urlscan.io logo urlscan.io
SecurityTrails logo

uat-auth.mims.com Open in urlscan Pro
151.139.128.10  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uat.sso.mims.com/
Effective URL: https://uat-auth.mims.com/account/login
Submission: On February 15 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 151.139.128.10, located in United States and belongs to STACKPATH-CDN, US. The main domain is uat-auth.mims.com.
TLS certificate: Issued by R3 on January 25th 2023. Valid for: 3 months.
This is the only time uat-auth.mims.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 151.139.128.10 20446 (STACKPATH...)
2 2a04:4e42::485 54113 (FASTLY)
1 2001:4de0:ac1... 20446 (STACKPATH...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
15 5
10    151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net
uat.sso.mims.com
uat-auth.mims.com
2    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2001:4de0:ac18::1:a:2a (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
Apex Domain
Subdomains		 Transfer
10 mims.com
uat.sso.mims.com
uat-auth.mims.com
187 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 228
10 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
46 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 66
84 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 756
30 KB
15 5
Domain Requested by
9 uat-auth.mims.com uat-auth.mims.com
2 cdnjs.cloudflare.com uat-auth.mims.com
2 cdn.jsdelivr.net uat-auth.mims.com
1 www.googletagmanager.com uat-auth.mims.com
1 code.jquery.com uat-auth.mims.com
1 uat.sso.mims.com 1 redirects
15 6

This site contains links to these domains. Also see Links.

Domain
uat.mims.com
uat.sso.mims.com
uat-sso1.mims.com
corporate.mims.com
policy.mims.com
www.mims.com
Subject Issuer Validity Valid
uat-auth.mims.com
R3		 2023-01-25 -
2023-04-25		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-02-01 -
2023-04-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://uat-auth.mims.com/account/login
Frame ID: E95D8558C3F05F08C8ED44D1A92FBB71
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MIMS Account

Page URL History Show full URLs

  1. https://uat.sso.mims.com/ HTTP 301
    https://uat-auth.mims.com/account/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

15
Requests

100 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

3
Countries

356 kB
Transfer

826 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uat.sso.mims.com/ HTTP 301
    https://uat-auth.mims.com/account/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
uat-auth.mims.com/account/
Redirect Chain
  • https://uat.sso.mims.com/
  • https://uat-auth.mims.com/account/login
15 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
1cd96b18f22fa3ea3ff231b2aee6bb4db48fca6aa301f38c0d09d98d59eda555
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.mims.com; connect-src 'self' *.mims.com localhost:* ws://localhost:* www.google-analytics.com stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net; style-src * 'self' 'unsafe-inline' *.mims.com localhost:* ; style-src-elem * 'self' 'unsafe-inline' *.mims.com localhost:* ; img-src 'self' www.google.com www.google.com.sg www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' localhost:* *.mims.com; frame-src 'self' localhost:* *.mims.com; sandbox allow-forms allow-same-origin allow-scripts; object-src 'none'; upgrade-insecure-requests;base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src 'self' *.mims.com; connect-src 'self' *.mims.com localhost:* ws://localhost:* www.google-analytics.com stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net; style-src * 'self' 'unsafe-inline' *.mims.com localhost:* ; style-src-elem * 'self' 'unsafe-inline' *.mims.com localhost:* ; img-src 'self' www.google.com www.google.com.sg www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' localhost:* *.mims.com; frame-src 'self' localhost:* *.mims.com; sandbox allow-forms allow-same-origin allow-scripts; object-src 'none'; upgrade-insecure-requests;base-uri 'self';
content-type
text/html; charset=utf-8
date
Wed, 15 Feb 2023 07:37:44 GMT
pragma
no-cache
referrer-policy
no-referrer
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
server
fbs
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-hw
1676446663.cds004.fr8.hn,1676446663.cds097.fr8.sc,1676446664.waf1-node02-fra02.stackpath.systems.-.wx,1676446664.cds097.fr8.p
x-powered-by
ASP.NET

