urlscan.io logo urlscan.io
SecurityTrails logo

auth.shipbob.com Open in urlscan Pro
2606:4700::6812:fd1e  Public Scan

Go To Rescan Add Verdict Report
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4...
Submission: On September 28 via manual from HK — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 15 HTTP transactions. The main IP is 2606:4700::6812:fd1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is auth.shipbob.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 10th 2023. Valid for: a year.
This is the only time auth.shipbob.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a02:26f0:480... 20940 (AKAMAI-ASN1)
1 2606:2800:133... 15133 (EDGECAST)
1 2a02:26f0:2c:... 20940 (AKAMAI-ASN1)
1 13.69.106.212 8075 (MICROSOFT...)
15 6
9    2606:4700::6812:fd1e (United States)

ASN13335 (CLOUDFLARENET, US)
auth.shipbob.com
3    2a02:26f0:480:f::213:7ee1 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
use.typekit.net
1    2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)
shipbobcdn.azureedge.net
1    2a02:26f0:2c::216:f26a (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
p.typekit.net
1    13.69.106.212 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dc.services.visualstudio.com
Apex Domain
Subdomains		 Transfer
9 shipbob.com
auth.shipbob.com
136 KB
4 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1059
p.typekit.net — Cisco Umbrella Rank: 1428
68 KB
1 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 1169
326 B
1 azureedge.net
shipbobcdn.azureedge.net
6 KB
0 azure.com Failed
js.monitor.azure.com Failed
15 5
Domain Requested by
9 auth.shipbob.com 1 redirects auth.shipbob.com
3 use.typekit.net auth.shipbob.com
use.typekit.net
1 dc.services.visualstudio.com auth.shipbob.com
1 p.typekit.net use.typekit.net
1 shipbobcdn.azureedge.net auth.shipbob.com
0 js.monitor.azure.com Failed auth.shipbob.com
15 6

This site contains no links.

Subject Issuer Validity Valid
shipbob.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-21 -
2024-10-21		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2023-05-05 -
2024-04-28		 a year crt.sh
in.applicationinsights.azure.com
Microsoft Azure RSA TLS Issuing CA 07		 2023-09-02 -
2024-08-27		 a year crt.sh

This page contains 2 frames:

Primary Page: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Frame ID: 2853CEE490B644797CB2331D70FFDF4B
Requests: 13 HTTP requests in this frame

Frame: https://auth.shipbob.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Frame ID: 5EA3DCA063232FB9A70F81D6652F785E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ShipBob Auth

