kv365.merck-bkk.de Open in urlscan Pro
193.47.100.75 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kv365.merck-bkk.de/
Effective URL:
https://kv365.merck-bkk.de/loginpage/default/index
Submission: On August 05 via manual (August 5th 2024, 1:31:34 pm UTC) from IN — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 193.47.100.75, located in Germany and belongs to HTP-AS, DE. The main domain is kv365.merck-bkk.de.
TLS certificate: Issued by SwissSign RSA TLS DV ICA 2022 - 1 on February 9th 2024. Valid for: a year.

This is the only time kv365.merck-bkk.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 19	193.47.100.75 193.47.100.75		13045 (HTP-AS) (HTP-AS)
18	1

19 193.47.100.75 (Germany) 1 redirects

ASN13045 (HTP-AS, DE)
PTR: port-193-47-100-75.static.as20676.net

kv365.merck-bkk.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	merck-bkk.de 1 redirects kv365.merck-bkk.de	479 KB
18	1

	Domain	Requested by
19	kv365.merck-bkk.de	1 redirects kv365.merck-bkk.de
18	1

This site contains no links.

Subject Issuer	Validity	Valid
kv365.merck-bkk.de SwissSign RSA TLS DV ICA 2022 - 1	`2024-02-09` - `2025-02-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://kv365.merck-bkk.de/loginpage/default/index
Frame ID: 854042D8EE63458D3421005EBA8FCDFD
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://kv365.merck-bkk.de/ HTTP 302
https://kv365.merck-bkk.de/loginpage/default/index Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yii (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

/yii\.(?:validation|activeForm)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

478 kB
Transfer

1053 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kv365.merck-bkk.de/ HTTP 302
https://kv365.merck-bkk.de/loginpage/default/index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index Show response
kv365.merck-bkk.de/loginpage/default/
Redirect Chain

https://kv365.merck-bkk.de/
https://kv365.merck-bkk.de/loginpage/default/index

9 KB
4 KB

27ms
27ms

Document
text/html

193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

295cd6e0a2daa0da68b791f017bb160f0349d31ebb8f9711249e791b6a112295

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2722
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Type: text/html; charset=UTF-8
Date: Mon, 05 Aug 2024 13:31:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=99
Pragma: no-cache
Referrer-Policy: no-referrer strict-origin
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff nosniff
X-Frame-Options: SAMEORIGIN sameorigin
X-Xss-Protection: 1; mode=block

Redirect headers

Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Type: text/html; charset=UTF-8
Date: Mon, 05 Aug 2024 13:31:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://kv365.merck-bkk.de/loginpage/default/index
Pragma: no-cache
Referrer-Policy: no-referrer strict-origin
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff nosniff
X-Frame-Options: SAMEORIGIN sameorigin
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.css
kv365.merck-bkk.de/assets/b101b10c/css/ 143 KB
22 KB 21ms
20ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/b101b10c/css/bootstrap.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 21275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "23a0d-61dfb383d87b0-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK merck.css
kv365.merck-bkk.de/css/ 146 KB
25 KB 54ms
23ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/css/merck.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

588444375f4f4a7f1219e184aaf9fd4a3d9f2c2b6d778bf2cb9ea055d01b5eb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 24496
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "247f0-61dfb35c22702-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK module.css
kv365.merck-bkk.de/assets/ad5dc8e9/css/ 5 KB
3 KB 52ms
21ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/ad5dc8e9/css/module.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

ebd78bdb87bb8cb08efe19d4327e735d9ecd8b7dc00923d9e5a0b1e6ce70ac47

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 1639
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:56:52 GMT
Server: Apache
ETag: "135d-61dfb4c36a44a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK logo_login.png
kv365.merck-bkk.de/images/site/merck/ 17 KB
18 KB 50ms
15ms Image
image/png 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/site/merck/logo_login.png

