urlscan.io logo urlscan.io
SecurityTrails logo

go.shieldx.com Open in urlscan Pro
52.21.178.134  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure-web.cisco.com/1SXVlimiNsHbmKv9_0P1pD0KXXmbB5wXEmCzd3v9Zb7LHEKmp3qj8uP2oFuvxtawrIg3iMpyf33nNNG5Z6RAfxFJdRuOdqWr...
Effective URL: https://go.shieldx.com/RSAAirpods1
Submission: On February 21 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 23 HTTP transactions. The main IP is 52.21.178.134, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is go.shieldx.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 2nd 2020. Valid for: 3 months.
This is the only time go.shieldx.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2620:101:2005... 16417 (IRONPORT-...)
1 7 52.21.178.134 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
9 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 5 2.21.36.181 20940 (AKAMAI-ASN1)
1 3 34.253.11.118 16509 (AMAZON-02)
23 6
1    2620:101:2005:11f0::1001 (United States)

ASN16417 (IRONPORT-SYSTEMS-INC, US)
secure-web.cisco.com
7    52.21.178.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-2-ue1.aws.pardot.com
go.shieldx.com
go.pardot.com
pi.pardot.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    2606:4700:3033::681b:8f9f (United States)

ASN13335 (CLOUDFLARENET, US)
www.shieldx.com
1    2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    2.21.36.181 (France)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-21-36-181.deploy.static.akamaitechnologies.com
s.adroll.com
3    34.253.11.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
d.adroll.com
Domain Requested by
9 www.shieldx.com go.shieldx.com
5 s.adroll.com 1 redirects go.shieldx.com
s.adroll.com
3 go.shieldx.com 1 redirects pi.pardot.com
2 d.adroll.com
2 pi.pardot.com go.shieldx.com
pi.pardot.com
2 go.pardot.com go.shieldx.com
1 d.adroll.mgr.consensu.org 1 redirects
1 fonts.gstatic.com go.shieldx.com
1 fonts.googleapis.com go.shieldx.com
1 secure-web.cisco.com 1 redirects
23 10

This site contains links to these domains. Also see Links.

Domain
www.shieldx.com
Subject Issuer Validity Valid
go.shieldx.com
Let's Encrypt Authority X3		 2020-01-02 -
2020-04-01		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-31 -
2020-10-09		 8 months crt.sh
*.pardot.com
DigiCert SHA2 Secure Server CA		 2020-01-17 -
2021-01-17		 a year crt.sh
*.google.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2020-01-29 -
2021-04-29		 a year crt.sh
adroll.mgr.consensu.org
Amazon		 2019-11-06 -
2020-12-06		 a year crt.sh

This page contains 1 frames:

Primary Page: https://go.shieldx.com/RSAAirpods1
Frame ID: E8263A4B79EC59A9D504E63DCD0A8BBC
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://secure-web.cisco.com/1SXVlimiNsHbmKv9_0P1pD0KXXmbB5wXEmCzd3v9Zb7LHEKmp3qj8uP2oFuvxtawrIg3iMpyf33n... HTTP 302
    https://go.shieldx.com/e/497751/RSAAirpods1/6wn4hf/1491361744?h=gefTqDhVfsprT-By3OBDFy9xQEF9Kr3ey1l... HTTP 301
    https://go.shieldx.com/RSAAirpods1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