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

87 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

211 kB
Transfer

568 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://auth.shipbob.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://auth.shipbob.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
auth.shipbob.com/Account/ 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
b40a225b4178ac35be469e798b3ba7514d9224b5a1edc82d71698443c7688211
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
80dd728b48f71e4b-FRA
content-encoding
br
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
content-type
text/html; charset=utf-8
date
Thu, 28 Sep 2023 16:43:48 GMT
pragma
no-cache
referrer-policy
no-referrer
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
bootstrap.css
auth.shipbob.com/lib/bootstrap/css/ 		120 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/lib/bootstrap/css/bootstrap.css
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
319a4427525f66191af8fa53de6207f95e4d8a807742dd35c79c05f119a60ee0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:48 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
REVALIDATED
content-encoding
br
cf-polished
origSize=154241
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
referrer-policy
no-referrer
cf-bgj
minify
last-modified
Mon, 25 Sep 2023 06:13:44 GMT
server
cloudflare
etag
W/"1d9ef776fcf4681"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
cf-ray
80dd728cab511e4b-FRA
expires
Thu, 28 Sep 2023 20:43:48 GMT
site.css
auth.shipbob.com/css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/css/site.css?v=LYzVKOBrR1s4wZJTbCALb4k6ETML7KZx2yzOWNRswjA
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
486cffeca2069baab4286d9c1c6c0f707189db117f047407a60fda131072c847
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:48 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
REVALIDATED
content-encoding
br
cf-polished
status=cannot_optimize
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
referrer-policy
no-referrer
cf-bgj
minify
last-modified
Mon, 25 Sep 2023 06:13:44 GMT
server
cloudflare
etag
W/"1d9ef776fcd217e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=14400
cf-ray
80dd728cbb521e4b-FRA
expires
Thu, 28 Sep 2023 20:43:48 GMT
mge6yfx.css
use.typekit.net/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/mge6yfx.css
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ee1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
56cc83c3d5b7e42118f6e48ef2a69986a4127bc8a4e3edbdeb789050f564a9b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Thu, 28 Sep 2023 16:43:49 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1068
icon-shipbob-white.png
auth.shipbob.com/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.shipbob.com/icon-shipbob-white.png
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
5e9b1af164936e76a89aa35b1d52954ec91c92bc1d120fd53c11446efbbac16e
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
REVALIDATED
cf-polished
origFmt=png, origSize=47426
x-powered-by
ASP.NET
content-disposition
inline; filename="icon-shipbob-white.webp"
content-length
14276
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
referrer-policy
no-referrer
cf-bgj
imgq:85,h2pri
last-modified
Mon, 25 Sep 2023 06:13:44 GMT
server
cloudflare
etag
"1d9ef776fcda542"
vary
Accept
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
80dd7290c9961e4b-FRA
expires
Thu, 28 Sep 2023 20:43:49 GMT
logo.svg
shipbobcdn.azureedge.net/auth/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://shipbobcdn.azureedge.net/auth/logo.svg
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C98) /
Resource Hash
9e3b09cb77d236d56eae347234e950a4870194d7a508d7ef863bd6c47964d42e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Thu, 28 Sep 2023 16:43:49 GMT
last-modified
Fri, 27 May 2022 20:38:16 GMT
server
ECAcc (frc/4C98)
content-md5
19FpvOWXjEnvvTe4eBWdgw==
age
201914
etag
0x8DA4020D3FC4132
x-cache
HIT
content-type
image/svg+xml
x-ms-request-id
a99aa8dd-801e-001d-6554-f0a37b000000
x-ms-version
2009-09-19
accept-ranges
bytes
content-length
6192
jquery.js
auth.shipbob.com/lib/jquery/ 		251 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/lib/jquery/jquery.js
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
0a7f216533d52b6c9a1d969b3cd64b4534c351aa0bbcaf3f3a4ca368369ad1a3
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
cf-cache-status
REVALIDATED
content-encoding
br
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
referrer-policy
no-referrer
last-modified
Mon, 25 Sep 2023 06:13:44 GMT
server
cloudflare
etag
W/"1d9ef776fcef727"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
80dd728e1d7d1e4b-FRA
expires
Thu, 28 Sep 2023 20:43:48 GMT
bootstrap.js
auth.shipbob.com/lib/bootstrap/js/ 		70 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/lib/bootstrap/js/bootstrap.js
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
8c34c37291ee6d38191ac0a84ef1aedde856af334a96245759d0482912edb067
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
cf-cache-status
REVALIDATED
content-encoding
br
x-powered-by
ASP.NET
x-xss-protection
1; mode=block
request-context
appId=cid-v1:ce2d161e-4f50-469a-8c5d-d12d3c1a5f0f
referrer-policy
no-referrer
last-modified
Mon, 25 Sep 2023 06:13:44 GMT
server
cloudflare
etag
W/"1d9ef776fcc0a55"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=14400
cf-ray
80dd728f9f9c1e4b-FRA
expires
Thu, 28 Sep 2023 20:43:49 GMT
p.css
p.typekit.net/ 		5 B
173 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=mge6yfx&ht=tk&f=139.140.175.176.143.144.147.148.156.157.161.162&a=9102820&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/mge6yfx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f26a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
last-modified
Sun, 10 Sep 2023 12:39:23 GMT
server
nginx
etag
"64fdb8fb-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
ai.2.min.js
js.monitor.azure.com/scripts/b/ 		0
0
l
use.typekit.net/af/705e94/00000000000000003b9b3062/27/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/705e94/00000000000000003b9b3062/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/mge6yfx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ee1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
31685af3bbf1ff809935f70512ea48729eac2add3a47f604db26c43f2a253541