Redirect headers

access-control-allow-origin
*
access-control-expose-headers
Request-Context
cache-control
private
content-encoding
gzip
content-security-policy
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com www.googletagservices.com securepubads.g.doubleclick.net *.google.com.sg tpc.googlesyndication.com;
content-type
text/html; charset=utf-8
date
Wed, 15 Feb 2023 07:37:43 GMT
location
https://uat-auth.mims.com/account/login
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:830bc5ec-b732-4b67-900c-eac59cc80f54
server
fbs
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-aspnet-version
4.0.30319
x-aspnetmvc-version
5.2
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-hw
1676446662.cds156.fr8.hn,1676446662.cds006.fr8.sc,1676446663.waf1-node03-fra02.stackpath.systems.-.wx,1676446663.cds006.fr8.p
x-xss-protection
1; mode=block
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/ 		158 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/css/bootstrap.min.css
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://uat-auth.mims.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 15 Feb 2023 07:37:44 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
3572971
x-jsd-version
4.6.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
24140
x-served-by
cache-fra-eddf8230124-FRA
x-jsd-version-type
version
etag
W/"278e1-H7g/xZXPKL+TYth2EOrfo7e7vlk"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
site.min.css
uat-auth.mims.com/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/css/site.min.css
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
66a6b66ad5d598990a35cd7fb70119c965ce2c96288623d099ef6a36286056a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d6d11"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-hw
1676446664.cds004.fr8.hn,1676446664.cds223.fr8.sc,1676446665.cdn2-wafbe01-fra1.stackpath.systems.-.wx,1676446665.cds223.fr8.p
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
google_logo.svg
uat-auth.mims.com/img/ 		1 KB
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat-auth.mims.com/img/google_logo.svg
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
5722617974160d10a2564c051caf679e6686955012aa626f1dcf163e20ebcedd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d7d1b"
x-powered-by
ASP.NET
x-hw
1676446664.cds004.fr8.hn,1676446664.cds138.fr8.sc,1676446665.waf1-node03-fra02.stackpath.systems.-.wx,1676446665.cds138.fr8.p
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
Origin
https://uat-auth.mims.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:44 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d9d"
vary
Accept-Encoding
x-hw
1676446664.dop002.fr8.t,1676446664.cds142.fr8.hn,1676446664.cds144.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/ 		81 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.bundle.min.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
7e02c082fedfc821a8a51fe004dab6896dd928876a21ccac8675142c2e2f7b1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://uat-auth.mims.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 15 Feb 2023 07:37:44 GMT
x-content-type-options
nosniff
content-encoding
gzip
age
105420
x-jsd-version
4.6.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
22088
x-served-by
cache-fra-eddf8230124-FRA
x-jsd-version-type
version
etag
W/"14535-A2PLWLentg73+/gri862MFIyUBo"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
nanobar.min.js
uat-auth.mims.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/js/nanobar.min.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
9bd0758b6d2bcf3d29f2576672e841b26edd7982acc0f9366b96df8d7814bfe2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d7fcc"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-hw
1676446664.cds004.fr8.hn,1676446664.cds290.fr8.sc,1676446665.cdn2-wafbe01-fra1.stackpath.systems.-.wx,1676446665.cds290.fr8.p
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
load-nanobar.js
uat-auth.mims.com/js/ 		48 B
328 B 		Script
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/js/load-nanobar.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
a34c26ffb68cecb308c24a59c4689e49655c74dfec75e9cb2a8aab3b119a6b2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d7830"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-hw
1676446664.cds004.fr8.hn,1676446664.cds241.fr8.sc,1676446665.waf1-node02-fra02.stackpath.systems.-.wx,1676446665.cds241.fr8.p
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
gtm-script.js
uat-auth.mims.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/js/gtm-script.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
