urlscan.io logo urlscan.io
SecurityTrails logo

login-prod.morningstar.com Open in urlscan Pro
2600:9000:2182:bc00:1e:b3e9:9980:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://creditanalyticshub.morningstar.com/
Effective URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2...
Submission: On August 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 3 domains to perform 25 HTTP transactions. The main IP is 2600:9000:2182:bc00:1e:b3e9:9980:93a1, located in United States and belongs to AMAZON-02, US. The main domain is login-prod.morningstar.com. The Cisco Umbrella rank of the primary domain is 246141.
TLS certificate: Issued by Amazon on September 23rd 2021. Valid for: a year.
This is the only time login-prod.morningstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

7    2600:9000:211a:5200:7:2d20:de00:93a1 (United States)

ASN16509 (AMAZON-02, US)
creditanalyticshub.morningstar.com
2    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    54.163.129.126 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-129-126.compute-1.amazonaws.com
api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    50.17.179.102 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-179-102.compute-1.amazonaws.com
uim-session-manager-awsprod.morningstar.com
2    2600:9000:2182:bc00:1e:b3e9:9980:93a1 (United States)

ASN16509 (AMAZON-02, US)
login-prod.morningstar.com
11    18.66.122.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-99.fra60.r.cloudfront.net
uim-ctrsi-prod.fpf1779.eas.morningstar.com
1    2600:9000:2250:ea00:2:7376:2a00:93a1 (United States)

ASN16509 (AMAZON-02, US)
mwc-cdn.morningstar.com
Apex Domain
Subdomains		 Transfer
23 morningstar.com
creditanalyticshub.morningstar.com
api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com
uim-session-manager-awsprod.morningstar.com — Cisco Umbrella Rank: 315052
login-prod.morningstar.com — Cisco Umbrella Rank: 246141
uim-ctrsi-prod.fpf1779.eas.morningstar.com — Cisco Umbrella Rank: 350858
mwc-cdn.morningstar.com — Cisco Umbrella Rank: 105064
4 MB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 94
105 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2742
360 B
25 3
Domain Requested by
11 uim-ctrsi-prod.fpf1779.eas.morningstar.com login-prod.morningstar.com
uim-ctrsi-prod.fpf1779.eas.morningstar.com
7 creditanalyticshub.morningstar.com creditanalyticshub.morningstar.com
2 login-prod.morningstar.com 1 redirects fig_tool_frnt
2 www.googletagmanager.com fig_tool_frnt
www.googletagmanager.com
1 mwc-cdn.morningstar.com login-prod.morningstar.com
1 uim-session-manager-awsprod.morningstar.com 1 redirects
1 region1.google-analytics.com www.googletagmanager.com
1 api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com fig_tool_frnt
25 8

This site contains no links.

Subject Issuer Validity Valid
creditanalyticshub.mcibf9a6.eas.morningstar.com
Amazon		 2022-06-20 -
2023-07-19		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-07-18 -
2022-10-10		 3 months crt.sh
api-creditanalyticshub.morningstar.com
Amazon		 2022-06-23 -
2023-07-22		 a year crt.sh
login-prod.morningstar.com
Amazon		 2021-09-23 -
2022-10-21		 a year crt.sh
uim-ctrsi-uat.fpf1779.eas.morningstar.com
Amazon		 2022-07-12 -
2023-08-10		 a year crt.sh
00104.maa8abef.eas.morningstar.com
Amazon		 2021-12-26 -
2023-01-22		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Frame ID: 1AF26F60BD443888A74DFAE989E7C1E3
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In to Morningstar

Page URL History Show full URLs

  1. https://creditanalyticshub.morningstar.com/ Page URL
  2. https://uim-session-manager-awsprod.morningstar.com/sso/json/msusers/app-login?source=bus0253&targetUrl=https%3A%2F%2Fcreditanal... HTTP 302
    https://login-prod.morningstar.com/authorize?response_type=code&client_id=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&redi... HTTP 302
    https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3Rp... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

