urlscan.io logo urlscan.io
SecurityTrails logo

covid-19rapidtest.org Open in urlscan Pro
23.227.38.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://coronavirus-testing-kit.myshopify.com/
Effective URL: https://covid-19rapidtest.org/password
Submission Tags: phishing malicious Search All
Submission: On April 29 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 14 HTTP transactions. The main IP is 23.227.38.65, located in Canada and belongs to CLOUDFLARENET, US. The main domain is covid-19rapidtest.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 2nd 2020. Valid for: 3 months.
This is the only time covid-19rapidtest.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.227.38.64 13335 (CLOUDFLAR...)
1 2 23.227.38.65 13335 (CLOUDFLAR...)
8 2a04:4e42:3::104 54113 (FASTLY)
2 2a04:4e42:1b:... 54113 (FASTLY)
3 104.196.190.76 15169 (GOOGLE)
14 4
1    23.227.38.64 (Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: shops.myshopify.com
coronavirus-testing-kit.myshopify.com
2    23.227.38.65 (Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: zagat.ssl.shopify.com
covid-19rapidtest.org
8    2a04:4e42:3::104 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.shopify.com
2    2a04:4e42:1b::104 (Ascension Island)

ASN54113 (FASTLY, US)
fonts.shopifycdn.com
3    104.196.190.76 (United States)

ASN15169 (GOOGLE, US)
PTR: 76.190.196.104.bc.googleusercontent.com
monorail-edge.shopifysvc.com
Domain Requested by
8 cdn.shopify.com covid-19rapidtest.org
3 monorail-edge.shopifysvc.com cdn.shopify.com
2 fonts.shopifycdn.com covid-19rapidtest.org
2 covid-19rapidtest.org 1 redirects
1 coronavirus-testing-kit.myshopify.com 1 redirects
14 5

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.shopify.com
Subject Issuer Validity Valid
covid-19rapidtest.org
Let's Encrypt Authority X3		 2020-04-02 -
2020-07-01		 3 months crt.sh
shopify.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-04-17 -
2021-04-18		 a year crt.sh
monorail-edge.shopifysvc.com
Let's Encrypt Authority X3		 2020-04-21 -
2020-07-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://covid-19rapidtest.org/password
Frame ID: F354AA60ADDA60906E122DE8B847B866
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://coronavirus-testing-kit.myshopify.com/ HTTP 301
    https://covid-19rapidtest.org/ HTTP 302
    https://covid-19rapidtest.org/password Page URL

Detected technologies

Overall confidence: 25%
Detected patterns
  • html /<link[^>]+=['"]\/\/cdn\.shopify\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

14
Requests

100 %
HTTPS

40 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

213 kB
Transfer

702 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://coronavirus-testing-kit.myshopify.com/ HTTP 301
    https://covid-19rapidtest.org/ HTTP 302
    https://covid-19rapidtest.org/password Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request password
covid-19rapidtest.org/
Redirect Chain
  • http://coronavirus-testing-kit.myshopify.com/
  • https://covid-19rapidtest.org/
  • https://covid-19rapidtest.org/password
21 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.65 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
zagat.ssl.shopify.com
Software
cloudflare /
Resource Hash
8cc84150bc699400578b20861537676e9f830e7c98ce9fc8261b187b76221233
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad

Request headers

:method
GET
:authority
covid-19rapidtest.org
:scheme
https
:path
/password
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d629f3ffbc54bdd4a3103f39be4ff74cd1588182288; _shopify_y=07058421-604d-405b-a49b-cba61d69d5e7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 29 Apr 2020 17:44:49 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
135
x-sorting-hat-shopid
36852629640
x-frame-options
DENY
x-shopid
36852629640
x-shardid
135
content-language
en
x-shopify-generated-cart-token
c4997580f4fec05071cfc77fc31f683a
content-encoding
gzip
x-robots-tag
nofollow
strict-transport-security
max-age=7889238
etag
cacheable:51e9863c29e580c9cc6e3a1f52ef8b0f
x-alternate-cache-key
cacheable:848aa45ed25bcf2155ffa526b1850e75
x-cache
hit, server
set-cookie
_y=07058421-604d-405b-a49b-cba61d69d5e7; Expires=Thu, 29-Apr-21 17:44:49 GMT; Path=/; cart_currency=USD; path=/; expires=Wed, 13 May 2020 17:44:49 GMT _orig_referrer=; Expires=Wed, 13-May-20 17:44:49 GMT; Path=/; HttpOnly secure_customer_sig=; path=/; expires=Sun, 29 Apr 2040 17:44:49 GMT; secure; HttpOnly _shopify_y=07058421-604d-405b-a49b-cba61d69d5e7; Expires=Thu, 29-Apr-21 17:44:49 GMT; Path=/; _landing_page=%2Fpassword; Expires=Wed, 13-May-20 17:44:49 GMT; Path=/; HttpOnly cart_sig=; path=/; expires=Wed, 13 May 2020 17:44:49 GMT; HttpOnly
x-shopify-stage
production
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad
x-dc
gcp-us-east1,gcp-us-central1,gcp-us-central1
nel
{"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001} {"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]} {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
x-request-id
5c48477a-df66-43b7-8e3b-40e3fffc7aad
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58bad54a3d87cc3a-ZRH
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0268a3a2600000cc3a5b8e3200000001

Redirect headers

status
302
date
Wed, 29 Apr 2020 17:44:48 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d629f3ffbc54bdd4a3103f39be4ff74cd1588182288; expires=Fri, 29-May-20 17:44:48 GMT; path=/; domain=.covid-19rapidtest.org; HttpOnly; SameSite=Lax _shopify_y=07058421-604d-405b-a49b-cba61d69d5e7; path=/; expires=Sat, 30 Apr 2022 05:23:12 GMT
x-sorting-hat-podid
135
x-sorting-hat-shopid
36852629640
x-frame-options
DENY
x-shopid
36852629640
x-shardid
135
content-language
en
x-cache
allow
location
https://covid-19rapidtest.org/password
strict-transport-security
max-age=7889238
x-shopify-stage
production
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=21d1e906-e4b3-44f9-9aa9-14d3ae5c7d39
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=index&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fshop&source%5Bsection%5D=storefront&source%5Buuid%5D=21d1e906-e4b3-44f9-9aa9-14d3ae5c7d39
x-dc
gcp-us-east1,gcp-us-central1,gcp-us-central1
nel
{"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001} {"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]} {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
x-request-id
21d1e906-e4b3-44f9-9aa9-14d3ae5c7d39
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58bad548aa52cc3a-ZRH
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0268a3a16c0000cc3a5b8ca200000001
theme.scss.css
cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/ 		137 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.scss.css?v=6105164400450727287
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
849a4967fad4d3f98da039e711c98cfb1baba1f976615eceb4da229aada1bcba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/files/1/0368/5262/9640/t/1/assets/theme.scss.css?v=6105164400450727287
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-text/css,source-GcsShopAssetsBackend,segment2-30,segment4-7916,revision-622c24b556bcde8297b39c4322572d755281f90a,cdn-shopify-com-s-files-1-0368-5262-9640-t-1-assets-theme-scss-css,shop-36852629640
status
200
x-cache
HIT, HIT
content-length
24031
x-xss-protection
1; mode=block
x-request-id
03dfd6b8214c1c53f1fa968eb112508d2a65bd37c5cf7c3e7ea117e4db09b61b