23
Requests

100 %
HTTPS

57 %
IPv6

7
Domains

10
Subdomains

6
IPs

4
Countries

281 kB
Transfer

700 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure-web.cisco.com/1SXVlimiNsHbmKv9_0P1pD0KXXmbB5wXEmCzd3v9Zb7LHEKmp3qj8uP2oFuvxtawrIg3iMpyf33nNNG5Z6RAfxFJdRuOdqWr6wQwh4G6oSIvPc4fIwTNwdmZ5W0voGQ9mMxp8hTU_chdeeAx0GCA69AfD1Pi2jf0LggndjNiBEabHkjDFxCyFxdMu5avTnC8tLFOuHQjTy_8hdq81yOys7FE9wjLkYS_wLFXldy20xm1zxlIXiy6bvKNh879Yv9X3WzEJd0FpQCHmgco7fVADDoR0mbZAMynS_reSE-fBx8aTr0uKsYh5mEowXSDRWx7BpTdLSmnA9r9pHTm6BlYcMOj2dJ6smxBvxzdzOPPl-rCAjlnmDrnEbJhLCxcAUy3-C5ARaSXPM-0izdN6P8fF0D9utdddnD5gs2spqkg_SvpDnUPGnrzLGkNLrX1jyBwEdvyqBFdC_nl2nWBDZMhk9h2hvfsCQsYFKVB1PYpbpk7Nr0bOoDAhRN1NTk3j-NxWXzqeFgxZ-1j-bHQ5gxGCJA/https%3A%2F%2Fgo.shieldx.com%2Fe%2F497751%2FRSAAirpods1%2F6wn4hf%2F1491361744%3Fh%3DgefTqDhVfsprT-By3OBDFy9xQEF9Kr3ey1l5sJgQDNI HTTP 302
    https://go.shieldx.com/e/497751/RSAAirpods1/6wn4hf/1491361744?h=gefTqDhVfsprT-By3OBDFy9xQEF9Kr3ey1l5sJgQDNI HTTP 301
    https://go.shieldx.com/RSAAirpods1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://s.adroll.com/j/exp/3FZTIN6TMBC4VNAXC7YCYW/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 17
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/3FZTIN6TMBC4VNAXC7YCYW?_s=db9cee945b69b6a711daf16a17436d3f&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/3FZTIN6TMBC4VNAXC7YCYW/?_s=db9cee945b69b6a711daf16a17436d3f&_b=2

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set RSAAirpods1
go.shieldx.com/
Redirect Chain
  • https://secure-web.cisco.com/1SXVlimiNsHbmKv9_0P1pD0KXXmbB5wXEmCzd3v9Zb7LHEKmp3qj8uP2oFuvxtawrIg3iMpyf33nNNG5Z6RAfxFJdRuOdqWr6wQwh4G6oSIvPc4fIwTNwdmZ5W0voGQ9mMxp8hTU_chdeeAx0GCA69AfD1Pi2jf0LggndjNi...
  • https://go.shieldx.com/e/497751/RSAAirpods1/6wn4hf/1491361744?h=gefTqDhVfsprT-By3OBDFy9xQEF9Kr3ey1l5sJgQDNI
  • https://go.shieldx.com/RSAAirpods1
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://go.shieldx.com/RSAAirpods1
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
1fc46c4fec02a14d98cf38903576c798e646ad818c0b3bea6013c455a68ac434

Request headers

Host
go.shieldx.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
pardot=467vd0cscn6rg47rb8uq7jfuab; visitor_id497751=404475626; visitor_id497751-hash=7428424dfeeb92fea261b9e33d78382873722e11be1da7eee81ad7a367d4a4703783cbcc886d683e89a894e820c2d95e563d996b
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Date
Fri, 21 Feb 2020 04:32:33 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
flash_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com flash_success_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com flash_error=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com flash_warning=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com flash_created_object_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com flash_access_message=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=shieldx.com visitor_id497751=404475626; expires=Sun, 11-Apr-2021 03:32:34 GMT; Max-Age=35852400; path=/; SameSite=None; secure visitor_id497751-hash=7428424dfeeb92fea261b9e33d78382873722e11be1da7eee81ad7a367d4a4703783cbcc886d683e89a894e820c2d95e563d996b; expires=Sun, 11-Apr-2021 03:32:34 GMT; Max-Age=35852400; path=/; SameSite=None; secure
Status
404 Not Found
X-Pardot-Rsp
17/4/49
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
3282
Content-Type
text/html; charset=utf-8
X-Pardot-Route
32427ff3465437d362f61c790f7d2406
Server
PardotServer
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Connection
keep-alive