25
Requests

96 %
HTTPS

63 %
IPv6

3
Domains

8
Subdomains

8
IPs

2
Countries

4616 kB
Transfer

5388 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://creditanalyticshub.morningstar.com/ Page URL
  2. https://uim-session-manager-awsprod.morningstar.com/sso/json/msusers/app-login?source=bus0253&targetUrl=https%3A%2F%2Fcreditanalyticshub.morningstar.com%2F HTTP 302
    https://login-prod.morningstar.com/authorize?response_type=code&client_id=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&redirect_uri=https://auth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com/sso/json/msusers/app-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&state=HYBhRlmFoQux&source=bus0253 HTTP 302
    https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
creditanalyticshub.morningstar.com/ 		804 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
51a22669cbd9f4b2ab078aea9aa897b67c51b19479cc04ab9b7192722d3fc7f7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-length
804
content-type
text/html
date
Mon, 08 Aug 2022 12:04:08 GMT
etag
"0eef250fad96319f50c051221945ddeb"
last-modified
Mon, 25 Jul 2022 12:24:12 GMT
server
AmazonS3
vary
Origin
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
x-amz-cf-id
2mawY_3cxMdC5yUmZtznL-Ewb_J7qw_V6vB9ayoM1Uz73wI5nhYOfw==
x-amz-cf-pop
VIE50-C2
x-cache
RefreshHit from cloudfront
chunk-vendors.js
creditanalyticshub.morningstar.com/js/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://creditanalyticshub.morningstar.com/js/chunk-vendors.js
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2eaa244b13af170ae8175a77f3b8650a2edaadc0d582506e84382e460658759

Request headers

Referer
https://creditanalyticshub.morningstar.com/
Origin
https://creditanalyticshub.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:09 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:28 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"6e16174775b4651e175f73b776d508d9"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
3095574
x-amz-cf-id
6FY4MCf1jWril2ywQIjz584Gq4HPN4GUuMRlU_JegShbc8Qna3U9pQ==
app.js
creditanalyticshub.morningstar.com/js/ 		998 KB
1000 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creditanalyticshub.morningstar.com/js/app.js
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e79a76cb3c11ef38258d966503e44738de6a2d82757c864223c26d14b5cb2346