Request headers

Referer
https://use.typekit.net/mge6yfx.css
Origin
https://auth.shipbob.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
server
nginx
etag
"79fea02668402fc378c129193093131a2db2577c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
33576
l
use.typekit.net/af/949f99/00000000000000003b9b3068/27/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/mge6yfx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ee1 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
60fe579c50202903eec3a1898b8eafc6df528307b7e40052c0f800e718a7129f

Request headers

Referer
https://use.typekit.net/mge6yfx.css
Origin
https://auth.shipbob.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
server
nginx
etag
"b5fef031a96fc670f9c3b1b64dd52243a29d7531"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
34336
track
dc.services.visualstudio.com/v2/ 		49 B
326 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.69.106.212 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2f06451e2da9bcec5593f0e5f8be5aaf93a584def5560838666f6ddcc0f90a19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-ms-session-id
A563670F-696E-44B7-9999-849ECEFA5A83
strict-transport-security
max-age=31536000
date
Thu, 28 Sep 2023 16:43:49 GMT
x-content-type-options
nosniff
access-control-max-age
3600
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Cache-Control, Sdk-Context
content-length
49
main.js
auth.shipbob.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/ Frame 5EA3
Redirect Chain
  • https://auth.shipbob.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://auth.shipbob.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post
Protocol
H2
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34b71fb0b44f236a4e561db1ae7de9f9471ee472f5f0c0b03764155370cd6189
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
content-encoding
br
x-content-type-options
nosniff
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
80dd7293ae061e4b-FRA

Redirect headers

access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
date
Thu, 28 Sep 2023 16:43:49 GMT
cache-control
max-age=300, public
server
cloudflare
cf-ray
80dd72938dd11e4b-FRA
vary
accept-encoding
80dd728b48f71e4b
auth.shipbob.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 5EA3 		0
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://auth.shipbob.com/cdn-cgi/challenge-platform/h/g/jsd/r/80dd728b48f71e4b
Requested by
Host: auth.shipbob.com
URL: https://auth.shipbob.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:fd1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 28 Sep 2023 16:43:49 GMT
content-encoding
br
server
cloudflare
cf-ray
80dd7294afba1e4b-FRA
content-type
text/plain; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
js.monitor.azure.com
URL
https://js.monitor.azure.com/scripts/b/ai.2.min.js

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| appInsights function| $ function| jQuery function| onSubmit

2 Cookies

Domain/Path Name / Value
auth.shipbob.com/ Name: .AspNetCore.Antiforgery.9fXoN5jHCXs
Value: CfDJ8COj6n41-LtDleMmSXgdJisRRPVIZLgeLxjB0T4GSr9LJLaYD5Hf8zff_zY2YYPAn8P9KvVy6bu7y9DDaYgDlvnUAba-iXzlbKAsGpLUrGCu3xzywK8PabixeVlrzICKIs8g2yIEUf4tChkvmJHvzeo
.shipbob.com/ Name: cf_clearance
Value: 5zwHK1esqNncjz5e3vsrH._35ziSwXaYzBprSbZC_jA-1695919429-0-1-8c3b08fa.2e8438b6.db3a571a-0.2.1695919429

1 Console Messages

Source Level URL
Text
security error URL: https://auth.shipbob.com/Account/Login?ReturnUrl=%2Fconnect%2Fintegrate%3Fclient_id%3DExternalApplication_e62d6d7a-bac8-4422-a9ef-adabc16982aa%26scope%3Dreturns_read%2Breturns_write%2Borders_read%2Bchannels_read%2Bproducts_read%2Breceiving_read%2Blocations_read%2Binventory_read%2Boffline_access%26redirect_uri%3Dhttps%3A%252F%252Fnucleus.loopreturns.com%252Fauth%252Fshipbob%26integration_name%3DLoop%2BReturns%26state%3D8210%26response_mode%3Dform_post(Line 14)
Message:
Refused to load the script 'https://js.monitor.azure.com/scripts/b/ai.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://az416426.vo.msecnd.net/ https://use.typekit.net/
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block