Redirect headers

Date
Fri, 21 Feb 2020 04:32:33 GMT
Set-Cookie
pardot=467vd0cscn6rg47rb8uq7jfuab; path=/ visitor_id497751=404475626; expires=Sun, 11-Apr-2021 03:32:33 GMT; Max-Age=35852400; path=/; SameSite=None; secure visitor_id497751-hash=7428424dfeeb92fea261b9e33d78382873722e11be1da7eee81ad7a367d4a4703783cbcc886d683e89a894e820c2d95e563d996b; expires=Sun, 11-Apr-2021 03:32:33 GMT; Max-Age=35852400; path=/; SameSite=None; secure
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
https://go.shieldx.com/RSAAirpods1
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Content-Length
112
Content-Type
text/html; charset=UTF-8
X-Pardot-Route
32427ff3465437d362f61c790f7d2406
Server
PardotServer
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Connection
keep-alive
css
fonts.googleapis.com/ 		5 KB
650 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Muli:300,400,400i,600,700
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f48bb590a5908665f8b4d62ab1b8758c2f1864a54965bdbc717a5d560e22215d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 21 Feb 2020 04:32:34 GMT
server
ESF
date
Fri, 21 Feb 2020 04:32:34 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Feb 2020 04:32:34 GMT
app.css
www.shieldx.com/black-hat-a/app/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.shieldx.com/black-hat-a/app/css/app.css
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5112faf99a6e5b58c1ed09c94d96dd39fb319a54ea9c16a727231c4b642e678a

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-encoding
br
x-served-by
cache-mdw17342-MDW, cache-fra19165-FRA
last-modified
Mon, 10 Feb 2020 12:55:42 GMT
server
cloudflare
x-timer
S1582259555.523241,VS0,VE1
etag
W/"5e4152ce-25c4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
cfedf822-4c35-11ea-9e30-86e319e7906e
expires
Wed, 10 Feb 2021 18:47:39 GMT
cache-control
max-age=31622400
cf-ray
5685ff47abf216e6-FRA
x-pantheon-styx-hostname
styx-fe3-a-6578c47759-ndwpf
form.css
go.pardot.com/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://go.pardot.com/css/form.css?ver=20121030
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
f84c2857c6c5a8b271fbb0cb563bbcdf6d82e422fb257a70f826f8f0bdf97a66

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 21 Feb 2020 04:32:34 GMT
Content-Encoding
gzip
X-Pardot-Route
32427ff3465437d362f61c790f7d2406
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified
Wed, 12 Sep 2018 16:34:28 GMT
Server
PardotServer
ETag
"27eb-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=63072000
Accept-Ranges
bytes
Content-Length
2426
Expires
Sun, 20 Feb 2022 04:32:34 GMT
piUtils.js
go.pardot.com/js/ 		147 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://go.pardot.com/js/piUtils.js?ver=202001021110
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
c3bb91b85908bc1c258a0f9f442e05abf91dd5e46e572ccc9c22d8bb1809f7c5

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 04:32:34 GMT
Content-Encoding
gzip
X-Pardot-Route
32427ff3465437d362f61c790f7d2406
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified
Fri, 10 Jan 2020 18:53:50 GMT
Server
PardotServer
ETag
"24cdc-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=63072000
Accept-Ranges
bytes
Content-Length
49896
Expires
Sun, 20 Feb 2022 04:32:34 GMT
start-here.svg
www.shieldx.com/black-hat-a/app/images/ 		6 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/start-here.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fdec83b7ef5969acf6dd3de5e0af612e33f88ef934dde6279cabb7766909e5

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
HIT
age
53985
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-encoding
br
x-served-by
cache-mdw17370-MDW, cache-fra19141-FRA
last-modified
Mon, 10 Feb 2020 12:55:42 GMT
server
cloudflare
x-timer
S1582205569.033317,VS0,VE1
etag
W/"5e4152ce-1711"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Wed, 10 Feb 2021 18:47:39 GMT
cache-control
max-age=31622400
cf-ray
5685ff47abf416e6-FRA
x-styx-req-id
cfed5bb2-4c35-11ea-a1e5-f2cc0323dd98
x-pantheon-styx-hostname
styx-fe3-b-c8f8fbbbb-jp5mj
logo.svg
www.shieldx.com/black-hat-a/app/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/logo.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1f272d29123a980a851d4751d74f580376f86eeefc89aef9d9918a719cc9256

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, MISS
status
200
x-cache-hits
1, 0
content-encoding
br
x-served-by
cache-mdw17358-MDW, cache-fra19171-FRA
last-modified
Tue, 04 Feb 2020 04:13:22 GMT
server
cloudflare
x-timer
S1582259555.526434,VS0,VE104
etag
W/"5e38ef62-97a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Thu, 04 Feb 2021 10:13:57 GMT
cache-control
max-age=31622400
cf-ray
5685ff47abf516e6-FRA
x-styx-req-id
0e6de90e-4737-11ea-927c-eec98c31dec4
x-pantheon-styx-hostname
styx-fe3-b-c8f8fbbbb-cqbw6
banner.png
www.shieldx.com/black-hat-a/app/images/ 		106 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/banner.png
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
baad7f7a2917d446975ea455eaad3ee59562554af2e9e4b2832ab37bd8b3a7c2