Request headers

Referer
https://creditanalyticshub.morningstar.com/
Origin
https://creditanalyticshub.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:09 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:18 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"34473d5a9eedf03971767fd392aad005"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
1021443
x-amz-cf-id
6jSZ1UpwfW1SaD5ZQrnhgnDvLUfVRJVX7X3uotABOFDMy_YnmkjK8g==
gtm.js
www.googletagmanager.com/ 		98 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KS7MNNW
Requested by
Host: fig_tool_frnt
URL: webpack://fig_tool_frnt/./node_modules/@gtm-support/core/lib/utils.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
801b8a50df59083c2d59a32130e62049327af688ba2415b7c31e6b000ce081ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://creditanalyticshub.morningstar.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37864
x-xss-protection
0
expires
Mon, 08 Aug 2022 12:04:09 GMT
logo.12d090e4.svg
creditanalyticshub.morningstar.com/img/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creditanalyticshub.morningstar.com/img/logo.12d090e4.svg
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://creditanalyticshub.morningstar.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:10 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:04 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"1f9296f41ea1d9ef9e60ebcc2419dfaa"
vary
Origin
x-cache
Miss from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
17572
x-amz-cf-id
LXrF06FzGcp_YKMduM7_pAW6_Fa0ydgrG31kWfOfrmuNBsL3h4ZkaQ==
logoResponsive.991786a1.svg
creditanalyticshub.morningstar.com/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://creditanalyticshub.morningstar.com/img/logoResponsive.991786a1.svg
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://creditanalyticshub.morningstar.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:10 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:06 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"e84331541c64c1961257ed96b8fda273"
vary
Origin
x-cache
Miss from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
2912
x-amz-cf-id
-69p57pfJG1LCUuehsuenRGv4A0k8AXIEF7o-0HjRxkBCCb1dnwpcA==
validate
api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com/v1/public/sso/ 		30 B
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com/v1/public/sso/validate
Requested by
Host: fig_tool_frnt
URL: webpack://fig_tool_frnt/./node_modules/axios/lib/adapters/xhr.js?
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.129.126 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-129-126.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
application/json, text/plain, */*
Referer
https://creditanalyticshub.morningstar.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:09 GMT
x-amzn-remapped-content-length
30
x-amzn-requestid
1d2900e2-d0af-4d6c-8749-72af1a3d7e92
vary
Origin
content-type
application/json
access-control-allow-origin
https://creditanalyticshub.morningstar.com
x-amzn-trace-id
Root=1-62f0fbb9-470a56844db78dfa42b01c7a;Sampled=0
access-control-allow-credentials
true
x-amz-apigw-id
WixFDFJyIAMFw_Q=
content-length
30
600bda4e-11fe-4903-9a39-bb6b77389170.e5b81ec7.woff
creditanalyticshub.morningstar.com/fonts/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://creditanalyticshub.morningstar.com/fonts/600bda4e-11fe-4903-9a39-bb6b77389170.e5b81ec7.woff
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://creditanalyticshub.morningstar.com/
Origin
https://creditanalyticshub.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:10 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:42 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"13c93ee1b98a67c5db8325ff951ca620"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
45563
x-amz-cf-id
jTrcLF59hUsNXSq8GpRRnKoyQFpf6KvMOqV8xy5MGAZAoiYI8KBxXg==
3b5a7b6a-e026-4ee8-b80f-6aa5e44b2977.27b8d65f.woff
creditanalyticshub.morningstar.com/fonts/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://creditanalyticshub.morningstar.com/fonts/3b5a7b6a-e026-4ee8-b80f-6aa5e44b2977.27b8d65f.woff
Requested by
Host: creditanalyticshub.morningstar.com
URL: https://creditanalyticshub.morningstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:5200:7:2d20:de00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://creditanalyticshub.morningstar.com/
Origin
https://creditanalyticshub.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:10 GMT
via
1.1 a4035907ac3c3ba8d1fd116b6b6b9a4c.cloudfront.net (CloudFront)
last-modified
Mon, 25 Jul 2022 12:24:34 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
etag
"e52bca17c3731bcac97d893a6ebeb393"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff
access-control-allow-origin
*
x-cache
Miss from cloudfront
accept-ranges
bytes
content-length
44784
x-amz-cf-id
Zf7KTOUnFrxGHD7y0-HFotjpmZ5DUOKbwwcEavB0v8PRzab9EtFxDg==
js
www.googletagmanager.com/gtag/ 		188 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-7VQJGKT1ZP&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KS7MNNW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f581c8536cfa8426e9b6b13eb2c44c97fa84920610d8efd176928e809ab73d0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://creditanalyticshub.morningstar.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Mon, 08 Aug 2022 12:04:09 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69556
x-xss-protection
0
expires
Mon, 08 Aug 2022 12:04:09 GMT
collect
region1.google-analytics.com/g/ 		0