f1179918d25d03e61ea55b28a8295fa1325a952203c1c0614abb41f488d95cb9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d7f45"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-hw
1676446664.cds004.fr8.hn,1676446664.cds291.fr8.sc,1676446665.cdn2-redis01-fra1.stackpath.systems.-.wx,1676446665.cds291.fr8.p
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
login-script.js
uat-auth.mims.com/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat-auth.mims.com/js/login-script.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
bbbe3d3af20db4f0f53c189ba205422405b6a72c5884a9ed921f246506b973dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d77fe"
x-powered-by
ASP.NET
vary
Accept-Encoding
x-hw
1676446664.cds004.fr8.hn,1676446664.cds255.fr8.sc,1676446665.cdn2-redis01-fra1.stackpath.systems.-.wx,1676446665.cds255.fr8.p
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.3/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.3/jquery.validate.min.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c0cc637858d6503cba9262f8be75740c29e853605a153a7bde46a6e2e367eb0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
38962
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6996
last-modified
Fri, 11 Jun 2021 11:01:59 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"60c342a7-1b54"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLn2Fb%2FbyOT8kzl%2BJ6wB50FgaTUnYcmIAZX8bJZkXxoHVIXaMMK34TJY8m1VTKtj7m4%2BlaBP1KddX1N51PFSGqit9EdlVxrr%2F3Al9fZ2DbHbMqwqm7kVTHgSkf4d3Wk%2FmYoLz4B0KB6gmV%2FlvIJ0hUef"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
799c6144bd1f30e4-FRA
expires
Mon, 05 Feb 2024 07:37:44 GMT
jquery.validate.unobtrusive.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.12/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/3.2.12/jquery.validate.unobtrusive.min.js
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc39d86f356a710875ddf4eb30f11ef23ac5a3f4240a183325ba361506c60cc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1014214
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1947
last-modified
Tue, 09 Feb 2021 01:12:07 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"6021e167-16ef"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7adC6vDKfWeVztTp560DPeqd6nBvwdz6zaTxrzy0xgs7ZEtR2qPMjGqW1lSbU6uCZxrnvdBfKZq4euzh2CojefXRX7f3h05%2Bsy6ws1LqFQQsnShFlxQO%2BixXNy3Jgr13fU7Edv8D2xzvDuLyHhjEXlb"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
799c6144bd2030e4-FRA
expires
Mon, 05 Feb 2024 07:37:44 GMT
eye-open.svg
uat-auth.mims.com/img/ 		1 KB
779 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat-auth.mims.com/img/eye-open.svg
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/css/site.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
db1bfc79d4d3dd40674e9d2e3113057b6f92226c341b039e1e11b79422ecbaa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat-auth.mims.com/css/site.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:45 GMT
content-encoding
gzip
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77d7c68"
x-powered-by
ASP.NET
x-hw
1676446665.cds004.fr8.hn,1676446665.cds057.fr8.sc,1676446665.waf1-node01-fra02.stackpath.systems.-.wx,1676446665.cds057.fr8.p
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
sso_login_image.png
uat-auth.mims.com/img/ 		171 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat-auth.mims.com/img/sso_login_image.png
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/css/site.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
fbs / ASP.NET
Resource Hash
650ff84de40b36a867acf7918a2732d9ca5401a531ccc6a5b6ea85bb0a473e3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://uat-auth.mims.com/css/site.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:46 GMT
last-modified
Mon, 16 Jan 2023 03:59:44 GMT
server
fbs
etag
"1d9295ef77fd313"
x-powered-by
ASP.NET
x-hw
1676446665.cds004.fr8.hn,1676446665.cds243.fr8.sc,1676446666.waf1-node02-fra02.stackpath.systems.-.wx,1676446666.cds243.fr8.p
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
174867
request-context
appId=cid-v1:2de3446d-9abe-4394-adef-a9d61c7dd111
gtm.js
www.googletagmanager.com/ 		268 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5VKNKJC
Requested by
Host: uat-auth.mims.com
URL: https://uat-auth.mims.com/js/gtm-script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4bde5b6e200f0f15633464b5a34014d66c086b547bfdccbcaeb6fce2ecc84227
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date
Wed, 15 Feb 2023 07:37:46 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85833
x-xss-protection
0
last-modified
Wed, 15 Feb 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Feb 2023 07:37:46 GMT

