dev2.api.customer.roche.com Open in urlscan Pro
2606:4700::6810:9ff9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dev2.api.customer.roche.com/
Submission: On May 09 via automatic, source certstream-suspicious (May 9th 2023, 11:39:50 pm UTC) — Scanned from DE

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700::6810:9ff9, located in United States and belongs to CLOUDFLARENET, US. The main domain is dev2.api.customer.roche.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 9th 2023. Valid for: a year.

This is the only time dev2.api.customer.roche.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	2606:4700::68... 2606:4700::6810:9ff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	65.9.93.192 65.9.93.192	16509 (AMAZON-02) (AMAZON-02)
4	65.9.66.4 65.9.66.4	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	35.164.130.195 35.164.130.195	16509 (AMAZON-02) (AMAZON-02)
18	7

9 2606:4700::6810:9ff9 (United States)

ASN13335 (CLOUDFLARENET, US)

dev2.api.customer.roche.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.93.192 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-93-192.prg50.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.66.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-4.fra56.r.cloudfront.net

track.cube.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.164.130.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-164-130-195.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	roche.com dev2.api.customer.roche.com	764 KB
4	cube.dev track.cube.dev — Cisco Umbrella Rank: 937330	865 B
2	segment.com cdn.segment.com — Cisco Umbrella Rank: 1613	30 KB
1	segment.io api.segment.io — Cisco Umbrella Rank: 1143	183 B
1	gstatic.com fonts.gstatic.com	38 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 50	1 KB
18	6

	Domain	Requested by
9	dev2.api.customer.roche.com	dev2.api.customer.roche.com
4	track.cube.dev	dev2.api.customer.roche.com
2	cdn.segment.com	dev2.api.customer.roche.com cdn.segment.com
1	api.segment.io	cdn.segment.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	dev2.api.customer.roche.com
18	6

This site contains links to these domains. Also see Links.

Domain
slack.cube.dev
cube.dev

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-09` - `2024-05-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.segment.com Amazon RSA 2048 M01	`2023-02-24` - `2024-01-12`	a year	crt.sh
track.cube.dev Amazon RSA 2048 M01	`2023-02-28` - `2023-10-01`	7 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.segment.io Amazon RSA 2048 M01	`2023-02-10` - `2024-02-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dev2.api.customer.roche.com/
Frame ID: 152766765546DEB032F6762AA9190059
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cube Playground

Detected technologies

Ant Design (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

834 kB
Transfer

5334 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://slack.cube.dev/
Title: Slack

Search URL Search Domain Scan URL

URL: https://cube.dev/docs
Title: Docs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
dev2.api.customer.roche.com/ 2 KB
5 KB 213ms
96ms Document
text/html 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

162b9a45bb21dd052587fea4f2648f89b4d2706623c40bbb097e0213b641b189

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
CF-Ray: 7c4dc898ac9e1c3e-FRA
Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: br
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Type: text/html; charset=UTF-8
Date: Tue, 09 May 2023 23:39:45 GMT
Expect-Staple: max-age=86400; includeSubDomains
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Referrer-Policy: strict-origin-when-cross-origin
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Server: cloudflare
Strict-Transport-Security: max-age=86400;
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK antd.min.css
dev2.api.customer.roche.com/ 969 KB
70 KB 98ms
98ms Stylesheet
text/css 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/antd.min.css

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bddb30666ccbd3f8b1f12a624955bdcbbf2581a9a69ef19076fa025bb2fbab3

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:45 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 09 May 2023 23:39:45 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Cache-Control: public, max-age=14400
X-Frame-Options: SAMEORIGIN
CF-Ray: 7c4dc8994d2c1c3e-FRA
Expires: Wed, 10 May 2023 03:39:45 GMT

GET
H/1.1 200
OK index.a0964efa.js Show response
dev2.api.customer.roche.com/assets/ 2 MB
575 KB 182ms
101ms Script
application/javascript 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/assets/index.a0964efa.js

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d2ae3f73854ef91d1e54af7f92d627ab45f3e98904ffc7d6d1fc14c35ab4776

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dev2.api.customer.roche.com/
Origin: https://dev2.api.customer.roche.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:45 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 09 May 2023 23:39:45 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Cache-Control: public, max-age=14400
X-Frame-Options: SAMEORIGIN
CF-Ray: 7c4dc899ce532bb5-FRA
Expires: Wed, 10 May 2023 03:39:45 GMT