x-served-by
cache-lga21933-LGA, cache-fra19157-FRA
last-modified
Sun, 19 Apr 2020 00:14:35 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.256465,VS0,VE1
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Mon, 19 Apr 2021 00:14:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.scss.css>; rel="canonical"
x-cache-hits
1, 1
vendor.js
cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/ 		143 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/vendor.js?v=8583346420283214553
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
2dbb75cdd921d7a33db005df9d809aba3448a85e6a44e0306e0ce76f4651904e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/files/1/0368/5262/9640/t/1/assets/vendor.js?v=8583346420283214553
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-65,segment4-16699,revision-33ce2ffc7ccb1eb33a695ba3fa0c9b8116d8060c,cdn-shopify-com-s-files-1-0368-5262-9640-t-1-assets-vendor-js,shop-36852629640
status
200
x-cache
MISS, MISS
content-length
49124
x-xss-protection
1; mode=block
x-request-id
9941aed65e1ceedff85b951edaf746954f97d46fb671a14ef2f8e4b9eb1b50d1
x-served-by
cache-lga21949-LGA, cache-fra19157-FRA
last-modified
Tue, 31 Mar 2020 19:36:21 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.256474,VS0,VE262
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 29 Apr 2021 17:44:49 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/vendor.js>; rel="canonical"
x-cache-hits
0, 0
theme.js
cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/ 		206 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.js?v=8903157658550589297
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
d78a288913ae085450dd52c9075f060b4770b4feab0c966f2d81d3c677a39b91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/files/1/0368/5262/9640/t/1/assets/theme.js?v=8903157658550589297
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-208,segment4-53407,revision-33ce2ffc7ccb1eb33a695ba3fa0c9b8116d8060c,cdn-shopify-com-s-files-1-0368-5262-9640-t-1-assets-theme-js,shop-36852629640
status
200
x-cache
HIT, MISS
content-length
45524
x-xss-protection
1; mode=block
x-request-id
cfe1233d2983616fec0a3c126df36695286fd1d9b9df43958c6d8c83eebfee40
x-served-by
cache-lga21966-LGA, cache-fra19157-FRA
last-modified
Tue, 31 Mar 2020 19:36:20 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.276855,VS0,VE93
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 28 Apr 2021 18:48:33 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.js>; rel="canonical"
x-cache-hits
2, 0
password.js
cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/password.js?v=16754382210079724339
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
baae8ac1408b19f85adf0a99879b005e62b71749adff14481978d2ace3131156
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/files/1/0368/5262/9640/t/1/assets/password.js?v=16754382210079724339
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-193,segment4-49625,revision-4d30131f1323257a0ce73743d3d6da546b354e39,cdn-shopify-com-s-files-1-0368-5262-9640-t-1-assets-password-js,shop-36852629640
status
200
x-cache
HIT, HIT
content-length
1171
x-xss-protection
1; mode=block
x-request-id
ad55e73307a108b2db40be12210ccef1ba4c388fb6fcd153fb6b235521af9ade
x-served-by
cache-lga21982-LGA, cache-fra19157-FRA
last-modified
Tue, 31 Mar 2020 19:36:20 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.281443,VS0,VE1
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 08 Apr 2021 22:32:41 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/password.js>; rel="canonical"
x-cache-hits
1, 1
load_feature-589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50.js
cdn.shopify.com/s/assets/storefront/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/assets/storefront/load_feature-589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50.js
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19148-FRA /
Resource Hash
589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://covid-19rapidtest.org/password
Origin
https://covid-19rapidtest.org