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

5bf81d792cafa42e89c38d82b38235c9dbf01d354d9c3824e8620275bf9e6ea9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 17355
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "43cb-61dfb35c1c942"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK eyevector.svg
kv365.merck-bkk.de/images/svg_icons/default/ 3 KB
4 KB 52ms
16ms Image
image/svg+xml 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/svg_icons/default/eyevector.svg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

27e935b327982901a5469630e4974ff93a49b4601cdd200274326775107c6480

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 3559
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "de7-61dfb35c1e882"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=97

GET
H/1.1 200
OK eyevector-open.svg
kv365.merck-bkk.de/images/svg_icons/default/ 3 KB
4 KB 47ms
47ms Image
image/svg+xml 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/svg_icons/default/eyevector-open.svg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

1f73f874095e4c3a10f0208c3d846eb94d278aef0e7d1444df65d17bf83688f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 3226
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "c9a-61dfb35c1e882"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=96

GET
H/1.1 200
OK jquery.js Show response
kv365.merck-bkk.de/assets/814938a2/ 286 KB
85 KB 47ms
47ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/814938a2/jquery.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

6bd8c1051ca05f5061e65b7c1998d70f3c8e07e6d6bdef4488eeed44e52d8ff1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "4766a-61dfb383d6870-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK bootstrap.js Show response
kv365.merck-bkk.de/assets/b101b10c/js/ 74 KB
17 KB 32ms
32ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/b101b10c/js/bootstrap.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

dbd2a35e72edc7d6bde483481a912f1c38aa57fab2747d9b071d317339ee03a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 16130
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "126dc-61dfb383db690-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK yii.js Show response
kv365.merck-bkk.de/assets/2416be70/ 20 KB
7 KB 31ms
31ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/2416be70/yii.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

995516724f69e24ddf82e9279a65d50a6f64a2c325226f7133bda794d6bf79a5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 5828
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "51d9-61dfb383d58d0-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK site.js Show response
kv365.merck-bkk.de/js/ 12 KB
4 KB 31ms
30ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/js/site.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

4d5fc994c81cabffda3b50182a63c6f76cae12395bc44105262ee3c85ef5eedf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 3450
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "2f41-61dfb35c22702-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK linkmodal.js Show response
kv365.merck-bkk.de/js/ 13 KB
4 KB 62ms
28ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/js/linkmodal.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

08c940f2e061f636cc25e5c24c72a20e53f96edfa1fb83fe06e99d01f65bcffd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2657
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "34b1-61dfb35c22702-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=95

GET
H/1.1 200
OK placeholder-labels.js Show response
kv365.merck-bkk.de/assets/ad5dc8e9/js/ 8 KB
4 KB 29ms
28ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/ad5dc8e9/js/placeholder-labels.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

04f09423d4971295f8a7822871c0db7b6eb4b8ddb112df90676b4dfe630bbd10

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2670
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:56:52 GMT
Server: Apache
ETag: "1f4e-61dfb4c36a44a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK yii.validation.js Show response
kv365.merck-bkk.de/assets/2416be70/ 17 KB
4 KB 29ms
29ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/2416be70/yii.validation.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

9123ef5cf89cdb1ee2e6db82eb04ff97e874de65e8db71ddba2e66fde522ac06

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 3359
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "4413-61dfb383d58d0-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK yii.activeForm.js Show response
kv365.merck-bkk.de/assets/2416be70/ 36 KB
8 KB 28ms
28ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/2416be70/yii.activeForm.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

b156192d2524056dbc8af028d8a71dfb5a74346ccc5a0910ef98182005762a1b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 7454
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:51:17 GMT
Server: Apache
ETag: "9046-61dfb383d4930-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK hintergrundOhneRand.jpg
kv365.merck-bkk.de/images/site/merck/ 206 KB
207 KB 30ms
22ms Image
image/jpeg 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/site/merck/hintergrundOhneRand.jpg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/css/merck.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

b4929dcb630d77ace1d14173376ad118c0a677feccc7c9de1f70ac5281dc5e3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 210753
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "33741-61dfb35c1c942"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK Verdana.woff
kv365.merck-bkk.de/fonts/merck/ 55 KB
56 KB 30ms
14ms Font
font/woff 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/fonts/merck/Verdana.woff

