app.credentialmydoc.com Open in urlscan Pro
13.52.138.248  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response app.credentialmydoc.com/	13 KB 5 KB	788ms 216ms	Document text/html	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 2227a7b47633e268df0c2f2d727773ee53407f03254fed54ada0421e8f90ca2a Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Connection Keep-Alive Content-Encoding gzip Content-Length 3320 Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Type text/html; charset=UTF-8 Date Tue, 15 Nov 2022 16:34:29 GMT Feature-Policy fullscreen 'none' Keep-Alive timeout=5, max=100 Pragma no-cache Referrer-Policy same-origin Server CMD_HTTP_Server Strict-Transport-Security max-age=63072000; includeSubDomains Vary Accept-Encoding X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	bootstrap.min.css app.credentialmydoc.com/Login/css/	118 KB 20 KB	175ms 175ms	Stylesheet text/css	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/css/bootstrap.min.css Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 3f9ca7d27d09e8b4f9faf03518198b72a415fc4571b134d2b36dbb52b29c9dab Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:29 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 19760 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:35 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type text/css Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	modern-business.css app.credentialmydoc.com/Login/css/	17 KB 4 KB	513ms 171ms	Stylesheet text/css	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/css/modern-business.css Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 3f33df889a34564eb9ace40c82c9b0642c57c668ab4323c3d9968a2d7c9097de Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 3473 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:35 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type text/css Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	messi.css app.credentialmydoc.com/Login/css/	18 KB 4 KB	521ms 180ms	Stylesheet text/css	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/css/messi.css Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 2a1f5ee6a4c56601579ef5c077830ceae2d5f86755d39cd2d74e60a6ab2fd1b8 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 2794 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:35 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type text/css Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=100
GET H2	200	css fonts.googleapis.com/	8 KB 1 KB	87ms 35ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,600,700 Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash dda36ab0dda2b7ba616e824e0dd455eb222bf9fee24984c74e19df9fa962758e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 15 Nov 2022 16:34:29 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 15 Nov 2022 15:27:01 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 15 Nov 2022 16:34:29 GMT
GET H/1.1	200 OK	jquery-1.5.1.min.js Show response app.credentialmydoc.com/Login/js/	83 KB 30 KB	520ms 176ms	Script application/javascript	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/js/jquery-1.5.1.min.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 068f766895a8366592283006b0203960a5259a49f4d2e0326ba3dccf8fbdba80 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 29683 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:39 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	script.js Show response app.credentialmydoc.com/Login/js/	4 KB 2 KB	517ms 171ms	Script application/javascript	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/js/script.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 597bb7fbc9a2104eaca217915a686005432dcc7865be9615d65299cbbc0042e6 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 1365 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:39 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	jquery_cookie.js Show response app.credentialmydoc.com/Login/js/	2 KB 2 KB	519ms 173ms	Script application/javascript	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/js/jquery_cookie.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 00a35693781762a8396f74fce5df8955b6fea806d499fc0890a0ada4f6fd5791 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 764 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:39 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	ie_place_holder.js Show response app.credentialmydoc.com/Login/js/	3 KB 2 KB	518ms 172ms	Script application/javascript	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/js/ie_place_holder.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash e66e8e8009097821b3cdbf9d1727365f87ff3714d9e5cd9596a822c426a646d1 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 1138 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:39 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=98