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-length
108366
x-served-by
cache-mdw17356-MDW, cache-fra19145-FRA
last-modified
Tue, 11 Feb 2020 16:08:26 GMT
server
cloudflare
x-timer
S1582259555.576713,VS0,VE2
etag
"5e42d17a-1a74e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
x-styx-req-id
534c56f0-4d0d-11ea-a1e5-f2cc0323dd98
expires
Thu, 11 Feb 2021 20:30:21 GMT
cache-control
max-age=31622400
accept-ranges
bytes
cf-ray
5685ff47fc6d16e6-FRA
x-pantheon-styx-hostname
styx-fe3-b-c8f8fbbbb-jp5mj
maximize.svg
www.shieldx.com/black-hat-a/app/images/ 		2 KB
764 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/maximize.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a43adec6ae32df5c811ce4782b2a4712f48149ae535a1ff8b2a2d8462896468

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
HIT
age
53985
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-encoding
br
x-served-by
cache-mdw17367-MDW, cache-fra19122-FRA
last-modified
Tue, 21 Jan 2020 16:16:46 GMT
server
cloudflare
x-timer
S1582205569.031892,VS0,VE1
etag
W/"5e2723ee-61f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Thu, 21 Jan 2021 19:15:00 GMT
cache-control
max-age=31622400
cf-ray
5685ff482cb716e6-FRA
x-styx-req-id
51ed6754-3c82-11ea-9e30-86e319e7906e
x-pantheon-styx-hostname
styx-fe3-a-6578c47759-ndwpf
drive.svg
www.shieldx.com/black-hat-a/app/images/ 		1 KB
674 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/drive.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160630d5958f08030e8f86cdd0cc04e306555b1949199b0d058e7baceb15e3d3

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
HIT
age
53985
x-cache
HIT, HIT
status
200
x-cache-hits
2, 1
content-encoding
br
x-served-by
cache-mdw17322-MDW, cache-fra19140-FRA
last-modified
Fri, 07 Feb 2020 02:06:34 GMT
server
cloudflare
x-timer
S1582205569.030498,VS0,VE1
etag
W/"5e3cc62a-423"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Sun, 07 Feb 2021 06:23:46 GMT
cache-control
max-age=31622400
cf-ray
5685ff483cd016e6-FRA
x-styx-req-id
655e508b-4972-11ea-8c5d-1e2bd2440c8e
x-pantheon-styx-hostname
styx-fe3-a-6578c47759-nn97k
granular.svg
www.shieldx.com/black-hat-a/app/images/ 		2 KB
826 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/granular.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d791771484100e22ed1993fd2b7b79453788e98cb9b7c8284c3a99199b681bf

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-encoding
br
x-served-by
cache-mdw17323-MDW, cache-fra19162-FRA
last-modified
Mon, 06 Jan 2020 17:55:44 GMT
server
cloudflare
x-timer
S1582259555.640566,VS0,VE1
etag
W/"5e1374a0-9d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Wed, 06 Jan 2021 23:52:55 GMT
cache-control
max-age=31622400
cf-ray
5685ff486d0e16e6-FRA
x-styx-req-id
a8982fd2-30df-11ea-9d2e-7e85201e91c1
x-pantheon-styx-hostname
styx-fe3-a-6578c47759-5gfgb
accelerate.svg
www.shieldx.com/black-hat-a/app/images/ 		1 KB
744 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.shieldx.com/black-hat-a/app/images/accelerate.svg
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a98b47d3b9eac5b18f7b7bc730429f03f7f002f5166e4b2eb9b61c15fe3d3e9f

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, MISS
status
200
x-cache-hits
1, 0
content-encoding
br
x-served-by
cache-mdw17374-MDW, cache-fra19123-FRA
last-modified
Tue, 04 Feb 2020 04:13:22 GMT
server
cloudflare
x-timer
S1582259555.676270,VS0,VE104
etag
W/"5e38ef62-562"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Thu, 04 Feb 2021 17:37:04 GMT
cache-control
max-age=31622400
cf-ray
5685ff48ad4d16e6-FRA
x-styx-req-id
f56bdbd6-4774-11ea-a1e5-f2cc0323dd98
x-pantheon-styx-hostname
styx-fe3-b-c8f8fbbbb-jp5mj
main.bundle.js
www.shieldx.com/black-hat-a/app/js/ 		91 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.shieldx.com/black-hat-a/app/js/main.bundle.js
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:8f9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc2b7fea4d5dd0cb3ca0d8144371ba2891be648a6db20cda82c812bd286efaad

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 04:32:34 GMT
via
1.1 varnish
cf-cache-status
MISS
x-cache
HIT, HIT
status
200
x-cache-hits
1, 1
content-encoding
br
x-served-by
cache-mdw17358-MDW, cache-fra19157-FRA
last-modified
Wed, 12 Feb 2020 18:59:17 GMT
server
cloudflare
x-timer
S1582259555.535772,VS0,VE2
etag
W/"5e444b05-16b73"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
fd06bcec-4dd5-11ea-a1e5-f2cc0323dd98
expires
Fri, 12 Feb 2021 20:26:45 GMT
cache-control
max-age=31622400
cf-ray
5685ff47cc2116e6-FRA
x-pantheon-styx-hostname
styx-fe3-b-c8f8fbbbb-jp5mj
7Auwp_0qiz-afTLGLQjUwkQ.woff2
fonts.gstatic.com/s/muli/v20/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/muli/v20/7Auwp_0qiz-afTLGLQjUwkQ.woff2
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/css?family=Muli:300,400,400i,600,700
Origin
https://go.shieldx.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 05 Feb 2020 00:36:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 04 Feb 2020 23:41:33 GMT
server
sffe
age
1396544
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
24884
x-xss-protection
0
expires
Thu, 04 Feb 2021 00:36:51 GMT
pd.js
pi.pardot.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/pd.js
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 04:32:35 GMT
Content-Encoding
gzip
X-Pardot-Route
ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
Last-Modified
Mon, 29 Oct 2018 21:18:11 GMT
Server
PardotServer
ETag
"13e7-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
application/javascript
Cache-Control
max-age=63072000
Accept-Ranges
bytes
Content-Length
1817
Expires
Sun, 20 Feb 2022 04:32:35 GMT
roundtrip.js
s.adroll.com/j/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: go.shieldx.com
URL: https://go.shieldx.com/RSAAirpods1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-181.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
d468e0fa78d4289b15f6fe03d1a22f98203afce6e09d425a0c29441d431eb853

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
Y8FvrmiUrb79ZxwHFnBxKc9Udz4XzaTU
Content-Encoding
gzip
x-amz-request-id
6B33D6C7A9C0DA0A
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 21 Feb 2020 04:32:35 GMT
Connection
keep-alive
Content-Length
10739
x-amz-id-2
iqv6JPL9Z9R+29UIVEPsLMXFMum/FOBDEmcQEPBy+d9Ha4AaYTCI6L14mCK9xyiSlL4FZosRkqw=
Last-Modified
Wed, 19 Feb 2020 22:07:29 GMT
Server
AmazonS3
ETag
"c91ce4add98fc2605b9dfa3090440619"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/3FZTIN6TMBC4VNAXC7YCYW/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-181.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
Y8nS1mIzhBe8JEQvENARcyn9JPX.scLz
Content-Encoding
gzip
x-amz-request-id
E1C9941DB941DD1E
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 21 Feb 2020 04:32:35 GMT
Connection
keep-alive
Content-Length
48
x-amz-id-2
lqt/Q3YwSp0JZGFSkK+nCWTAycdLPcPppTHD0vKT62G9CJJy1uY9PFVXzze6e8zRgmHtjNxi+Co=
Last-Modified
Thu, 06 Feb 2020 23:04:12 GMT
Server
AmazonS3
ETag
"5816cced8568d223aa09d889f300692b"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Fri, 21 Feb 2020 04:32:35 GMT
Server
AkamaiGHost
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/3FZTIN6TMBC4VNAXC7YCYW/RFY5V5I37ZH77JLVUTABNR/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/3FZTIN6TMBC4VNAXC7YCYW/RFY5V5I37ZH77JLVUTABNR/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-181.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
kSra4IB6sg95Cq848kFTkprszrUt33E7
Content-Encoding
gzip
x-amz-request-id
26F5132B588E305F
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 21 Feb 2020 04:32:35 GMT
Connection
keep-alive
Content-Length
635
x-amz-id-2
SAg2efob9nMQ87wlpt5D/X51ZfrAenqqCqXCfHMVodoL76UJgaADQkze6qYarRcirWJJNnTzVxE=
Last-Modified
Fri, 21 Feb 2020 00:42:59 GMT
Server
AmazonS3
ETag
"3996d65282dd996ee0d7d4c90c139158"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/3FZTIN6TMBC4VNAXC7YCYW/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/3FZTIN6TMBC4VNAXC7YCYW?_s=db9cee945b69b6a711daf16a17436d3f&_b=2
  • https://d.adroll.com/consent/check/3FZTIN6TMBC4VNAXC7YCYW/?_s=db9cee945b69b6a711daf16a17436d3f&_b=2
106 B
198 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/3FZTIN6TMBC4VNAXC7YCYW/?_s=db9cee945b69b6a711daf16a17436d3f&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
4b953b3749ad49b9718da49ab6330f9df0f2ac41d39a268e2f918fc650e11c29

