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/cases/seguros-unimed/unimed-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/angular-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/arrival.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/aws-logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/calendar.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/chevron-right.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/cookie.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/drop-down.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/exercise.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw01.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw02.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/gptw03.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/grails-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-br.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-en.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/lang-es.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/live.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/menu-chevron.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/node-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/notebook.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/plan.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/schedule.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/signature.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/common/token-logo-dark.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/business-contact-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/careers-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/chevron-down.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/others-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/contact-us/sponsorships-events-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/facebook.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/instagram.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/linkedin.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/footer/logo-token.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bancoPan.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/bodytech.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/cinemark.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/DHL.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/exame.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/flex.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/hsm.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/saint-gobain.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/sirio-libanes.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/brands/unimed.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/home-section/play-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-left.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/landingpage/how-we-operate/chevron-right.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-bodytech.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/icons/logos/new-logo-btfit.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/about-us/token-frontage.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/bodytech-app.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/btbodytech-device-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/customer-bodytech.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/mockup-banner.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/plan.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/search-academies.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-1.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-2.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-3.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/slide-4.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btbodytech/training-visualization.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/bt-device-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/btfit-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/collective-classes-online.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/customer-btfit.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/mockup-banner.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-challenge.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/online-personal-trainer.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-1.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-2.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-3.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/slide-4.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/btfit/training-programs.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/cinemark/cinemark-device-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/onda/onda-device-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saint-gobain-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/saint-gobain/saintgobain-device-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-carousel.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/cases/unimed/unimed-our-cases-tablet.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-left.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/contact-us/gradient-right.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/company-background.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/cta-section/cta_logo.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/home-section-bg.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/institucional-tokenlab-poster.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/mask-tokenlab-icon.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/blockchain-widget.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/elipse.svg
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/iot-widget.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/mobile-widget.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.png
Method GET
Parameter
Attack
Evidence Age: 490792
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/ux-ui-widget.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/imgs/landingpage/what-we-do/web-widget.webp
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/subtitles/subtitle-pt.vtt
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/assets/videos/landingpage/institucional-tokenlab.webm
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/common.03c32c2bb2758b6f.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/favicon.ico
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/flags@2x.2704c069d12ee746.png
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/main.828229131f1b1e63.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/polyfills.33afb6a5640f31ab.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/pt/about-us
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases/btbodytech
Method GET
Parameter
Attack
Evidence Age: 490789
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases/btfit
Method GET
Parameter
Attack
Evidence Age: 490789
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases/cinemark
Method GET
Parameter
Attack
Evidence Age: 490789
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases/saint-gobain
Method GET
Parameter
Attack
Evidence Age: 490790
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/cases/seguros-unimed
Method GET
Parameter
Attack
Evidence Age: 490790
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/contact-us
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/contact-us/commercial
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/home
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/home/
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 490787
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 490876
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 490906
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 490951
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 490962
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491011
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491050
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491053
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491054
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491062
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491082
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491126
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491151
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491193
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491200
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491214
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491225
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491276
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491287
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491315
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491334
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491386
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491442
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491484
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491490
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491577
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491584
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491612
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491635
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491669
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491739
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491759
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/pt/privacy-policy
Method GET
Parameter
Attack
Evidence Age: 491791
Other Info The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use.
URL https://www.tokenlab.com.br/robots.txt
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/runtime.ef14e6c1f424c3e6.js
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
URL https://www.tokenlab.com.br/styles.883d752722b92374.css
Method GET
Parameter
Attack
Evidence Hit from cloudfront
Other Info
Instances 351
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent
the content being stored and retrieved from the cache by another user:
Expires: 0
This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in
response to a similar request.
https://tools.ietf.org/html/rfc7234
Reference https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)
CWE Id
WASC Id
Plugin Id 10050
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Trident/7.0; rv:11.0) like Gecko
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/91.0
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; CPU iPhone OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A366 Safari/600.1.4
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
Other Info
URL https://learning.tokenlab.dev/
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Other Info
Instances 12
Solution
Reference https://owasp.org/wstg
CWE Id
WASC Id
Plugin Id 10104