GET H/1.1	200 OK	messi.js Show response app.credentialmydoc.com/Login/js/	19 KB 4 KB	684ms 170ms	Script application/javascript	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://app.credentialmydoc.com/Login/js/messi.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash 43398d58642415c03d88c13a776b12cb5571741fb4f23104335a8757fe360e61 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Content-Encoding gzip Connection Keep-Alive Content-Length 3006 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Fri, 27 Dec 2019 06:23:39 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type application/javascript Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Vary Accept-Encoding Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	logo-login.png app.credentialmydoc.com/Login/images/	133 KB 134 KB	170ms 170ms	Image image/png	13.52.138.248 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://app.credentialmydoc.com/Login/images/logo-login.png Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 13.52.138.248 San Jose, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-13-52-138-248.us-west-1.compute.amazonaws.com Software CMD_HTTP_Server / Resource Hash b52031ea09defe9e01fa96c04cf07125bea94f2c694b9b6928e566b5b228db96 Security Headers Name Value Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://app.credentialmydoc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers Date Tue, 15 Nov 2022 16:34:30 GMT Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff Content-Security-Policy default-src 'unsafe-inline' 'unsafe-eval' https: Connection Keep-Alive Content-Length 136650 X-XSS-Protection 1; mode=block Pragma no-cache Referrer-Policy same-origin Last-Modified Thu, 04 Mar 2021 05:25:49 GMT Server CMD_HTTP_Server X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods POST, GET, OPTIONS, DELETE, PUT Content-Type image/png Access-Control-Allow-Origin * Access-Control-Max-Age 1000 Feature-Policy fullscreen 'none' Cache-Control private, no-cache, no-store, proxy-revalidate, no-transform Accept-Ranges bytes Access-Control-Allow-Headers x-requested-with, Content-Type, origin, authorization, accept, client-security-token Keep-Alive timeout=5, max=98
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	72ms 21ms	Script text/javascript	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: app.credentialmydoc.com URL: https://app.credentialmydoc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Tue, 15 Nov 2022 15:24:49 GMT last-modified Tue, 27 Sep 2022 22:01:05 GMT server Golfe2 age 4181 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20039 expires Tue, 15 Nov 2022 17:24:49 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 214 B	29ms 28ms	XHR text/plain	2a00:1450:4001:811::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1156278969&t=pageview&_s=1&dl=https%3A%2F%2Fapp.credentialmydoc.com%2F&ul=en-us&de=UTF-8&dt=CredentialMyDoc%20-%20Credentialing%20and%20Provider%20Enrollment%20Made%20Easy&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=2083049988&gjid=675703073&cid=776296131.1668530070&tid=UA-44201677-1&_gid=913000211.1668530070&_r=1&_slc=1&z=2135619408 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Tue, 15 Nov 2022 16:34:30 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://app.credentialmydoc.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 444 B	86ms 29ms	XHR text/plain	2a00:1450:400c:c0c::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-44201677-1&cid=776296131.1668530070&jid=2083049988&gjid=675703073&_gid=913000211.1668530070&_u=IEBAAAAAAAAAACAAI~&z=847882189 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Tue, 15 Nov 2022 16:34:30 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://app.credentialmydoc.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| slideshowSpeed object| photos object| jQuery1510556815766492768 function| MessiContentChange function| Messi string| GoogleAnalyticsObject function| ga number| val_chk object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			app.credentialmydoc.com/	1969-12-31 23:59:59	Name: ci_session Value: a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22c97e9ef86d457a1ad6c5415b0adc4bd6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22217.114.215.133%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A116%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F107.0.5304.110+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1668530069%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D27694b7073ff33b918a7381d1898d703
			.credentialmydoc.com/	1970-01-20 17:04:50	Name: _ga Value: GA1.2.776296131.1668530070
			.credentialmydoc.com/	1970-01-20 07:30:16	Name: _gid Value: GA1.2.913000211.1668530070
			.credentialmydoc.com/	1970-01-20 07:28:50	Name: _gat Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'unsafe-inline' 'unsafe-eval' https:
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.credentialmydoc.com
fonts.googleapis.com
stats.g.doubleclick.net
www.google-analytics.com
13.52.138.248
2a00:1450:4001:811::200e
2a00:1450:4001:813::200a
2a00:1450:400c:c0c::9a
00a35693781762a8396f74fce5df8955b6fea806d499fc0890a0ada4f6fd5791
068f766895a8366592283006b0203960a5259a49f4d2e0326ba3dccf8fbdba80
2227a7b47633e268df0c2f2d727773ee53407f03254fed54ada0421e8f90ca2a
2a1f5ee6a4c56601579ef5c077830ceae2d5f86755d39cd2d74e60a6ab2fd1b8
3f33df889a34564eb9ace40c82c9b0642c57c668ab4323c3d9968a2d7c9097de
3f9ca7d27d09e8b4f9faf03518198b72a415fc4571b134d2b36dbb52b29c9dab
43398d58642415c03d88c13a776b12cb5571741fb4f23104335a8757fe360e61
597bb7fbc9a2104eaca217915a686005432dcc7865be9615d65299cbbc0042e6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b52031ea09defe9e01fa96c04cf07125bea94f2c694b9b6928e566b5b228db96
dda36ab0dda2b7ba616e824e0dd455eb222bf9fee24984c74e19df9fa962758e
e66e8e8009097821b3cdbf9d1727365f87ff3714d9e5cd9596a822c426a646d1