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 21 Feb 2020 04:32:35 GMT
server
nginx/1.16.1
content-length
106
content-type
application/javascript

Redirect headers

status
302
date
Fri, 21 Feb 2020 04:32:35 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/3FZTIN6TMBC4VNAXC7YCYW/?_s=db9cee945b69b6a711daf16a17436d3f&_b=2
consent.js
s.adroll.com/j/ 		243 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/consent.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.21.36.181 , France, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-21-36-181.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
W7pJTDq0578OcjyRZxtRH_BjDuWCGgRc
Content-Encoding
gzip
x-amz-request-id
BFDDD219E02D63AA
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 21 Feb 2020 04:32:35 GMT
Connection
keep-alive
Content-Length
33195
x-amz-id-2
0vEYWSNr8BIWIFx+Vt855bKM9PGQi1O3TTl+RSbaQgK2eZJeo3lhhvwHGpfanAseKG0Oz2obOWc=
Last-Modified
Tue, 19 Nov 2019 20:42:26 GMT
Server
AmazonS3
ETag
"2f9f76c2d377be42af05cdf34c632618"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
analytics
pi.pardot.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pi.pardot.com/analytics?ver=3&visitor_id=404475626&pi_opt_in=&campaign_id=59223&account_id=498751&title=Apple%20AirPods%20from%20ShieldX%20at%20RSA&url=https%3A%2F%2Fgo.shieldx.com%2FRSAAirpods1&referrer=
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
f3ade0f57366b014727850e1bf23312701ea6874620272f430b23fb1a4ff4c9a

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Fri, 21 Feb 2020 04:32:35 GMT
Content-Encoding
gzip
X-Pardot-Route
13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp
16/18/57
Vary
Accept-Encoding,User-Agent
P3p
CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
534
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT
hod
d.adroll.com/consent/ 		42 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/consent/hod?_e=view_banner&_s=db9cee945b69b6a711daf16a17436d3f&_b=2.1&_a=3FZTIN6TMBC4VNAXC7YCYW
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

status
200
date
Fri, 21 Feb 2020 04:32:35 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.16.1
content-length
42
vary
Cookie
content-type
image/gif
analytics
go.shieldx.com/ 		50 B
970 B 		Script
General
Check archive.org
Download Go to
Full URL
https://go.shieldx.com/analytics?conly=true&visitor_id=404475626&pi_opt_in=&campaign_id=59223&account_id=498751&title=Apple%20AirPods%20from%20ShieldX%20at%20RSA&url=https%3A%2F%2Fgo.shieldx.com%2FRSAAirpods1&referrer=&visitor_id_sign=840c6268d2d85f472b38a57b7c6678c80b969d6296479b93c339095b4a3d827afd7fa2fd92dfa362c33805bb53ffff0223a13f4d
Requested by
Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=404475626&pi_opt_in=&campaign_id=59223&account_id=498751&title=Apple%20AirPods%20from%20ShieldX%20at%20RSA&url=https%3A%2F%2Fgo.shieldx.com%2FRSAAirpods1&referrer=
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.178.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
pi0-lba1-2-ue1.aws.pardot.com
Software
PardotServer /
Resource Hash
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer
https://go.shieldx.com/RSAAirpods1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Fri, 21 Feb 2020 04:32:36 GMT
X-Pardot-Route
13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB
7044ba9c794aba658bc1be2f8b8ad85c
X-Pardot-Rsp
16/89/198
Vary
User-Agent
P3p
CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Content-Length
50
Server
PardotServer
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| pardot object| piAjax object| piUtils undefined| $ undefined| jQuery function| DP_jQuery_1582259555028 string| piAId string| piCId string| piHostname object| anchors object| anchor string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country function| checkNamespace function| getPardotUrl function| piTracker function| piGetParameter function| piGetCookie function| piSetCookie number| piScriptNum object| piScriptObj object| pi number| c_start number| c_end string| property object| adroll_exp_list object| $jscomp string| BANNER_VERSION object| __adroll_consent_banner function| __cmp function| piResponse

4 Cookies

Domain/Path Name / Value
go.shieldx.com/ Name: visitor_id497751-hash
Value: 7428424dfeeb92fea261b9e33d78382873722e11be1da7eee81ad7a367d4a4703783cbcc886d683e89a894e820c2d95e563d996b
go.shieldx.com/ Name: visitor_id497751
Value: 404475626
.shieldx.com/ Name: __cfduid
Value: d2c8dc8cc0f1e9e9be4184e52fb21260d1582259554
go.shieldx.com/ Name: pardot
Value: 467vd0cscn6rg47rb8uq7jfuab

1 Console Messages

Source Level URL
Text
console-api log URL: https://www.shieldx.com/black-hat-a/app/js/main.bundle.js(Line 39)
Message:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d.adroll.com
d.adroll.mgr.consensu.org
fonts.googleapis.com
fonts.gstatic.com
go.pardot.com
go.shieldx.com
pi.pardot.com
s.adroll.com
secure-web.cisco.com
www.shieldx.com
2.21.36.181
2606:4700:3033::681b:8f9f
2620:101:2005:11f0::1001
2a00:1450:4001:81c::200a
2a00:1450:4001:81e::2003
34.253.11.118
52.21.178.134
160630d5958f08030e8f86cdd0cc04e306555b1949199b0d058e7baceb15e3d3
1fc46c4fec02a14d98cf38903576c798e646ad818c0b3bea6013c455a68ac434
4a43adec6ae32df5c811ce4782b2a4712f48149ae535a1ff8b2a2d8462896468
4b953b3749ad49b9718da49ab6330f9df0f2ac41d39a268e2f918fc650e11c29
5112faf99a6e5b58c1ed09c94d96dd39fb319a54ea9c16a727231c4b642e678a
8a71c8749cc0bb450f96766d4cab3b2b9c4d5a9b30c3683f3a5863d8d2ed9c9a
8d791771484100e22ed1993fd2b7b79453788e98cb9b7c8284c3a99199b681bf
a1f272d29123a980a851d4751d74f580376f86eeefc89aef9d9918a719cc9256
a98b47d3b9eac5b18f7b7bc730429f03f7f002f5166e4b2eb9b61c15fe3d3e9f
baad7f7a2917d446975ea455eaad3ee59562554af2e9e4b2832ab37bd8b3a7c2
bc2b7fea4d5dd0cb3ca0d8144371ba2891be648a6db20cda82c812bd286efaad
c3bb91b85908bc1c258a0f9f442e05abf91dd5e46e572ccc9c22d8bb1809f7c5
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
d468e0fa78d4289b15f6fe03d1a22f98203afce6e09d425a0c29441d431eb853
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e8fdec83b7ef5969acf6dd3de5e0af612e33f88ef934dde6279cabb7766909e5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3ade0f57366b014727850e1bf23312701ea6874620272f430b23fb1a4ff4c9a
f48bb590a5908665f8b4d62ab1b8758c2f1864a54965bdbc717a5d560e22215d
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d
f84c2857c6c5a8b271fbb0cb563bbcdf6d82e422fb257a70f826f8f0bdf97a66