360 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-7VQJGKT1ZP&gtm=2oe830&_p=296106663&_z=ccd.v9B&cid=2050484350.1659960250&ul=en-us&sr=1600x1200&_s=1&sid=1659960249&sct=1&seg=0&dl=https%3A%2F%2Fcreditanalyticshub.morningstar.com%2F&dt=MCIA%20Fig%20Tool&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7VQJGKT1ZP&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://creditanalyticshub.morningstar.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Aug 2022 12:04:09 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://creditanalyticshub.morningstar.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Primary Request login
login-prod.morningstar.com/
Redirect Chain
  • https://uim-session-manager-awsprod.morningstar.com/sso/json/msusers/app-login?source=bus0253&targetUrl=https%3A%2F%2Fcreditanalyticshub.morningstar.com%2F
  • https://login-prod.morningstar.com/authorize?response_type=code&client_id=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&redirect_uri=https://auth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com/sso/js...
  • https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSD...
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Requested by
Host: fig_tool_frnt
URL: webpack://fig_tool_frnt/./src/userauthentication.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:bc00:1e:b3e9:9980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b8f77e53a19bb12395586ef6527d9bf27151548146d71d50c5a3f45c18cf0107
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://creditanalyticshub.morningstar.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, max-age=0, no-transform
content-encoding
gzip
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Mon, 08 Aug 2022 12:04:11 GMT
etag
W/"200e-fcmqWSJZnN/lIHrlxxIfv2YYAB0"
pragma
no-cache
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-amz-cf-id
pF3ZqSyvtNuR2Abzwlcy61vFTkpmFBlDbuWuzoxFeZIsrRMMKnfW7A==
x-amz-cf-pop
DUS51-C1
x-auth0-requestid
6b925d59e40dedd66cab
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
deny
x-robots-tag
noindex, nofollow noindex, nofollow, nosnippet, noarchive
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-store, max-age=0, no-transform
content-length
1040
content-type
text/html; charset=utf-8
date
Mon, 08 Aug 2022 12:04:10 GMT
location
/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000
vary
Accept
via
1.1 821feb380ab4aeca6ae9157aa1190ff2.cloudfront.net (CloudFront)
x-amz-cf-id
D4BSoohwVqfja4XYzf_jP2473kCgrMTgX2BeAzAJJwQvC5GZPYg0sQ==
x-amz-cf-pop
DUS51-C1
x-auth0-requestid
1cb761323446ca577794
x-cache
Miss from cloudfront
x-robots-tag
noindex, nofollow, nosnippet, noarchive
collect
region1.google-analytics.com/g/ 		0
0
ctrsi-signin-component.css
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ 		71 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c648ca60e81361554332c7f714c4af914295c459ba9c00675aaab0b514f185d5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
3.UGT2h7N1.xEsuwVsQsc8qxE492UriL
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
3398
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:37 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:12:53 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
text/css
Via
1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
ETag
W/"225ee43dc1312aa518a16b2c1ae27b4d"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
Fe8Nl8H80kVc9TIoHftnNHU29aDW-g-q3SaSJRllMvR2oMMm0QLEwQ==
ctrsi-signin-component.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ 		329 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64f77376e6140a829da86aca2d86c37dcdfeeb2b1b6902be9ada8ae4a0e4e585
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
KrtGIh172bxVGnxFoV4odWwFq0gEl9y2
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1300
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:44:43 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 90bb130ecccb71953b38a1c0e3b5721a.cloudfront.net (CloudFront)
ETag
W/"2b9c0afb60d168ca6b99d9143100003b"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
I0amepzSfc0ysIzQ9KxzQP0x3sRsyvhNKCp1kCZ-Bn8rZbKmYU_eIQ==
custom-elements.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/polyfills/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/polyfills/custom-elements.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c0b52939d757be7042167e7088a74199812cdc9b2a898bd5c9cec2f340066fb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
NwgEoCBgh3uoK1.dCMVCup8uZYkT3Yp.
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
378
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 12:01:35 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 3fd7afcdda21f0b562dfcbf7920c44a0.cloudfront.net (CloudFront)
ETag
W/"dba7f51bfcb03a3c8dd1a85da9fce5c1"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
75wG_FYYDNyGZ0N_L_8RTc_M_hzUt2-tUy0Hao4ODtkzI7frgQ9psQ==
ecmascript.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/polyfills/ 		85 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/polyfills/ecmascript.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7e22e12f3917b2bf1a046ae2dba0b81951253d6079a55038d19aeac9c5f28e0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
ludrYElHW7pRIGsaISEKXwgkSACrZnZq
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1299
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:44:43 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 7b314c2b827b3a655861e27775634208.cloudfront.net (CloudFront)
ETag
W/"46c4e69f18167063fec2a840c7b70fbf"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
rXR80t5X0XH5hezUFcRXI1-BdekvOc0eVLjIrUz4rYElSZtLvVtO5Q==
mwc-application-helper.js
mwc-cdn.morningstar.com/mwc/mwc-application-helper/2.7.0/dist/ 		104 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mwc-cdn.morningstar.com/mwc/mwc-application-helper/2.7.0/dist/mwc-application-helper.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2250:ea00:2:7376:2a00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6174fc6dd739b6710f38dfaa566763aef0463c848ec197f2e17b57a391941c32