GET
H/1.1 200
OK index.af3b87a2.css
dev2.api.customer.roche.com/assets/ 26 KB
7 KB 175ms
95ms Stylesheet
text/css 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/assets/index.af3b87a2.css

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af3b87a20d511d36d7e6139627867c16a096517d88e97ff411a3d54e7f15ba7a

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:45 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 09 May 2023 23:39:45 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Cache-Control: public, max-age=14400
X-Frame-Options: SAMEORIGIN
CF-Ray: 7c4dc899cf59926d-FRA
Expires: Wed, 10 May 2023 03:39:45 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 139ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap&css

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/antd.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 09 May 2023 23:39:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 09 May 2023 22:30:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 May 2023 23:39:45 GMT

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/ 104 KB
29 KB 159ms
64ms Script
text/javascript 65.9.93.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/analytics.min.js
Requested by: Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-93-192.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: deef69de0bf26a150cce9d9a711d42d94d94843e75d52f0bc1cf69e8728d778f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: jDMu_74SQxaOYiMwUIvDBUyogrJgPyAN
content-encoding: gzip
via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
date: Tue, 09 May 2023 23:38:48 GMT
x-amz-cf-pop: PRG50-C1
age: 58
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 21 Apr 2023 07:58:56 GMT
server: AmazonS3
etag: W/"f5b1d18498dd21e1590fe1ec0ce72d8c"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: aHSLIhANRlxB2KBZR_uZgbSTMKkfchRZFOjwRVqYvmxSzMlKbyYVrQ==

GET
H/1.1 200
OK context Show response
dev2.api.customer.roche.com/playground/ 478 B
4 KB 121ms
121ms Fetch
application/json 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/playground/context

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5132f633e4175e78077381e51ba042b978fa0481ae15e82fa3ac38cbec9dcbf2

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:45 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
ETag: W/"1de-yuR/H81rkYBgBxuPq0XsmcRQKtw"
X-Frame-Options: SAMEORIGIN
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Vary: Accept-Encoding
CF-Ray: 7c4dc89bf87c2bb5-FRA

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/ 546 B
1 KB 140ms
57ms Fetch
application/json 65.9.93.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-93-192.prg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7ac940a75020ef8f01d722c1c4b22cfed880fdbf5fd33562473febdc726550a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: ScP4GDm1at_.bqtAOhvrW2ps3NoFZneC
date: Tue, 09 May 2023 22:56:02 GMT
via: 1.1 a198ea04052d45eb515f27260bc6c05c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 2625
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 546
last-modified: Wed, 01 Mar 2023 02:06:58 GMT
server: AmazonS3
etag: "b0d5ef31eb772d7325c16fe6875d6fa6"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
accept-ranges: bytes
x-amz-cf-id: 2vmRRIarZ4PLmlmL244lbYls5Apuul93jLGdw-GCjk9-rqQL5y-gyQ==

POST
H2 200 track Show response
track.cube.dev/ 2 B
432 B 238ms
237ms Fetch
application/json 65.9.66.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.cube.dev/track
Requested by: Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-4.fra56.r.cloudfront.net
Software: Google Frontend /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://dev2.api.customer.roche.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 May 2023 23:39:46 GMT
content-encoding: gzip
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
server: Google Frontend
x-amz-cf-pop: FRA56-C1
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 26dcf3c75dffe902b12d716f422ea7d7
cache-control: private
function-execution-id: 5d79hw74qkua
x-amz-cf-id: 3AgO1F8zUD3Rp8zieq7ArFLzD8ByGdSTcJ-eBasr4LkEdHscX5ctag==

OPTIONS
H2 204 track
track.cube.dev/ 0
0 299ms
158ms Preflight 65.9.66.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.cube.dev/track
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-4.fra56.r.cloudfront.net
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://dev2.api.customer.roche.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
date: Tue, 09 May 2023 23:39:46 GMT
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
function-execution-id: 218nb75vkwzu
server: Google Frontend
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
x-amz-cf-id: asP2nt1aKXbLY8hnQOnJbj4ZidzNbgmB5JZX4z-8BEWpdF0TcsD5IQ==
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
x-cloud-trace-context: d52abe4079b6619fa0c19b7103d060b7

