kv365.merck-bkk.de Open in urlscan Pro
193.47.100.75 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://kv365.merck-bkk.de/
Effective URL:
https://kv365.merck-bkk.de/loginpage/default/index
Submission: On January 31 via manual (January 31st 2023, 12:12:16 pm UTC) from IN — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 193.47.100.75, located in Hanover, Germany and belongs to HTP-AS, DE. The main domain is kv365.merck-bkk.de.
TLS certificate: Issued by SwissSign RSA TLS DV ICA 2021 - 1 on March 23rd 2022. Valid for: a year.

This is the only time kv365.merck-bkk.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 18	193.47.100.75 193.47.100.75		13045 (HTP-AS) (HTP-AS)
17	1

18 193.47.100.75 (Hanover, Germany) 1 redirects

ASN13045 (HTP-AS, DE)

kv365.merck-bkk.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	merck-bkk.de 1 redirects kv365.merck-bkk.de	473 KB
17	1

	Domain	Requested by
18	kv365.merck-bkk.de	1 redirects kv365.merck-bkk.de
17	1

This site contains no links.

Subject Issuer	Validity	Valid
kv365.merck-bkk.de SwissSign RSA TLS DV ICA 2021 - 1	`2022-03-23` - `2023-03-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://kv365.merck-bkk.de/loginpage/default/index
Frame ID: 3A580C3C474479A6777BF9D636E17DEC
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://kv365.merck-bkk.de/ HTTP 302
https://kv365.merck-bkk.de/loginpage/default/index Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yii (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

/yii\.(?:validation|activeForm)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

472 kB
Transfer

1037 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://kv365.merck-bkk.de/ HTTP 302
https://kv365.merck-bkk.de/loginpage/default/index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index Show response
kv365.merck-bkk.de/loginpage/default/
Redirect Chain

https://kv365.merck-bkk.de/
https://kv365.merck-bkk.de/loginpage/default/index

10 KB
4 KB

24ms
24ms

Document
text/html

193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

762362854f84256f1dbd893afe659872db3611b309a04d17d987e5821bf12377

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 2724
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Type: text/html; charset=UTF-8
Date: Tue, 31 Jan 2023 12:12:10 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=99
Pragma: no-cache
Referrer-Policy: no-referrer strict-origin
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff nosniff
X-Frame-Options: SAMEORIGIN sameorigin
X-Xss-Protection: 1; mode=block

Redirect headers

Access-Control-Allow-Headers: origin, x-requested-with, content-type
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Type: text/html; charset=UTF-8
Date: Tue, 31 Jan 2023 12:12:10 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: https://kv365.merck-bkk.de/loginpage/default/index
Pragma: no-cache
Referrer-Policy: no-referrer strict-origin
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff nosniff
X-Frame-Options: SAMEORIGIN sameorigin
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.css
kv365.merck-bkk.de/assets/42d74b09/css/ 143 KB
22 KB 19ms
18ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/42d74b09/css/bootstrap.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 21275
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "23a0d-5f3135e729e8a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK merck.css
kv365.merck-bkk.de/css/ 144 KB
25 KB 48ms
21ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/css/merck.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

f9d2fede8eaf10e676c62fc740796cd76f6547d0fd7fad3bcf96903482d8d3be

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 24266
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "23e0f-5f3135e4b4ff4-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=97

GET
H/1.1 200
OK module.css
kv365.merck-bkk.de/assets/d0558763/css/ 5 KB
3 KB 42ms
14ms Stylesheet
text/css 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/d0558763/css/module.css

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

0c391d78b1903301df3f0f66b9505cff5202950855b9a5f66198acd70ec2deb0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 1639
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "1367-5f3135e72ae2a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: text/css
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK logo_login.png
kv365.merck-bkk.de/images/site/merck/ 17 KB
18 KB 18ms
16ms Image
image/png 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/site/merck/logo_login.png

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

5bf81d792cafa42e89c38d82b38235c9dbf01d354d9c3824e8620275bf9e6ea9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 17355
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "43cb-5f3135e4c5995"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK eyevector.svg
kv365.merck-bkk.de/images/svg_icons/default/ 3 KB
4 KB 17ms
15ms Image
image/svg+xml 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/svg_icons/default/eyevector.svg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

27e935b327982901a5469630e4974ff93a49b4601cdd200274326775107c6480

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 3559
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "de7-5f3135e4c5995"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK eyevector-open.svg
kv365.merck-bkk.de/images/svg_icons/default/ 3 KB
4 KB 18ms
18ms Image
image/svg+xml 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/svg_icons/default/eyevector-open.svg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

1f73f874095e4c3a10f0208c3d846eb94d278aef0e7d1444df65d17bf83688f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 3226
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "c9a-5f3135e4c5995"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK jquery.js Show response
kv365.merck-bkk.de/assets/21f95986/ 281 KB
84 KB 45ms
34ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/21f95986/jquery.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "4638e-5f3135e729e8a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK bootstrap.js Show response
kv365.merck-bkk.de/assets/42d74b09/js/ 74 KB
17 KB 43ms
17ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/42d74b09/js/bootstrap.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

dbd2a35e72edc7d6bde483481a912f1c38aa57fab2747d9b071d317339ee03a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 16130
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "126dc-5f3135e729e8a-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

GET
H/1.1 200
OK yii.js Show response
kv365.merck-bkk.de/assets/9fa604c5/ 20 KB
7 KB 52ms
16ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/9fa604c5/yii.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 5813
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "51c6-5f3135e72bdca-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=96

GET
H/1.1 200
OK site.js Show response
kv365.merck-bkk.de/js/ 5 KB
3 KB 45ms
14ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/js/site.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

b9ae9257ee1ae47551b489d8c3c5dfea8d92b5c075fc83d83421bc8501862555

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 1486
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "1234-5f3135e4c2ab4-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK linkmodal.js Show response
kv365.merck-bkk.de/js/ 13 KB
4 KB 30ms
16ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/js/linkmodal.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

c80e1e9bd0b5cdbdf9cc46d25fb09ac75875f083ca369a4448236b20ad2f19a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2647
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "347d-5f3135e4c2ab4-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK placeholder-labels.js Show response
kv365.merck-bkk.de/assets/d0558763/js/ 8 KB
4 KB 19ms
15ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/d0558763/js/placeholder-labels.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

04f09423d4971295f8a7822871c0db7b6eb4b8ddb112df90676b4dfe630bbd10

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2670
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "1f4e-5f3135e72bdca-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK yii.validation.js Show response
kv365.merck-bkk.de/assets/9fa604c5/ 16 KB
4 KB 14ms
14ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/9fa604c5/yii.validation.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

9dfc50020dc8d966ecad3b9d80b71c8bdbc55860d3ea77bb89633c8525924a5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 3064
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "4015-5f3135e72bdca-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=95

GET
H/1.1 200
OK yii.activeForm.js Show response
kv365.merck-bkk.de/assets/9fa604c5/ 36 KB
8 KB 19ms
14ms Script
application/javascript 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/assets/9fa604c5/yii.activeForm.js

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/loginpage/default/index

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

d738dda3c85c719416ccc701c1683675980e8e0949c6324c49f648f31c4aa29e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 7379
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:38 GMT
Server: Apache
ETag: "8f03-5f3135e72bdca-gzip"
X-Frame-Options: SAMEORIGIN, sameorigin
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=98

GET
H/1.1 200
OK hintergrundOhneRand.jpg
kv365.merck-bkk.de/images/site/merck/ 206 KB
207 KB 18ms
13ms Image
image/jpeg 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kv365.merck-bkk.de/images/site/merck/hintergrundOhneRand.jpg

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/css/merck.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

b4929dcb630d77ace1d14173376ad118c0a677feccc7c9de1f70ac5281dc5e3e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://kv365.merck-bkk.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 210753
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "33741-5f3135e4c49f4"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=94