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
rPyW8DNff1UpfyYPwLD8Zrp6yVhWuUuN
content-encoding
gzip
etag
W/"da10f0565f76796ab7a22f7ea3138082"
age
34948
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 16 Jul 2021 12:31:39 GMT
server
AmazonS3
date
Mon, 08 Aug 2022 02:21:44 GMT
vary
Accept-Encoding,Origin
access-control-allow-methods
GET, HEAD, POST
content-type
text/javascript
via
1.1 6e8224d5f2990b031ca60a58f18ac908.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
must-revalidate,max-age=5184000,public
x-amz-cf-pop
FRA60-P2
x-amz-cf-id
rm5k4v4kp1aXbOxquUpsf07sRMxaoCDLFNV3EH_itD2t9kxCVNvXzg==
vue.runtime.min.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/ 		63 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/vue.runtime.min.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be56f48eaba7008cd7b117d682e988d01217e87d9e99945b9027d05e4a8475bf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
bBCOkzt8Uc.8iBA9ZOQ893UOMNRlg.fW
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
3398
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:12:53 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 d13436be9e793d00b0273db3f7904816.cloudfront.net (CloudFront)
ETag
W/"e015490e6f946e556d466b835d529e25"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
fbSRBDOU8fXbnqGO_vTxHRQUvXdM-cw-oIBIbGuKkP1bJmo5l1f7HQ==
vue-custom-element.min.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/vue-custom-element.min.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f3d3f95275efaaeaff8105321d6731b38905def783ebba3669f0eda4693900d6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
OuhTMbke0Ulyn4qZ6Znj78fo.UeTJ5Hj
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
3398
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:12:53 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 d71acb203a3e8fc7db2c1cf9725d51da.cloudfront.net (CloudFront)
ETag
W/"1212f50a970e2c9751364fa58c5bf33c"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
Bm7NG1mJfCgCoj08JBbj8ZF31Vztv9ug_xb775wyEQ_WvUP3O2edNQ==
auth0.js
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/ 		145 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/libs/auth0.js
Requested by
Host: login-prod.morningstar.com
URL: https://login-prod.morningstar.com/login?state=hKFo2SAzNUtlZ1B0NjlROGZ2WGtUNFVQZjdmVFJ2WElPSmE1ZaFupWxvZ2luo3RpZNkgbVpGblpKbksxdnE2ZjNNTlV3Ujlzcm1SNUhiU0htZXqjY2lk2SBDaGVLTTR1ajhqUFQ2MGFVMkk0Y1BsSDhyREtkT3NaZA&client=CheKM4uj8jPT60aU2I4cPlH8rDKdOsZd&protocol=oauth2&response_type=code&redirect_uri=https%3A%2F%2Fauth0-session-manager-api-awsprod.dir80bdc.eas.morningstar.com%2Fsso%2Fjson%2Fmsusers%2Fapp-authenticate-callback&scope=openid%20profile%20offline_access%20email&msrealm=msusers&source=bus0253
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9af5ed7f80eef658d8b039d5135e06772e753a5c70adb03ef5aa56a6f563a5ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
Pzd0VFz5Q2ZYKyGo5RZES8GzyEy0FCIr
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2780
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:39 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:20:07 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
application/javascript
Via
1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
ETag
W/"73da1011e9174a364a97b6e6e857d921"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
gimj_z25JTlVY5AlDgLdKDi8l0LZ-t_3FDBDZ2z5WIDqk7rv33c3qQ==
Mstar-logo-50px.svg
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/img/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/img/Mstar-logo-50px.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7debb8eae5795d4278fba3e026fc1fcfa3b52ef028bcfe0b7ae8c8c36d4e1667
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
1U0oq4n6kYNVqoDm4Dp.tifOS93yDiEs
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
3190
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:37 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:12:53 GMT
Vary
Accept-Encoding
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Content-Type
image/svg+xml
Via
1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
ETag
W/"e84331541c64c1961257ed96b8fda273"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
X-Amz-Cf-Id
XIaX3d51uNR2905cwNFEc3aq6U85sxxW_b5AduHcZUFDGba9KknYwg==
600bda4e-11fe-4903-9a39-bb6b77389170.woff
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/ 		44 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/600bda4e-11fe-4903-9a39-bb6b77389170.woff
Requested by
Host: uim-ctrsi-prod.fpf1779.eas.morningstar.com