GET
H/1.1 200
OK cubejs-playground-logo.svg
dev2.api.customer.roche.com/ 11 KB
8 KB 95ms
95ms Image
image/svg+xml 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev2.api.customer.roche.com/cubejs-playground-logo.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5e6b0d88c3f8d59dc0c23e2671c597104f08a4e6fe694137f87cf0a237eab90

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:46 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 09 May 2023 23:39:46 GMT
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Cache-Control: public, max-age=14400
X-Frame-Options: SAMEORIGIN
CF-Ray: 7c4dc89ce93c2bb5-FRA
Expires: Wed, 10 May 2023 03:39:46 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v12/ 37 KB
38 KB 130ms
39ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v12/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;700&display=swap&css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dev2.api.customer.roche.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 06 May 2023 06:05:37 GMT
x-content-type-options: nosniff
age: 322449
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37924
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 20:54:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 05 May 2024 06:05:37 GMT

GET
H/1.1 200
OK files Show response
dev2.api.customer.roche.com/playground/ 12 B
3 KB 160ms
160ms Fetch
application/json 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/playground/files

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

602e35a92eec4bc0a2ec6ae113f07bfc6933322fb69fe8dee416e5a67217e2a2

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:46 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
Content-Length: 12
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
ETag: W/"c-6WwUVK4nyhbg0SVvUUqWNvGXOYI"
X-Frame-Options: SAMEORIGIN
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Vary: Accept-Encoding
CF-Ray: 7c4dc89d099c926d-FRA

GET
H/1.1 200
OK status Show response
dev2.api.customer.roche.com/playground/live-preview/ 34 B
4 KB 84ms
84ms Fetch
application/json 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/playground/live-preview/status

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0410c2144481e5b389f62fe142c78882daf8e8ca884f05034a1d7696c160d917

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:46 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
Content-Length: 34
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
ETag: W/"22-wCkUADtAlrE4SmtINtDJsWpIV+Q"
X-Frame-Options: SAMEORIGIN
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Vary: Accept-Encoding
CF-Ray: 7c4dc89d0fe51c3e-FRA

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
183 B 634ms
209ms Fetch
application/json 35.164.130.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.164.130.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-164-130-195.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://dev2.api.customer.roche.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://dev2.api.customer.roche.com
date: Tue, 09 May 2023 23:39:46 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H/1.1 200
OK db-schema
dev2.api.customer.roche.com/playground/ 2 MB
88 KB 4434ms
4434ms Fetch
application/json 2606:4700::6810:9ff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dev2.api.customer.roche.com/playground/db-schema

Requested by

Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2606:4700::6810:9ff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dev2.api.customer.roche.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 09 May 2023 23:39:50 GMT
Strict-Transport-Security: max-age=86400;
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"report_to":"default","max_age":86400,"include_subdomains":true,"failure_fraction": 0.01}
Content-Security-Policy: object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Content-Encoding: br
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Connection: keep-alive
Feature-Policy-Report-Only: geolocation 'none'; camera 'none'; fullscreen *; payment 'self'
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
ETag: W/"2251b7-BPT20wUY0JdUNeEGUXNWdSM2rjM"
X-Frame-Options: SAMEORIGIN
Report-To: {"group":"default","max_age":86400,"endpoints":[{"url":"https://ayba8dhs.uriports.com/reports"}],"include_subdomains":true}
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Expect-Staple: max-age=86400; includeSubDomains
Vary: Accept-Encoding
CF-Ray: 7c4dc89e1a3f926d-FRA

GET
DATA 200
OK truncated
/ 292 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 47876aab32ddb44b24281df5906be7ad98ce99a687ade336da438b51a2192b59

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 track Show response
track.cube.dev/ 2 B
433 B 191ms
191ms Fetch
application/json 65.9.66.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.cube.dev/track
Requested by: Host: dev2.api.customer.roche.com
URL: https://dev2.api.customer.roche.com/assets/index.a0964efa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-4.fra56.r.cloudfront.net
Software: Google Frontend /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://dev2.api.customer.roche.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 09 May 2023 23:39:46 GMT
content-encoding: gzip
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
server: Google Frontend
x-amz-cf-pop: FRA56-C1
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: f5ef6118799dd46fa4836ae9e7735bb1
cache-control: private
function-execution-id: se6b2jnrvu6o
x-amz-cf-id: HgWw5K9JivHOC_VLomtIvkueobkvHRFFy3BSCu6uyxUqySnUembLAQ==

