LeakIX - Host app.prismehr.com

Domain app.prismehr.com

United States

AMAZON-02

Software information

Vercel

tcp/443

MacOS file listing through .DS_Store file

.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).

They store information about the files within a folder, including display options of folders, such as icon positions and view settings.

It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.

IP: 216.150.1.1
Domain: app.prismehr.com
Port: 443
URL: https://app.prismehr.com

First seen 2025-09-22 19:42
Last seen 2026-01-02 20:38
Open for 102 days
- Severity: low
  Fingerprint: 5f32cf5d6962f09c11d3744d11d3744dfdb1c82af17f7726b4bc5accc53ede29
```
Found 12 files trough .DS_Store spidering:

/icons
/platform-assets
/platform-assets/ehr
/platform-assets/ehr/icons
/platform-assets/exercise
/platform-assets/exercise/icons
/platform-assets/formbuilder
/platform-assets/formbuilder/icons
/platform-assets/prescription
/platform-assets/prescription/icons
/platform-assets/rehab
/platform-assets/rehab/icons
```
  Found on 2026-01-02 20:38
- Severity: low
  Fingerprint: 5f32cf5d6962f09cec7f8772ec7f8772e2091db97e417c710072ba1b6332a0ff
```
Found 11 files trough .DS_Store spidering:

/icons
/platform-assets
/platform-assets/ehr
/platform-assets/exercise
/platform-assets/exercise/icons
/platform-assets/formbuilder
/platform-assets/formbuilder/icons
/platform-assets/prescription
/platform-assets/prescription/icons
/platform-assets/rehab
/platform-assets/rehab/icons
```
  Found on 2025-12-10 13:34
Create report

Open service 216.150.1.1:443 · app.prismehr.com

2026-01-09 12:10

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 2
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1393
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://meet.prismehr.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: https://*.googleapis.com https://storage.googleapis.com https://*.xano.io; media-src 'self' blob: mediastream: data: https://meet.prismehr.com https://*.googleapis.com https://storage.googleapis.com; connect-src 'self' https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://*.sentry.io https://*.googleapis.com https://storage.googleapis.com https://api.stripe.com; worker-src 'self' blob:; frame-src 'self' https://meet.prismehr.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Jan 2026 12:11:02 GMT
Etag: "c75f0c9b94f4bd6ee1334a81def10490"
Last-Modified: Fri, 09 Jan 2026 12:10:59 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: fra1::b2cwc-1767960661999-03466340685e
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Prism

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Patient portal for managing health records and appointments" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="Patient Portal" />
    
    <title>Prism</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-Bgto3Psn.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-xWfeO77U.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2026-01-09 by HttpPlugin

Create report

Open service 216.150.1.1:443 · app.prismehr.com

2026-01-02 20:38

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1393
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://meet.prismehr.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: https://*.googleapis.com https://storage.googleapis.com https://*.xano.io; media-src 'self' blob: mediastream: data: https://meet.prismehr.com https://*.googleapis.com https://storage.googleapis.com; connect-src 'self' https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://*.sentry.io https://*.googleapis.com https://storage.googleapis.com https://api.stripe.com; worker-src 'self' blob:; frame-src 'self' https://meet.prismehr.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Fri, 02 Jan 2026 20:38:35 GMT
Etag: "c75f0c9b94f4bd6ee1334a81def10490"
Last-Modified: Fri, 02 Jan 2026 20:38:34 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: bom1::577dt-1767386314823-60cfe73929ee
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Prism

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Patient portal for managing health records and appointments" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="Patient Portal" />
    
    <title>Prism</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-Bgto3Psn.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-xWfeO77U.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2026-01-02 by HttpPlugin

Create report

Open service 216.150.1.1:443 · app.prismehr.com

2025-12-22 19:00

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 0
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1393
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://meet.prismehr.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: https://*.googleapis.com https://storage.googleapis.com https://*.xano.io; media-src 'self' blob: mediastream: data: https://meet.prismehr.com https://*.googleapis.com https://storage.googleapis.com; connect-src 'self' https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://*.sentry.io https://*.googleapis.com https://storage.googleapis.com https://api.stripe.com; worker-src 'self' blob:; frame-src 'self' https://meet.prismehr.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Dec 2025 19:00:05 GMT
Etag: "c75f0c9b94f4bd6ee1334a81def10490"
Last-Modified: Mon, 22 Dec 2025 19:00:05 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: fra1::7dn9g-1766430005756-c65fa588dbcb
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Prism