URL: https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89e1b1119d9790a07a0b1ed7411caaa2f2ecf84da8e201f7ee9f57619efbcef3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Origin
https://login-prod.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
MeJ5e.AaESTlIh0G2i6gBRq2Cax182c5
Via
1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
275
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Content-Length
45563
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:37 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 12:04:11 GMT
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/font-woff
Access-Control-Allow-Origin
https://login-prod.morningstar.com
Access-Control-Allow-Credentials
true
ETag
"13c93ee1b98a67c5db8325ff951ca620"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
Accept-Ranges
bytes
X-Amz-Cf-Id
tlQI2tyCKSipZGnbpdI6wno0GI_jyyYNzfsHWprP3GiCNCuXSBK-XA==
5a67b0ed-239e-4f3e-adeb-8b1e517a5bd3.woff
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/ 		48 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/5a67b0ed-239e-4f3e-adeb-8b1e517a5bd3.woff
Requested by
Host: uim-ctrsi-prod.fpf1779.eas.morningstar.com
URL: https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3c0b20fd2ff33c5b40cf39e0a0e9dd9252f344cbd937ae5ee3f26362c1216b54
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Origin
https://login-prod.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
VKNm2P7hTlAZhd9ssyIH8bWl7nlSM5xx
Via
1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
1738
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Content-Length
49047
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:37 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:35:13 GMT
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/font-woff
Access-Control-Allow-Origin
https://login-prod.morningstar.com
Access-Control-Allow-Credentials
true
ETag
"f87546b0e000e80e44b8afa7bcb4a89b"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
Accept-Ranges
bytes
X-Amz-Cf-Id
_BmsB0AOTGSVoa_YVQPZv7eo_QwAIsWFtQ7UzvbQuIvFsIRkKQ1Xsg==
a55d5255-e095-4e87-ac0d-fe0968b0a9c6.woff
uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/ 		43 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/fonts/a55d5255-e095-4e87-ac0d-fe0968b0a9c6.woff
Requested by
Host: uim-ctrsi-prod.fpf1779.eas.morningstar.com
URL: https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-99.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3484ede0387b14c1c22644e994a4a569e52ea8996312c2bcabfd3830eb6032ac
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
Strict-Transport-Security max-age= 63072000;includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://uim-ctrsi-prod.fpf1779.eas.morningstar.com/develop__2022-07-19_15_56_04__241/ctrsi-signin-component/ctrsi-signin-component.css
Origin
https://login-prod.morningstar.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id
yqZXz8irQDdPegjjrYrxxGSpaPy2EK6f
Via
1.1 8ac93eaf91328abbc6951d3fbab21e80.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Age
1738
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Content-Length
44492
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Wed, 27 Jul 2022 02:13:37 GMT
Server
AmazonS3
X-Frame-Options
DENY
Date
Mon, 08 Aug 2022 11:35:13 GMT
Strict-Transport-Security
max-age= 63072000;includeSubdomains; preload
Access-Control-Allow-Methods
GET, HEAD
Content-Type
application/font-woff
Access-Control-Allow-Origin
https://login-prod.morningstar.com
Access-Control-Allow-Credentials
true
ETag
"ac458619fab54b75ffcf36cad325a665"
Content-Security-Policy
default-src 'self'; frame-src https://*.morningstar.com; connect-src https://*.morningstar.com https://heapanalytics.com; font-src https://*.morningstar.com https://heapanalytics.com data:; img-src https://*.morningstar.com https://heapanalytics.com data: blob:; script-src https://cdnjs.cloudflare.com https://*.morningstar.com https://*.polyfill.io https://*.boxcdn.net https://cdn.heapanalytics.com https://heapanalytics.com https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.morningstar.com https://heapanalytics.com 'unsafe-inline';
X-Amz-Cf-Pop
FRA60-P2
Accept-Ranges
bytes
X-Amz-Cf-Id
oFrB2I5QnwcQL2CM5HjEsg-jCNB2YT_p8RqlP0R85iUmAomldcQuyA==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-7VQJGKT1ZP&gtm=2oe830&_p=296106663&_z=ccd.v9B&cid=2050484350.1659960250&ul=en-us&sr=1600x1200&sid=1659960249&sct=1&seg=0&dl=https%3A%2F%2Fcreditanalyticshub.morningstar.com%2F&dt=MCIA%20Fig%20Tool&_s=2