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/css/merck.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

a2beb85b34742d5fa601ca7354df41082009d358c0d84bb3d39cf89818f607c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
Origin: https://kv365.merck-bkk.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 56264
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "dbc8-61dfb35c61ea2"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: font/woff
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=94

GET
H/1.1 200
OK favicon.ico
kv365.merck-bkk.de/images/icon/merck/ 766 B
2 KB 21ms
21ms Other
image/vnd.microsoft.icon 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/images/icon/merck/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 , Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

port-193-47-100-75.static.as20676.net

Software

Apache /

Resource Hash

c71e068f536f2ee0199f8eab2e627055f5c31126aa64a6e08183f48a405e8a60

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 13:31:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 766
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 24 Jul 2024 09:50:36 GMT
Server: Apache
ETag: "2fe-61dfb35c1b9a2"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/vnd.microsoft.icon
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kv365.merck-bkk.de/	1969-12-31 23:59:59	Name: PHPSESSID_merck Value: qts849qmjuhcgsm55v9gac6r97
			kv365.merck-bkk.de/	1969-12-31 23:59:59	Name: _csrf_merck Value: d859492523407bd3f8229bf46438b9324db0709f0c1e5815650ef7c9540b150ca%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22_csrf_merck%22%3Bi%3A1%3Bs%3A32%3A%22p8hNTMvG_G2_n1hZA-vbmDOiaT5p_TA_%22%3B%7D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://kv365.merck-bkk.de/loginpage/default/index Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kv365.merck-bkk.de
193.47.100.75
04f09423d4971295f8a7822871c0db7b6eb4b8ddb112df90676b4dfe630bbd10
08c940f2e061f636cc25e5c24c72a20e53f96edfa1fb83fe06e99d01f65bcffd
1f73f874095e4c3a10f0208c3d846eb94d278aef0e7d1444df65d17bf83688f0
27e935b327982901a5469630e4974ff93a49b4601cdd200274326775107c6480
295cd6e0a2daa0da68b791f017bb160f0349d31ebb8f9711249e791b6a112295
4d5fc994c81cabffda3b50182a63c6f76cae12395bc44105262ee3c85ef5eedf
588444375f4f4a7f1219e184aaf9fd4a3d9f2c2b6d778bf2cb9ea055d01b5eb5
5bf81d792cafa42e89c38d82b38235c9dbf01d354d9c3824e8620275bf9e6ea9
6bd8c1051ca05f5061e65b7c1998d70f3c8e07e6d6bdef4488eeed44e52d8ff1
9123ef5cf89cdb1ee2e6db82eb04ff97e874de65e8db71ddba2e66fde522ac06
995516724f69e24ddf82e9279a65d50a6f64a2c325226f7133bda794d6bf79a5
a2beb85b34742d5fa601ca7354df41082009d358c0d84bb3d39cf89818f607c1
b156192d2524056dbc8af028d8a71dfb5a74346ccc5a0910ef98182005762a1b
b4929dcb630d77ace1d14173376ad118c0a677feccc7c9de1f70ac5281dc5e3e
c71e068f536f2ee0199f8eab2e627055f5c31126aa64a6e08183f48a405e8a60
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
dbd2a35e72edc7d6bde483481a912f1c38aa57fab2747d9b071d317339ee03a2
ebd78bdb87bb8cb08efe19d4327e735d9ecd8b7dc00923d9e5a0b1e6ce70ac47

kv365.merck-bkk.de Open in urlscan Pro 193.47.100.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

478 kBTransfer

1053 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

kv365.merck-bkk.de Open in urlscan Pro
193.47.100.75 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

478 kB
Transfer

1053 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions