LeakIX - Host app.erxmobile.com

Domain app.erxmobile.com

United States

AMAZON-02

Software information

Vercel

tcp/443

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 66.33.60.34
Domain: app.erxmobile.com
Port: 443
URL: https://app.erxmobile.com

First seen 2025-03-24 13:39
Last seen 2026-01-02 18:12
Open for 284 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c11d3744d11d3744dfdb1c82af17f7726b4bc5accc53ede29
```
Found 12 files trough .DS_Store spidering:

/icons
/platform-assets
/platform-assets/ehr
/platform-assets/ehr/icons
/platform-assets/exercise
/platform-assets/exercise/icons
/platform-assets/formbuilder
/platform-assets/formbuilder/icons
/platform-assets/prescription
/platform-assets/prescription/icons
/platform-assets/rehab
/platform-assets/rehab/icons
```
  Found on 2026-01-02 18:12
- Severity: low
  Fingerprint: 5f32cf5d6962f09c63442d9d63442d9d956ff55a956ff55a956ff55a956ff55a
```
Found 1 files trough .DS_Store spidering:

/icons
```
  Found on 2025-09-17 03:06
Create report

Open service 66.33.60.34:443 · app.erxmobile.com

2026-01-09 19:47

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 173858
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1401
Content-Security-Policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://meet.prismehr.com https://cdn.withpersona.com https://cdn.auth0.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: mediastream: data: https://meet.prismehr.com; connect-src 'self' https://api.stripe.com https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://*.auth0.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://withpersona.com https://*.withpersona.com https://*.sentry.io https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; worker-src 'self' blob:; frame-src 'self' https://js.stripe.com https://meet.prismehr.com https://*.auth0.com https://withpersona.com https://*.withpersona.com https://*.vouched.id; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 19:47:44 GMT
Etag: "ac549dd03653c8c0d1f31dacd41e595d"
Last-Modified: Wed, 07 Jan 2026 19:30:06 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com" "https://*.withpersona.com" "https://*.vouched.id"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: sin1::jjm78-1767988064276-84bdbf926b7a
X-Xss-Protection: 1; mode=block
Connection: close

Page title: eRx Mobile

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Electronic prescription mobile application for healthcare providers" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="eRx Mobile" />
    
    <title>eRx Mobile</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-dJ8QRMZo.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-oKCHKb5P.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 66.33.60.34:443 · app.erxmobile.com

2026-01-02 18:12

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 35813
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1401
Content-Security-Policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://meet.prismehr.com https://cdn.withpersona.com https://cdn.auth0.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: mediastream: data: https://meet.prismehr.com; connect-src 'self' https://api.stripe.com https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://*.auth0.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://withpersona.com https://*.withpersona.com https://*.sentry.io https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; worker-src 'self' blob:; frame-src 'self' https://js.stripe.com https://meet.prismehr.com https://*.auth0.com https://withpersona.com https://*.withpersona.com https://*.vouched.id; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 18:12:49 GMT
Etag: "388855ec092b5b04aaae9a20dc5faf11"
Last-Modified: Fri, 02 Jan 2026 08:15:55 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com" "https://*.withpersona.com" "https://*.vouched.id"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: fra1::vj6kc-1767377569099-bba40d2f38ab
X-Xss-Protection: 1; mode=block
Connection: close

Page title: eRx Mobile

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Electronic prescription mobile application for healthcare providers" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="eRx Mobile" />
    
    <title>eRx Mobile</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-B0ftfQhc.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-oKCHKb5P.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 66.33.60.34:443 · app.erxmobile.com

2025-12-23 00:12

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1401
Content-Security-Policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://meet.prismehr.com https://cdn.withpersona.com https://cdn.auth0.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: mediastream: data: https://meet.prismehr.com; connect-src 'self' https://api.stripe.com https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://*.auth0.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://withpersona.com https://*.withpersona.com https://*.sentry.io https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; worker-src 'self' blob:; frame-src 'self' https://js.stripe.com https://meet.prismehr.com https://*.auth0.com https://withpersona.com https://*.withpersona.com https://*.vouched.id; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Tue, 23 Dec 2025 00:12:40 GMT
Etag: "08d4d30e5259c4433ee6824a253425bb"
Last-Modified: Tue, 23 Dec 2025 00:12:40 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com" "https://*.withpersona.com" "https://*.vouched.id"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: fra1::njkn4-1766448760483-eb95bd6d3ca1
X-Xss-Protection: 1; mode=block
Connection: close

Page title: eRx Mobile

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Electronic prescription mobile application for healthcare providers" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="eRx Mobile" />
    
    <title>eRx Mobile</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-CbChTeiV.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-oKCHKb5P.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2025-12-23 by HttpPlugin

Create report

Open service 66.33.60.34:443 · app.erxmobile.com

2025-12-21 04:09

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 213553
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1401
Content-Security-Policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://meet.prismehr.com https://cdn.withpersona.com https://cdn.auth0.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; media-src 'self' blob: mediastream: data: https://meet.prismehr.com; connect-src 'self' https://api.stripe.com https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://*.auth0.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://withpersona.com https://*.withpersona.com https://*.sentry.io https://*.amplitude.com https://*.lab.amplitude.com https://*.jsdelivr.net https://*.vouched.id https://*.googleapis.com https://*.fontawesome.com https://*.gstatic.com https://*.browser-intake-datadoghq.com; worker-src 'self' blob:; frame-src 'self' https://js.stripe.com https://meet.prismehr.com https://*.auth0.com https://withpersona.com https://*.withpersona.com https://*.vouched.id; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Sun, 21 Dec 2025 04:09:37 GMT
Etag: "08d4d30e5259c4433ee6824a253425bb"
Last-Modified: Thu, 18 Dec 2025 16:50:24 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com" "https://*.withpersona.com" "https://*.vouched.id"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: fra1::b4lvs-1766290177558-841ab180d26a
X-Xss-Protection: 1; mode=block
Connection: close

Page title: eRx Mobile

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Electronic prescription mobile application for healthcare providers" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="eRx Mobile" />
    
    <title>eRx Mobile</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-CbChTeiV.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-oKCHKb5P.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2025-12-21 by HttpPlugin

Create report

app.erxmobile.com

Fingerprint:

b3bbbe97f35901e40e7bbbb91a54c928baae7c6307f61897455b5cc1abb80fb5

CN:

app.erxmobile.com

Key:

RSA-2048

Issuer:

R13

Not before:

2025-11-24 21:31

Not after:

2026-02-22 21:31

Domain summary

app.erxmobile.com 5

1 recorded

IP summary

66.33.60.34 2

1 recorded

Domain app.erxmobile.com

United States

Software information

MacOS file listing through .DS_Store file

Create report

Create report

Create report

Create report

app.erxmobile.com

Domain summary

IP summary