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| __CE_installPolyfill object| mwc object| MwcApplicationHelper function| Vue function| VueCustomElement string| mwcRuntimeLocation object| auth0 object| ctrsi-signin-component-jsonp object| regeneratorRuntime object| default

9 Cookies

Domain/Path Name / Value
login-prod.morningstar.com/usernamepassword/login Name: _csrf
Value: hv6oChqIDhv53IMXvMpNEfu2
.morningstar.com/ Name: _ga
Value: GA1.1.2050484350.1659960250
.morningstar.com/ Name: ms-sso2
Value: MzE2ZWJlNjgtMTA4Ny00ZDg0LWI1NzAtOGQ2OTkwM2M5NTBl
.morningstar.com/ Name: loginParams
Value: eyJzb3VyY2UiOiJidXMwMjUzIiwiY2xpZW50SWQiOiIiLCJ0YXJnZXRVcmwiOiJodHRwczovL2NyZWRpdGFuYWx5dGljc2h1Yi5tb3JuaW5nc3Rhci5jb20vIiwicmVkaXJlY3RVcmkiOiIiLCJsYW5nIjoiIiwiYXVkaWVuY2UiOiIiLCJwcm9tcHQiOiIiLCJyZWFsbSI6Im1zdXNlcnMifQ==
login-prod.morningstar.com/ Name: did
Value: s%3Av0%3A3672b250-1712-11ed-9a62-cdb9e7a35e31.DY2ZWgkLiILNe%2FKpmv1MDU9ARk1EYsNoaeISejSsBy0
login-prod.morningstar.com/ Name: auth0
Value: s%3A_CLS33nW45lfg51p-FL0xUdGCV_L8jo3.u7oRcLvpC9%2BU4y1BCDpa9NxMOvzagWy3I52nKH14rkw
login-prod.morningstar.com/ Name: did_compat
Value: s%3Av0%3A3672b250-1712-11ed-9a62-cdb9e7a35e31.DY2ZWgkLiILNe%2FKpmv1MDU9ARk1EYsNoaeISejSsBy0
login-prod.morningstar.com/ Name: auth0_compat
Value: s%3A_CLS33nW45lfg51p-FL0xUdGCV_L8jo3.u7oRcLvpC9%2BU4y1BCDpa9NxMOvzagWy3I52nKH14rkw
.morningstar.com/ Name: _ga_7VQJGKT1ZP
Value: GS1.1.1659960249.1.0.1659960251.0

1 Console Messages

Source Level URL
Text
network error URL: https://api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com/v1/public/sso/validate
Message:
Failed to load resource: the server responded with a status of 401 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-banks-creditanalyticshub.mcibf9a6.eas.morningstar.com
creditanalyticshub.morningstar.com
login-prod.morningstar.com
mwc-cdn.morningstar.com
region1.google-analytics.com
uim-ctrsi-prod.fpf1779.eas.morningstar.com
uim-session-manager-awsprod.morningstar.com
www.googletagmanager.com
region1.google-analytics.com
18.66.122.99
2001:4860:4802:34::36
2600:9000:211a:5200:7:2d20:de00:93a1
2600:9000:2182:bc00:1e:b3e9:9980:93a1
2600:9000:2250:ea00:2:7376:2a00:93a1
2a00:1450:4001:812::2008
50.17.179.102
54.163.129.126
3484ede0387b14c1c22644e994a4a569e52ea8996312c2bcabfd3830eb6032ac
3c0b20fd2ff33c5b40cf39e0a0e9dd9252f344cbd937ae5ee3f26362c1216b54
3c0b52939d757be7042167e7088a74199812cdc9b2a898bd5c9cec2f340066fb
51a22669cbd9f4b2ab078aea9aa897b67c51b19479cc04ab9b7192722d3fc7f7
6174fc6dd739b6710f38dfaa566763aef0463c848ec197f2e17b57a391941c32
64f77376e6140a829da86aca2d86c37dcdfeeb2b1b6902be9ada8ae4a0e4e585
7debb8eae5795d4278fba3e026fc1fcfa3b52ef028bcfe0b7ae8c8c36d4e1667
7e22e12f3917b2bf1a046ae2dba0b81951253d6079a55038d19aeac9c5f28e0f
801b8a50df59083c2d59a32130e62049327af688ba2415b7c31e6b000ce081ff
89e1b1119d9790a07a0b1ed7411caaa2f2ecf84da8e201f7ee9f57619efbcef3
9af5ed7f80eef658d8b039d5135e06772e753a5c70adb03ef5aa56a6f563a5ab
b2eaa244b13af170ae8175a77f3b8650a2edaadc0d582506e84382e460658759
b8f77e53a19bb12395586ef6527d9bf27151548146d71d50c5a3f45c18cf0107
be56f48eaba7008cd7b117d682e988d01217e87d9e99945b9027d05e4a8475bf
c648ca60e81361554332c7f714c4af914295c459ba9c00675aaab0b514f185d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79a76cb3c11ef38258d966503e44738de6a2d82757c864223c26d14b5cb2346
f3d3f95275efaaeaff8105321d6731b38905def783ebba3669f0eda4693900d6
f581c8536cfa8426e9b6b13eb2c44c97fa84920610d8efd176928e809ab73d0f