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Patient portal for managing health records and appointments" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="Patient Portal" />
    
    <title>Prism</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-Bgto3Psn.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-xWfeO77U.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2025-12-22 by HttpPlugin

Create report

Open service 216.150.1.1:443 · app.prismehr.com

2025-12-20 21:10

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 140366
Cache-Control: public, max-age=0, must-revalidate
Content-Disposition: inline
Content-Length: 1393
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://meet.prismehr.com https://js.stripe.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: https://*.googleapis.com https://storage.googleapis.com https://*.xano.io; media-src 'self' blob: mediastream: data: https://meet.prismehr.com https://*.googleapis.com https://storage.googleapis.com; connect-src 'self' https://meet.prismehr.com wss://meet.prismehr.com https://*.facetec.com https://test-api.rehabilitationhealth.com https://api.rehabilitationhealth.com https://*.sentry.io https://*.googleapis.com https://storage.googleapis.com https://api.stripe.com; worker-src 'self' blob:; frame-src 'self' https://meet.prismehr.com https://js.stripe.com https://hooks.stripe.com; font-src 'self' data:;
Content-Type: text/html; charset=utf-8
Date: Sat, 20 Dec 2025 21:10:00 GMT
Etag: "c75f0c9b94f4bd6ee1334a81def10490"
Last-Modified: Fri, 19 Dec 2025 06:10:33 GMT
Permissions-Policy: camera=(self "https://meet.prismehr.com" "https://*.facetec.com"), microphone=(self "https://meet.prismehr.com"), display-capture=(self "https://meet.prismehr.com"), geolocation=(), accelerometer=(self), autoplay=(self), encrypted-media=(self), gyroscope=(self), magnetometer=(self)
Referrer-Policy: strict-origin-when-cross-origin
Server: Vercel
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vercel-Cache: HIT
X-Vercel-Id: iad1::vdpds-1766265000308-b7a49d51e037
X-Xss-Protection: 1; mode=block
Connection: close

Page title: Prism

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <meta name="theme-color" content="#ffffff" />
    <meta name="description" content="Patient portal for managing health records and appointments" />
    
    <!-- PWA related links -->
    <link rel="manifest" href="/manifest.json" />
    <link rel="icon" type="image/png" href="/icons/icon-192x192.png" />
    <link rel="apple-touch-icon" href="/icons/icon-192x192.png" />
    
    <!-- iOS specific meta tags -->
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="default" />
    <meta name="apple-mobile-web-app-title" content="Patient Portal" />
    
    <title>Prism</title>
    
    <!-- Load FaceTec SDK before React app - CRITICAL for FaceTec integration -->
    <script type="text/javascript" src="/core-sdk/FaceTecSDK.js/FaceTecSDK.js"></script>
    <script type="module" crossorigin src="/assets/index-Bgto3Psn.js"></script>
    <link rel="stylesheet" crossorigin href="/assets/index-xWfeO77U.css">
  <link rel="manifest" href="/manifest.webmanifest"><script id="vite-plugin-pwa:register-sw" src="/registerSW.js"></script></head>
  <body>
    <div id="root"></div>
    <noscript>You need to enable JavaScript to run this app.</noscript>
  </body>
</html>

Found 2025-12-20 by HttpPlugin

Create report

app.prismehr.com

Fingerprint:

a7f53f27782c5e99d133efc4f4ef85edd8588f19d832158ba682cc82114d4535

CN:

app.prismehr.com

Key:

RSA-2048

Issuer:

R12

Not before:

2025-11-22 03:43

Not after:

2026-02-20 03:43

Domain summary

app.prismehr.com 5

1 recorded

IP summary

216.150.1.1 2

1 recorded

Domain app.prismehr.com

United States

Software information

MacOS file listing through .DS_Store file

Create report

Create report

Create report

Create report

app.prismehr.com

Domain summary

IP summary