Response headers

x-url
/s/assets/storefront/load_feature-589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50.js
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-ShopAssetsBackend,segment2-43,segment4-11237,revision-33ce2ffc7ccb1eb33a695ba3fa0c9b8116d8060c,cdn-shopify-com-s-assets-storefront-load_feature-589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50-js
status
200
x-cache
HIT, HIT
content-length
3015
x-xss-protection
1; mode=block
x-request-id
ff4fd1222ceef641e3f4935e579463056407df4e81718ab9fb5a3ef6f39cf4ec
x-served-by
cache-lga21940-LGA, cache-fra19148-FRA
last-modified
Tue, 28 Apr 2020 18:35:46 GMT
server
cache-fra19148-FRA
x-timer
S1588182289.294450,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/assets/storefront/load_feature-589ff3342d639ed23c94f5fc11e03d64e0788e2a4a687391ebeeeef20eaf2f50.js>; rel="canonical"
x-cache-hits
1, 41004
trekkie.storefront.min.js
cdn.shopify.com/s/javascripts/tricorder/ 		44 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.04.13.1
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
fb10d669f19c662bd30a58717f082488940471675cba27f047db04650bde2fd2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.04.13.1
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-ShopAssetsBackend,segment2-123,segment4-31719,revision-add2e77f40635cd80f2352e1d1819b6acbee36b5,cdn-shopify-com-s-javascripts-tricorder-trekkie-storefront-min-js
status
200
x-cache
HIT, HIT
content-length
11121
x-xss-protection
1; mode=block
x-request-id
81d03e3c0b1723c2f700145531f44cf75d64959bef341751c62c9cef391f2879
x-served-by
cache-lga21944-LGA, cache-fra19157-FRA
last-modified
Fri, 24 Apr 2020 13:48:54 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.281606,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js>; rel="canonical"
x-cache-hits
33, 1156
shop_events_listener-2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539.js
cdn.shopify.com/s/assets/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/assets/shop_events_listener-2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539.js
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/s/assets/shop_events_listener-2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539.js
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-ShopAssetsBackend,segment2-193,segment4-49528,revision-4d30131f1323257a0ce73743d3d6da546b354e39,cdn-shopify-com-s-assets-shop_events_listener-2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539-js
status
200
x-cache
HIT, HIT
content-length
2155
x-xss-protection
1; mode=block
x-request-id
b1630dd9b74aa4cf1a6c1224295d0b3809db6a2db6a3f1285d7ecaeceaa20296
x-served-by
cache-lga21957-LGA, cache-fra19157-FRA
last-modified
Wed, 25 Mar 2020 18:42:50 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.281646,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/assets/shop_events_listener-2c6237918c4bbec8783d8ceecd5759edc38afa9b5bef55134462710955517539.js>; rel="canonical"
x-cache-hits
2, 561282
helvetica_n7.39bee04bd277a9c4e94e2fd42d53f4e3c0afb8a5.woff2
fonts.shopifycdn.com/helvetica/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/helvetica/helvetica_n7.39bee04bd277a9c4e94e2fd42d53f4e3c0afb8a5.woff2?h1=Y292aWQtMTlyYXBpZHRlc3Qub3Jn&hmac=c2d8d75ba8d47f6a276c5c5b907b1e0356dbb20f700f35cceba8e79fab343196
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9c5529d40c44a9fc7a7325d3db1ef37b56c0a210d0c4ee3cef18e76cdaf73d79

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.scss.css?v=6105164400450727287
Origin
https://covid-19rapidtest.org

Response headers

x-amz-version-id
bf14xZ3Y7004VsnG_0HLBKaH33hlKrVM
via
1.1 varnish
etag
"48bdbd2fdba819c4761d8eaf7948ffce"
age
977
x-cache
HIT
status
200
content-length
18784
x-amz-id-2
NqEirAXWfyvipRUcyOD6o8t1TBqfdzQi37Ghi9VTnAM9dveOKRzL0ZUtZ8y6OD2P5AQrPpZBfz4=
x-served-by
cache-hhn4065-HHN
last-modified
Mon, 14 May 2018 14:32:27 GMT
server
AmazonS3
x-timer
S1588182289.303788,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
x-amz-request-id
546034D36E48111F
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
content-type
application/octet-stream
x-cache-hits
134
opensans_n4.5460e0463a398b1075386f51084d8aa756bafb17.woff2
fonts.shopifycdn.com/open_sans/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/open_sans/opensans_n4.5460e0463a398b1075386f51084d8aa756bafb17.woff2?h1=Y292aWQtMTlyYXBpZHRlc3Qub3Jn&hmac=900a8d1059aff0bd1151b5dbcbe3f7486af8f97200fffde91f8e62d0a58c1038
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f4e67ac3704fc0298b074b4aa93d6b2336d71e7df235f15f4085d481fc2955b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cdn.shopify.com/s/files/1/0368/5262/9640/t/1/assets/theme.scss.css?v=6105164400450727287
Origin
https://covid-19rapidtest.org

Response headers

x-amz-version-id
.7RLbOhaBP8LcgozxfSIFhshSjyeEngP
via
1.1 varnish
etag
"ce7cb287145da71e3ba04d0d7b0357e9"
age
64300
x-cache
HIT
status
200
content-length
17308
x-amz-id-2
8DatcKLieaYSBk8roRHpFXZBMSIlPWx3yr3TnwFqgTeHhqbtILD8CYrxv3SUZ7P6SkSFfYTNiTU=
x-served-by
cache-hhn4065-HHN
last-modified
Wed, 02 May 2018 18:21:26 GMT
server
AmazonS3
x-timer
S1588182289.303767,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
x-amz-request-id
54542F47E2FBE2D2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
content-type
application/octet-stream
x-cache-hits
4729
shopify-boomerang-1.0.0.min.js
cdn.shopify.com/shopifycloud/boomerang/ 		99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: covid-19rapidtest.org
URL: https://covid-19rapidtest.org/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19157-FRA /
Resource Hash
ebf754dcf881c01dc1614e144c4e8a38000f809dad75a3b92004c1a50db3c070
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-url
/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsBackend,segment2-96,segment4-24675,revision-426904124fe6b96d3e6bfe2e9e9fbd414a4609c9,cdn-shopify-com-shopifycloud-boomerang-shopify-boomerang-1-0-0-min-js
status
200
x-cache
HIT, HIT
content-length
30882
x-xss-protection
1; mode=block
x-request-id
882184339fc4cda2549c3c25be7d51ee3a719937562fbf0f83b88b3c0bc6f750
x-served-by
cache-lga21968-LGA, cache-fra19157-FRA
last-modified
Wed, 22 Apr 2020 19:19:06 GMT
server
cache-fra19157-FRA
x-timer
S1588182289.456904,VS0,VE0
date
Wed, 29 Apr 2020 17:44:49 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 22 Apr 2021 19:20:54 GMT
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits
2, 255065
produce
monorail-edge.shopifysvc.com/v1/ 		0
471 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.04.13.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.196.190.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.190.196.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 29 Apr 2020 17:44:49 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://covid-19rapidtest.org
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
f83530e5-5826-485c-a712-9a29d027774c
produce
monorail-edge.shopifysvc.com/v1/ 		0
472 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.04.13.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.196.190.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.190.196.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 29 Apr 2020 17:44:49 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://covid-19rapidtest.org
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
9ff4c267-c5ab-4a16-a1f2-fe4e234ed187
produce
monorail-edge.shopifysvc.com/v1/ 		0
471 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.196.190.76 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.190.196.104.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://covid-19rapidtest.org/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 29 Apr 2020 17:44:49 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://covid-19rapidtest.org
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
205dba4e-3787-48c4-b0e5-40faf32dbceb

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| Shopify object| __st boolean| ShopifyPaypalV4VisibilityTracking object| meta string| attr object| ShopifyAnalytics object| trekkie object| theme object| _visit object| BOOMR object| enquire function| $ function| jQuery function| _ function| mobileCheck object| Modernizr object| bodyScrollLock object| selectors function| onYouTubeIframeAPIReady object| slate object| $slideshow function| gm_authFailure function| Modals number| BOOMR_onload object| $RecoverHeading object| $RecoverEmail object| $LoginHeading

14 Cookies

Domain/Path Name / Value
.covid-19rapidtest.org/ Name: _shopify_sa_p
Value:
.covid-19rapidtest.org/ Name: _shopify_sa_t
Value: 2020-04-29T17%3A44%3A49.429Z
.covid-19rapidtest.org/ Name: _shopify_fs
Value: 2020-04-29T17%3A44%3A49.417Z
.covid-19rapidtest.org/ Name: _shopify_s
Value: c70a906c-804C-48DA-0DBC-3448B1CC2269
covid-19rapidtest.org/ Name: _orig_referrer
Value:
.covid-19rapidtest.org/ Name: _s
Value: c70a906c-804C-48DA-0DBC-3448B1CC2269
covid-19rapidtest.org/ Name: secure_customer_sig
Value:
covid-19rapidtest.org/ Name: _shopify_y
Value: 07058421-604d-405b-a49b-cba61d69d5e7
covid-19rapidtest.org/ Name: _y
Value: 07058421-604d-405b-a49b-cba61d69d5e7
covid-19rapidtest.org/ Name: cart_currency
Value: USD
covid-19rapidtest.org/ Name: cart_sig
Value:
covid-19rapidtest.org/ Name: _shopify_sa_p
Value:
covid-19rapidtest.org/ Name: _landing_page
Value: %2Fpassword
.covid-19rapidtest.org/ Name: __cfduid
Value: d629f3ffbc54bdd4a3103f39be4ff74cd1588182288

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=5c48477a-df66-43b7-8e3b-40e3fffc7aad