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery object| bootstrap function| Nanobar object| nanobar function| gtm_init function| gtm_signin_button_clicked function| gtm_signup_button_clicked function| gtm_continue_with_google_button_clicked object| dataLayer function| js_init function| form_init function| form_submitted function| btnSignUp_clicked function| btnContinueWithGoogle_clicked function| validate_success function| validate_failed function| reset_form_validation function| on_error function| start_login function| disable_login_button function| enable_login_button function| validate_empty_fields function| toogle_password_eye function| set_input_group_focus object| google_tag_manager object| google_tag_data

13 Cookies

Domain/Path Name / Value
uat.sso.mims.com/ Name: SPSI
Value: 2f1c6698e9523aa40edd183a227e4911
uat.sso.mims.com/ Name: SPSE
Value: dxCTeKcMfGo4ONOW3paqCrGdiqB+22SGo2JKt1ikKKIl+G89Ab4oB4jUUoUo8twWcrGLNfHOHIIeK1VJnu3xEQ==
uat.sso.mims.com/ Name: ASP.NET_SessionId
Value: rqtzri4vzsc3xeoyrhjz5ore
.uat.sso.mims.com/ Name: ARRAffinity
Value: 16dabfc2d7683b1ac3e8b263fa42408c3f08cb2e9b4b737da56dd22bf1472944
.uat.sso.mims.com/ Name: ARRAffinitySameSite
Value: 16dabfc2d7683b1ac3e8b263fa42408c3f08cb2e9b4b737da56dd22bf1472944
uat-auth.mims.com/ Name: SPSI
Value: 0e5c5e5c78e46197652a5f9ce54e93ce
uat-auth.mims.com/ Name: SPSE
Value: P2mqpadvwEizUoAAWc/0EByK2ZCvbw2xxjnNt+5AD/LiND1GblR/EqUCuVRuldV11CiCsftW0D0PdxVxyeQLvg==
uat-auth.mims.com/ Name: spcsrf
Value: 7119db6e938e4b61e0b4e8d4c6d5aef6
uat-auth.mims.com/ Name: UTGv2
Value: D-h4a237e6e3bcb6474dc7c4916df36a8ccb88
uat-auth.mims.com/ Name: .AspNetCore.Antiforgery.t3FzIQCpEDY
Value: CfDJ8HKz4tHpmrFMgUCsImn2_GYNTzNhKghH_Gg7Gga0n8tZR_vz9NQ_JU661q-Sdt0BG6w7-zwZ6y75sNKOFF8w5pQ4qMAj-wqgIVmAgQy-VNeqpAvMpkDI3-un791thzylLrHvdg6rtGDnRO-ETRGm8Dc
.uat-auth.mims.com/ Name: ARRAffinity
Value: 16dabfc2d7683b1ac3e8b263fa42408c3f08cb2e9b4b737da56dd22bf1472944
.uat-auth.mims.com/ Name: ARRAffinitySameSite
Value: 16dabfc2d7683b1ac3e8b263fa42408c3f08cb2e9b4b737da56dd22bf1472944
uat-auth.mims.com/ Name: sp_lit
Value: VPIH08tfITntZSTxCJe1Dg==

3 Console Messages

Source Level URL
Text
security warning URL: https://uat-auth.mims.com/account/login
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error URL: https://uat-auth.mims.com/account/login(Line 16)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net". Either the 'unsafe-inline' keyword, a hash ('sha256-+NIkyLdF8+c0vY6K9Q9PFHQwy9I/nC0gSk12A3VVqh0='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://uat-auth.mims.com/account/login(Line 22)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net". Either the 'unsafe-inline' keyword, a hash ('sha256-dSKi3P7xQyKkA2l5Tcs4cgnoz7VKBZFMuNeaP2ZiMec='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.mims.com; connect-src 'self' *.mims.com localhost:* ws://localhost:* www.google-analytics.com stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net; style-src * 'self' 'unsafe-inline' *.mims.com localhost:* ; style-src-elem * 'self' 'unsafe-inline' *.mims.com localhost:* ; img-src 'self' www.google.com www.google.com.sg www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' localhost:* *.mims.com; frame-src 'self' localhost:* *.mims.com; sandbox allow-forms allow-same-origin allow-scripts; object-src 'none'; upgrade-insecure-requests;base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN