urlscan.io logo urlscan.io
SecurityTrails logo

xmed.hmebillpay.com Open in urlscan Pro
204.193.153.122  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://xmed.hmebillpay.com/
Effective URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Submission: On June 26 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 34 HTTP transactions. The main IP is 204.193.153.122, located in United States and belongs to QTS-SUW1-ATL1, US. The main domain is xmed.hmebillpay.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 6th 2023. Valid for: a year.
This is the only time xmed.hmebillpay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 204.193.153.122 20141 (QTS-SUW1-...)
13 2a02:26f0:710... 20940 (AKAMAI-ASN1)
4 18.66.122.55 16509 (AMAZON-02)
6 104.17.25.14 13335 (CLOUDFLAR...)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
34 5
11    204.193.153.122 (United States)

ASN20141 (QTS-SUW1-ATL1, US)
xmed.hmebillpay.com
13    2a02:26f0:7100::1720:ef18 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
4    18.66.122.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-55.fra60.r.cloudfront.net
kendo.cdn.telerik.com
6    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a02:26f0:7100::1720:ef1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
Apex Domain
Subdomains		 Transfer
14 typekit.net
use.typekit.net — Cisco Umbrella Rank: 649
p.typekit.net — Cisco Umbrella Rank: 807
404 KB
11 hmebillpay.com
xmed.hmebillpay.com
371 KB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268
79 KB
4 telerik.com
kendo.cdn.telerik.com — Cisco Umbrella Rank: 15654
1 MB
34 4
Domain Requested by
13 use.typekit.net xmed.hmebillpay.com
11 xmed.hmebillpay.com 1 redirects xmed.hmebillpay.com
6 cdnjs.cloudflare.com xmed.hmebillpay.com
4 kendo.cdn.telerik.com xmed.hmebillpay.com
1 p.typekit.net
34 5

This site contains no links.

Subject Issuer Validity Valid
*.hmebillpay.com
Go Daddy Secure Certificate Authority - G2		 2023-10-06 -
2024-10-02		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-01 -
2025-03-03		 a year crt.sh
blazor.cdn.telerik.com
Amazon RSA 2048 M03		 2023-11-17 -
2024-12-15		 a year crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://xmed.hmebillpay.com/Error/InvalidDomain
Frame ID: E3B286882BF8028FA616FA1CD5299965
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

DNS Error

Page URL History Show full URLs

  1. https://xmed.hmebillpay.com/ HTTP 302
    https://xmed.hmebillpay.com/Error/InvalidDomain Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <script [^>]*src="[^"]*/popper\.js/([0-9.]+)
  • /popper\.js/([0-9.]+)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

2112 kB
Transfer

5790 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://xmed.hmebillpay.com/ HTTP 302
    https://xmed.hmebillpay.com/Error/InvalidDomain Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request InvalidDomain
xmed.hmebillpay.com/Error/
Redirect Chain
  • https://xmed.hmebillpay.com/
  • https://xmed.hmebillpay.com/Error/InvalidDomain
7 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
1727b985078405e5d9191648151232dea5eaac7c7ee79ff4ace484ec8c245f43
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
private no-cache
Content-Length
7156
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Jun 2024 13:31:59 GMT
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload max-age=15552000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
noindex, nofollow
X-Via-NSCOPI
1.0
X-XSS-Protection
1

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Content-Length
137
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Content-Type
text/html; charset=utf-8
Date
Wed, 26 Jun 2024 13:31:59 GMT
Expires
-1
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Location
/Error/InvalidDomain
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload max-age=15552000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
noindex, nofollow
X-XSS-Protection
1
lei7usf.js
use.typekit.net/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/lei7usf.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
6d82d7bed56f175b2ae5c31d497f5a889ffbbf22363ddd47334dc929a81ee12c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Wed, 26 Jun 2024 13:32:00 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
6969
kendo.common.min.css
kendo.cdn.telerik.com/2021.3.1207/styles/ 		407 KB
64 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kendo.cdn.telerik.com/2021.3.1207/styles/kendo.common.min.css
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-55.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
fa69477c99287e6259cb26c58a8acb1c7600380e5885cc61f11b329c8173e169

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Dec 2023 09:15:20 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
last-modified
Tue, 14 Nov 2023 09:32:54 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
15912999
etag
W/"65533ec6-65d7a"
x-cache
Hit from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-id
1GU0p5IGth8GoZpfNB7H-Bohtsc5a4QLAR_RzIK8X1RxXFHdGE1RGg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
kendo.default.min.css
kendo.cdn.telerik.com/2021.3.1207/styles/ 		117 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kendo.cdn.telerik.com/2021.3.1207/styles/kendo.default.min.css
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-55.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
ca94b1129cb080c24b2650f5340e8dd91c288ebbc07571f2dbf6615f3745c2a5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 20 Jul 2023 11:35:48 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
last-modified
Tue, 18 Jul 2023 10:25:36 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
29555771
etag
W/"64b668a0-1d410"
x-cache
Hit from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-id
AVwYT2DSt7IhFsA8SKOcxI6a9ivwUUwCJ_wql-ZlFM50EqEOZZSnQw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/css/ 		190 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/css/bootstrap.min.css
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
504584
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20233
last-modified
Tue, 22 Nov 2022 08:05:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"637c82db-4f09"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ck7D3IBPkCiJKbuZJSR7gxGmP%2FhkspsiK%2BGG0zUHJ0v%2BPacFNl1n9IUHACnqweTIhk5x3WFK0n0cJq4XlayVwwujxPy%2BwzNN8JoVNC6szYuIx2eI51n4g3tuBUVom3bs%2BwNwWgrW"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f93926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
styles.min.css
xmed.hmebillpay.com/Content/css/ 		132 KB
134 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/Content/css/styles.min.css?v=1.3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
f0c31321ec2d30f86abff8ba48d4d8b6eff157ae8e9a7c14cf695eabfaac2573
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
ETag
"4488726570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
135588
X-XSS-Protection
1
chosen-select.css
xmed.hmebillpay.com/Content/css/ 		5 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/Content/css/chosen-select.css
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
c0d9ef6999d36c2327937f5a764becc4a6e11c2b95d693851c3d5c469061c4ad
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
ETag
"1825706570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
4729
X-XSS-Protection
1
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
498617
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27446
last-modified
Tue, 29 Aug 2023 04:36:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64ed75bb-6b36"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wCWhZ3AJhfCsfw66Ed6Sn2%2BK5kUslHfQSLYgJyGnGLMtGBKNoLvx4rFarUG%2B%2BAFQQ9vUYLC5K3fyhMCfh3vAAIV3B7e8DBTZoNbNrqV2fN6nrMg6BJSXAnGXcV4PijPTrs6kdTe1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f82926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/2.11.6/umd/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.11.6/umd/popper.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
051a8137b75880006ab58f47778ca713ed6c967130faba043c5cd0ed34517dc8
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1104317
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6617
last-modified
Thu, 11 Aug 2022 09:00:35 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62f4c533-19d9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrPARcsOhZqARGuhpktGBM9vZnwgoXz4TKSU0tvz6srXt2u0vezhybPeym%2BrFh7mRHkqaMpdhWVhNvdzm9wrbG0pRR5O41JHC9e3QqV3Poo6k5BO2%2Be2JFWDDihzt2V93FAZNatH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f8a926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
bootstrap.min.js
cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/js/ 		59 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.3/js/bootstrap.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bcd4d0f29dc6556ebeeff44eaa0965f0c7f7308ee58394708cce2f698cca1b0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1100737
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14425
last-modified
Tue, 22 Nov 2022 08:05:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"637c82db-3859"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgOA9h0cRsxx6VFG%2B02YyVx8hCXs1sr%2BbhBgiw9dURD%2F9IJ%2BjV%2BxM3il0Z6PcCrvXF8r3AAxN8Wt72Vaili2L8y23jG7Uds9FoKtvnLFsOXkRFpuZuBIfj%2BGiM8bPXpYx6gXZp%2BS"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f92926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
kendo.all.min.js
kendo.cdn.telerik.com/2021.3.1207/js/ 		4 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://kendo.cdn.telerik.com/2021.3.1207/js/kendo.all.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-55.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f8cb22614a1b38f9d97ef4467694c5737155a327728daf31c1806130a0b4117c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 Nov 2023 09:19:43 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
last-modified
Tue, 14 Nov 2023 09:32:54 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
18159136
etag
W/"65533ec6-400b07"
x-cache
Hit from cloudfront
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-id
6A-M3M24E0iJYDePFDLhyDLRp11UcouzymAcjVr96-GwB53QXt8l1Q==
expires
Thu, 31 Dec 2037 23:55:55 GMT
kendo.aspnetmvc.min.js
kendo.cdn.telerik.com/2021.3.1207/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kendo.cdn.telerik.com/2021.3.1207/js/kendo.aspnetmvc.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-55.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
a977a4f5f2268536bbbfad8246282fefbea5bd6894cac631559a9b6a41b417d1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 18 Sep 2023 19:49:15 GMT
content-encoding
gzip
via
1.1 935770605c74a80712059ba5b24d4162.cloudfront.net (CloudFront)
last-modified
Tue, 29 Aug 2023 14:04:46 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
24342164
etag
W/"64edfafe-49ed"
x-cache
Hit from cloudfront
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=315360000, public
x-amz-cf-id
t2gv1XZRQDdytxEyIlVQ5pTQcDjtnzJNF5EtVXkai6fCTMSIQMyYZA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
PORTAL_BASE
xmed.hmebillpay.com/bundles/ 		105 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/bundles/PORTAL_BASE?v=O6N0lJ5_-FHeWEtchwh7xowib-8LGWzsV3_ej1pAcGg1
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
511d36b411894e645d77491da0307b3aa57cb5a363be6d5455486f6a6e6eb706
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 26 Jun 2024 13:32:00 GMT
Date
Wed, 26 Jun 2024 13:31:59 GMT
Vary
User-Agent
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
X-Robots-Tag
noindex, nofollow
Content-Length
107112
X-XSS-Protection
1
Expires
Thu, 26 Jun 2025 13:32:00 GMT
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.5/jquery.validate.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
506264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
7032
last-modified
Fri, 01 Jul 2022 15:30:23 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62bf130f-1b78"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L3251OR3xUeVvtbGt0nVpUqsgqaI01bnswUyruVruHGKBUS43lhNDCNwOjeN56gsBr14E7Kc289bCPLz33lgEbNNmPSr%2B5m%2Bx5b4HlxgFsrGy8C1UMK%2FMNXFG09%2Fw8c4xAZuIF1r"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f90926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
jquery.validate.unobtrusive.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/4.0.0/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/4.0.0/jquery.validate.unobtrusive.min.js
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44558558820fb230780ee711e23ab0c535b0d77666b48facead551d8b2666579
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:00 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
509830
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1934
last-modified
Wed, 20 Jul 2022 20:36:59 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"62d8676b-78e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x0XiyeRQ7me8j7whd1bTzGhEorMa7pxQGEiAt1l7hcbt6RVEKghdXg5h39eu75LQd7IslgRxFV%2Bqebphou8v9%2FtBDKpImGuCqtCybV3xp4SQTXlTjw8MFTvKsAnzbTsnjtQNueDb"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
899d8f976f7e926d-FRA
expires
Mon, 16 Jun 2025 13:32:00 GMT
sad-emoji.png
xmed.hmebillpay.com/Content/images/content-images/ 		16 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xmed.hmebillpay.com/Content/images/content-images/sad-emoji.png
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
4abf3426d6acb234626acb23870d876f056412d3d6d8717eee96c74f7887366d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
ETag
"aeb746570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
16371
X-XSS-Protection
1
sad-emoji-mob.png
xmed.hmebillpay.com/Content/images/content-images/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xmed.hmebillpay.com/Content/images/content-images/sad-emoji-mob.png
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
a9029aa0c99ae0cd707ff07c20bce21e61df8f22871a2314dc9b74ed03145f51
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:31:59 GMT
ETag
"aeb746570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
4248
X-XSS-Protection
1
icon-loader.svg
xmed.hmebillpay.com/Content/images/styles-images/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://xmed.hmebillpay.com/Content/images/styles-images/icon-loader.svg
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
ccda132626f143c2f691a23d03f3a605eef137e26eea9926bb78100fd9c7f2c5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
ETag
"acae796570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
3381
X-XSS-Protection
1
PORTAL
xmed.hmebillpay.com/bundles/ 		47 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/bundles/PORTAL?v=cgvbaS6AlR-qf42ioHqpceLOq_cZgJijhKQHC0DTmG01
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
aae1c278e6aabf9aa84d44dcd41d3fbb60fb4332906a7749105004e571ff3f5e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 26 Jun 2024 13:32:01 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
Vary
User-Agent
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
X-Robots-Tag
noindex, nofollow
Content-Length
47726
X-XSS-Protection
1
Expires
Thu, 26 Jun 2025 13:32:01 GMT
l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"a0f35f91fdc2ca0a90c8288c08c20681c1aecfcf"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33660
l
use.typekit.net/af/86b539/00000000000000003b9b093a/27/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/86b539/00000000000000003b9b093a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
40b87680850d61dff26f2280eaac2487e2261e8771cca1f4eba69dc366cd1fe2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"7419d3e31dff61919238b7104d975fb9f66eb724"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
35128
l
use.typekit.net/af/ed0e78/00000000000000003b9b0931/27/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/ed0e78/00000000000000003b9b0931/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n1&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
3e9779dec52550e11a984c17f8a8a60463b2a7d26452b35670aa99e2bb64110a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"dce7b30d884014b37cc4cbec8bf268d08a7d4bd4"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
31476
l
use.typekit.net/af/942fe1/00000000000000003b9b0930/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/942fe1/00000000000000003b9b0930/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i1&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
633716a233d852fb1c2cbf4c8b8f111ad32bec261b027447c4533a44d187a47b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"756994fb5a72bdac4775740717c1aab650bdc575"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33640
l
use.typekit.net/af/27776b/00000000000000003b9b0939/27/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/27776b/00000000000000003b9b0939/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
fe6fb5fcffff95ae9cd94d7299821cb3b37547b7b08063bc8b5fe0e2988deba4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"7f43a43bb76581ed1a2cdc24f0d9704bfa1a6732"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33120
l
use.typekit.net/af/256534/00000000000000003b9b0938/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/256534/00000000000000003b9b0938/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i6&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
d9b3353eaf2c47a7c612bc9e68a77cfeaa5a0700c5a1b04de714372f7079c6bc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"acacab2e2632059f644dde60747ca6597847d785"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34404
l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b99ce50d05750058143cb93936075ad5107f9a3e5b03f2d4872c0ebe753a9f7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"852dacc5cd2685c187708b882b28635465e17bd0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32688
l
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"98ea2e3888e90196090ca6bc7ddc5345e1871a7a"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34380
l
use.typekit.net/af/437c3d/00000000000000003b9b0932/27/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/437c3d/00000000000000003b9b0932/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
582f1b5d33e54e95557255c97d79a90d3fda73d7b2b105695446fe643eb737cc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"474f8294a654ddd4e855cc66b1bb647cd40bfa9b"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
32384
l
use.typekit.net/af/f02b29/00000000000000003b9b0933/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/f02b29/00000000000000003b9b0933/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i3&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
079f7a3137db89cb4855a0f5a81546b03245d56ea7d3649265523b96e30d81ba

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"bd5d9e8bf2a6cf83ffd0682302f21cb10bf236e8"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34788
l
use.typekit.net/af/3331e6/00000000000000003b9b0936/27/ 		32 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/3331e6/00000000000000003b9b0936/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
b796713fd51c9ee401b57ec4b3298bbf467e84477f1835062babb6d98f84c7c6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"b7f32cce44884c0c7d09c7eaf8ec10d20386685b"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33188
l
use.typekit.net/af/1cd3b2/00000000000000003b9b0937/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/1cd3b2/00000000000000003b9b0937/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i5&v=3
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
4194f3ad3a944446764a0adc78adc73373ecc0555a360a540c4527a9ecddf15c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Origin
https://xmed.hmebillpay.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
server
nginx
etag
"3c711f00d66ac1783195f3b82f0bc24e037cf7ef"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34632
p.gif
p.typekit.net/ 		35 B
205 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.typekit.net/p.gif?s=1&k=lei7usf&ht=tk&h=xmed.hmebillpay.com&f=139.140.171.172.173.174.175.176.5474.5475.25136.25137&a=7566360&js=1.21.0&app=typekit&e=js&_=1719408721349
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100::1720:ef1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 13:32:01 GMT
last-modified
Sat, 09 Oct 2021 02:10:03 GMT
server
nginx
etag
"6160f9fb-23"
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
35
clm10
xmed.hmebillpay.com/ 		0
46 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/clm10
Requested by
Host: xmed.hmebillpay.com
URL: https://xmed.hmebillpay.com/Error/InvalidDomain
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Content-Length
0
favicon.ico
xmed.hmebillpay.com/ 		31 KB
33 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://xmed.hmebillpay.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.193.153.122 , United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://xmed.hmebillpay.com/Error/InvalidDomain
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload, max-age=15552000
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2024 11:14:41 GMT
Date
Wed, 26 Jun 2024 13:32:00 GMT
ETag
"a9ef936570b6da1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Feature-Policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
Accept-Ranges
bytes
X-Robots-Tag
noindex, nofollow
Content-Length
32038
X-XSS-Protection
1

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| Typekit function| $ function| jQuery object| Popper number| uidEvent object| bootstrap object| kendo object| html5 object| Modernizr object| respond number| NS_CSM_td number| NS_CSM_pd string| NS_CSM_u string| NS_CSM_col function| sendTimingInfoInit function| sendTimingInfo function| makeAHttpPost function| makeAHttpGet function| getPartialViewContents function| checkServerAuthFailed function| ShowLoader function| HideLoader function| showAutoPayMessage function| DisplayCreditCardSection function| CreditCardSelect function| DisplayEcheckSection function| FormatDate function| ValidateDateFormat function| GetTodayDate function| ChosenSelect function| nextStep function| nextTab function| TextOnly function| NumbersOnly function| Checklength function| DecimalNumberOnly function| verifyInfo function| redirectWithEncryptParameters function| CallbackSuccess function| CallbackError function| urlEncryptionForNewWindow function| CallbackSuccessForURLEncrypt function| CallbackErrorForURLEncrypt function| replaceStringForInvoiceAmount function| validateAllowedDate function| GetCurrentDate function| validateDate function| displaySuperscript function| InitializePopOvers function| initializeDeclineNoReattemptPopover function| navigateToPTHub string| SessionExpiredUrl string| ApplicationErrorUrl object| screenSizes object| fix number| windowWidth object| UIResponse

2 Cookies

Domain/Path Name / Value
xmed.hmebillpay.com/ Name: ASP.NET_SessionId
Value: idab5aft35dktwxjcz3alx5c
xmed.hmebillpay.com/ Name: NSC_ESNS
Value: 1225c1ef-184f-167c-9678-661b12e9a623_2502077977_3551566839_00000000000303601381

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://code.jquery.com https://use.typekit.net https://cdnjs.cloudflare.com https://gateway.transit-pass.com https://stagegw.transnox.com/;; style-src 'self' 'unsafe-inline' http://kendo.cdn.telerik.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com http://kendo.cdn.telerik.com https://use.typekit.net https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: blob: blank: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://images.brightreepc.com http://kendo.cdn.telerik.com https://p.typekit.net https://cdnjs.cloudflare.com; connect-src 'self' javascript: wss: https://*.acsbapp.com https://*.acsbap.com https://acsbap.com https://acsbapp.com https://taskservice.brightreepc.com https://performance.typekit.net https://gateway.transit-pass.com https://stagegw.transnox.com/; frame-src 'self' https://transaction.hostedpayments.com/ https://certtransaction.hostedpayments.com/ https://counterpass.transit-pass.com/ https://stagemc.transnox.com/; frame-ancestors 'self' https://hmepatienthub.com; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload max-age=15552000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
kendo.cdn.telerik.com
p.typekit.net
use.typekit.net
xmed.hmebillpay.com
104.17.25.14
18.66.122.55
204.193.153.122
2a02:26f0:7100::1720:ef18
2a02:26f0:7100::1720:ef1a
051a8137b75880006ab58f47778ca713ed6c967130faba043c5cd0ed34517dc8
079f7a3137db89cb4855a0f5a81546b03245d56ea7d3649265523b96e30d81ba
1727b985078405e5d9191648151232dea5eaac7c7ee79ff4ace484ec8c245f43
270524b0d27afd1d3b6622d1a176c678daed94564c143297e217a63e21ce9820
3e9779dec52550e11a984c17f8a8a60463b2a7d26452b35670aa99e2bb64110a
40b87680850d61dff26f2280eaac2487e2261e8771cca1f4eba69dc366cd1fe2
4194f3ad3a944446764a0adc78adc73373ecc0555a360a540c4527a9ecddf15c
44558558820fb230780ee711e23ab0c535b0d77666b48facead551d8b2666579
4abf3426d6acb234626acb23870d876f056412d3d6d8717eee96c74f7887366d
511d36b411894e645d77491da0307b3aa57cb5a363be6d5455486f6a6e6eb706
582f1b5d33e54e95557255c97d79a90d3fda73d7b2b105695446fe643eb737cc
633716a233d852fb1c2cbf4c8b8f111ad32bec261b027447c4533a44d187a47b
6d82d7bed56f175b2ae5c31d497f5a889ffbbf22363ddd47334dc929a81ee12c
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9b99ce50d05750058143cb93936075ad5107f9a3e5b03f2d4872c0ebe753a9f7
9bcd4d0f29dc6556ebeeff44eaa0965f0c7f7308ee58394708cce2f698cca1b0
a0acc524b541f57df4024b039206425fbcc49c7b3cba369bc0b4a57cfc0e9629
a2b997da567762896061490c3c08e506b2e5b936978560fc12251dd245140b32
a9029aa0c99ae0cd707ff07c20bce21e61df8f22871a2314dc9b74ed03145f51
a94f8a8553caea8430dd4ca3cc01d4e318d19828f74cb65453ffb7f5d9e2f44d
a977a4f5f2268536bbbfad8246282fefbea5bd6894cac631559a9b6a41b417d1
aae1c278e6aabf9aa84d44dcd41d3fbb60fb4332906a7749105004e571ff3f5e
b796713fd51c9ee401b57ec4b3298bbf467e84477f1835062babb6d98f84c7c6
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
c0d9ef6999d36c2327937f5a764becc4a6e11c2b95d693851c3d5c469061c4ad
ca94b1129cb080c24b2650f5340e8dd91c288ebbc07571f2dbf6615f3745c2a5
ccda132626f143c2f691a23d03f3a605eef137e26eea9926bb78100fd9c7f2c5
d9b3353eaf2c47a7c612bc9e68a77cfeaa5a0700c5a1b04de714372f7079c6bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0c31321ec2d30f86abff8ba48d4d8b6eff157ae8e9a7c14cf695eabfaac2573
f8cb22614a1b38f9d97ef4467694c5737155a327728daf31c1806130a0b4117c
fa69477c99287e6259cb26c58a8acb1c7600380e5885cc61f11b329c8173e169
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fe6fb5fcffff95ae9cd94d7299821cb3b37547b7b08063bc8b5fe0e2988deba4