OPTIONS
H2 204 track
track.cube.dev/ 0
0 162ms
161ms Preflight 65.9.66.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.cube.dev/track
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-4.fra56.r.cloudfront.net
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://dev2.api.customer.roche.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 3600
date: Tue, 09 May 2023 23:39:46 GMT
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
function-execution-id: pff1oaxi51kc
server: Google Frontend
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
x-amz-cf-id: ICdmidqErfRdoL4VbfKYBVGiBXpfMkNJeatWR7i30Uzr492t-oXwPg==
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
x-cloud-trace-context: bf9323055ac4fb26700dc70bfd59de81

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.roche.com/	1970-01-20 11:41:17	Name: __cf_bm Value: tAKxW33RlSHLOL68uTs3g5D075booXLmBRVyLERQ1tY-1683675585-0-AQfae/Luf6fDwLG0NSGD7iymv51m/C8zBnF2AdsoJqWW6wn3vMlMDEpZfu0feK8bCSxMC+t3CzJqM9sKweiVAVQ=
.roche.com/	1969-12-31 23:59:59	Name: __cfruid Value: 038388ca494fef5c7b8f38fa1be24265cbb745c3-1683675585
.roche.com/	1970-01-20 20:26:51	Name: ajs_anonymous_id Value: adaf997c-ce0a-4024-bf8f-685395a78849

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://dev2.api.customer.roche.com/(Line 29) Message: [Report Only] Refused to load the script 'https://cdn.segment.com/analytics.js/v1/dSR8JiNYIGKyQHKid9OaLYugXLao18hA/analytics.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' .roche.com .roche.net .gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com .gstatic.com static.ads-twitter.com sjs.bizographics.com .linkedin.com www.google.com w.soundcloud.com s.ytimg.com .cloudflareaccess.com .salesforceliveagent.com https://.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default
Strict-Transport-Security	max-age=86400;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
cdn.segment.com
dev2.api.customer.roche.com
fonts.googleapis.com
fonts.gstatic.com
track.cube.dev
2606:4700::6810:9ff9
2a00:1450:4001:806::200a
2a00:1450:4001:831::2003
35.164.130.195
65.9.66.4
65.9.93.192
0410c2144481e5b389f62fe142c78882daf8e8ca884f05034a1d7696c160d917
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
162b9a45bb21dd052587fea4f2648f89b4d2706623c40bbb097e0213b641b189
2a6d7a06a4458b56f188177654688a18648aaf4800feee0a4a09a858f46bc920
2bddb30666ccbd3f8b1f12a624955bdcbbf2581a9a69ef19076fa025bb2fbab3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
450f3ba4e47ee174bd9692b396f264b907d37d2528f53911760f3d0edb785f7e
47876aab32ddb44b24281df5906be7ad98ce99a687ade336da438b51a2192b59
5132f633e4175e78077381e51ba042b978fa0481ae15e82fa3ac38cbec9dcbf2
602e35a92eec4bc0a2ec6ae113f07bfc6933322fb69fe8dee416e5a67217e2a2
6d2ae3f73854ef91d1e54af7f92d627ab45f3e98904ffc7d6d1fc14c35ab4776
7ac940a75020ef8f01d722c1c4b22cfed880fdbf5fd33562473febdc726550a1
af3b87a20d511d36d7e6139627867c16a096517d88e97ff411a3d54e7f15ba7a
b5e6b0d88c3f8d59dc0c23e2671c597104f08a4e6fe694137f87cf0a237eab90
deef69de0bf26a150cce9d9a711d42d94d94843e75d52f0bc1cf69e8728d778f

dev2.api.customer.roche.com Open in urlscan Pro 2606:4700::6810:9ff9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

7 IPs

2 Countries

834 kBTransfer

5334 kBSize

3 Cookies

2 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

dev2.api.customer.roche.com Open in urlscan Pro
2606:4700::6810:9ff9 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

7
IPs

2
Countries

834 kB
Transfer

5334 kB
Size

3
Cookies

18 HTTP transactions
1 data transactions