GET
H/1.1 200
OK Verdana.woff
kv365.merck-bkk.de/fonts/merck/ 55 KB
56 KB 17ms
13ms Font
font/woff 193.47.100.75
HTP-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://kv365.merck-bkk.de/fonts/merck/Verdana.woff

Requested by

Host: kv365.merck-bkk.de
URL: https://kv365.merck-bkk.de/css/merck.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

193.47.100.75 Hanover, Germany, ASN13045 (HTP-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

a2beb85b34742d5fa601ca7354df41082009d358c0d84bb3d39cf89818f607c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kv365.merck-bkk.de/
Origin: https://kv365.merck-bkk.de
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Tue, 31 Jan 2023 12:12:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff, nosniff
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Connection: Keep-Alive
Content-Length: 56264
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer, strict-origin
Last-Modified: Wed, 25 Jan 2023 09:36:35 GMT
Server: Apache
ETag: "dbc8-5f3135e4c1b14"
X-Frame-Options: SAMEORIGIN, sameorigin
Access-Control-Allow-Methods: GET, POST
Content-Type: font/woff
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Keep-Alive: timeout=5, max=99

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			kv365.merck-bkk.de/	1969-12-31 23:59:59	Name: PHPSESSID_merck Value: lq9fmekqdmoorsog9qjrp03qmv
			kv365.merck-bkk.de/	1969-12-31 23:59:59	Name: _csrf_merck Value: d8756138472bfa54ba7ae0d9611f6a28e7509ff8e69abd6a85b298ef297332b5a%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22_csrf_merck%22%3Bi%3A1%3Bs%3A32%3A%228R4e8iVgGjcLPuUan03iz3de3bnuakq4%22%3B%7D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; child-src 'self' blob:; frame-src 'self' https://www.google.com/;
Strict-Transport-Security	max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kv365.merck-bkk.de
193.47.100.75
04f09423d4971295f8a7822871c0db7b6eb4b8ddb112df90676b4dfe630bbd10
0c391d78b1903301df3f0f66b9505cff5202950855b9a5f66198acd70ec2deb0
1f73f874095e4c3a10f0208c3d846eb94d278aef0e7d1444df65d17bf83688f0
27e935b327982901a5469630e4974ff93a49b4601cdd200274326775107c6480
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
5bf81d792cafa42e89c38d82b38235c9dbf01d354d9c3824e8620275bf9e6ea9
67bed69f23af460ec3341aefcdf793955c250fbf879589de4b93d17b8ec4ae54
762362854f84256f1dbd893afe659872db3611b309a04d17d987e5821bf12377
9dfc50020dc8d966ecad3b9d80b71c8bdbc55860d3ea77bb89633c8525924a5d
a2beb85b34742d5fa601ca7354df41082009d358c0d84bb3d39cf89818f607c1
b4929dcb630d77ace1d14173376ad118c0a677feccc7c9de1f70ac5281dc5e3e
b9ae9257ee1ae47551b489d8c3c5dfea8d92b5c075fc83d83421bc8501862555
c80e1e9bd0b5cdbdf9cc46d25fb09ac75875f083ca369a4448236b20ad2f19a7
d170052c16caec3810f2dee6456539045d8e326f6d8ed7c7f78e59ed34de348a
d738dda3c85c719416ccc701c1683675980e8e0949c6324c49f648f31c4aa29e
dbd2a35e72edc7d6bde483481a912f1c38aa57fab2747d9b071d317339ee03a2
f9d2fede8eaf10e676c62fc740796cd76f6547d0fd7fad3bcf96903482d8d3be

kv365.merck-bkk.de Open in urlscan Pro 193.47.100.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

472 kBTransfer

1037 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

kv365.merck-bkk.de Open in urlscan Pro
193.47.100.75 Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

472 kB
Transfer

1037 kB
Size

2
Cookies

17 HTTP transactions
0 data transactions