ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ci.security.us.cas.ms/
Effective URL:
https://ci.security/
Submission: On February 18 via automatic, source certstream-suspicious (February 18th 2020, 7:02:05 am UTC)

Summary HTTP 38 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 15 domains to perform 38 HTTP transactions. The main IP is 207.38.86.153, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is ci.security.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 31st 2020. Valid for: 3 months.

This is the only time ci.security was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	40.81.127.140 40.81.127.140	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
15	207.38.86.153 207.38.86.153	30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
2	13.224.194.54 13.224.194.54	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.225.73.37 13.225.73.37	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:11:... 2a05:f500:11:101::b93f:9001	14413 (LINKEDIN) (LINKEDIN)
1	13.225.73.25 13.225.73.25	16509 (AMAZON-02) (AMAZON-02)
2 2	52.215.1.63 52.215.1.63	16509 (AMAZON-02) (AMAZON-02)
1 2	13.225.73.16 13.225.73.16	16509 (AMAZON-02) (AMAZON-02)
3	35.174.78.146 35.174.78.146	14618 (AMAZON-AES) (AMAZON-AES)
1 4	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
38	12

1 40.81.127.140 (Cardiff, United Kingdom) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

ci.security.us.cas.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 207.38.86.153 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: web594.webfaction.com

ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.194.54 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-54.fra2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-37.fra2.r.cloudfront.net

tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9001 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.73.25 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-25.fra2.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.215.1.63 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-1-63.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.73.16 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-73-16.fra2.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.174.78.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: pi0-lba1-5-ue1.aws.pardot.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cybersecurity.ci.security	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	ci.security ci.security cybersecurity.ci.security	7 MB
4	adroll.com 1 redirects s.adroll.com	13 KB
4	google-analytics.com www.google-analytics.com	18 KB
3	company-target.com 1 redirects api.company-target.com segments.company-target.com	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
2	pardot.com pi.pardot.com	4 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	driftt.com js.driftt.com	45 KB
1	demandbase.com tag.demandbase.com	15 KB
1	licdn.com snap.licdn.com	2 KB
1	googletagmanager.com www.googletagmanager.com	28 KB
1	cas.ms 1 redirects ci.security.us.cas.ms	251 B
0	consensu.org Failed d.adroll.mgr.consensu.org Failed
0	google.com Failed www.google.com Failed
0	doubleclick.net Failed stats.g.doubleclick.net Failed
38	15

	Domain	Requested by
15	ci.security	ci.security www.google-analytics.com
4	s.adroll.com	1 redirects ci.security s.adroll.com
4	www.google-analytics.com	www.googletagmanager.com ci.security
2	pi.pardot.com	ci.security pi.pardot.com
2	segments.company-target.com	1 redirects ci.security
2	match.prod.bidr.io	2 redirects
2	px.ads.linkedin.com	1 redirects ci.security
2	js.driftt.com	ci.security js.driftt.com
1	cybersecurity.ci.security	pi.pardot.com
1	api.company-target.com	tag.demandbase.com
1	www.linkedin.com	1 redirects
1	tag.demandbase.com	ci.security
1	snap.licdn.com	ci.security
1	www.googletagmanager.com	ci.security
1	ci.security.us.cas.ms	1 redirects
0	d.adroll.mgr.consensu.org Failed	s.adroll.com
0	www.google.com Failed	ci.security
0	stats.g.doubleclick.net Failed	ci.security
38	18

This site contains links to these domains. Also see Links.

Domain
results.ci.security
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
ci.security Let's Encrypt Authority X3	`2020-01-31` - `2020-04-30`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-29` - `2020-04-22`	3 months	crt.sh
drift.com Amazon	`2019-10-03` - `2020-11-03`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.pardot.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-01-17`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
cybersecurity.ci.security Let's Encrypt Authority X3	`2020-01-02` - `2020-04-01`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://ci.security/
Frame ID: E7E219690646091C2D5E2AA2BE22E4B1
Requests: 39 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 9C9ED3B3CCDE3EA7FF4270B4919328EE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://ci.security.us.cas.ms/ HTTP 307
https://ci.security/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

38
Requests

87 %
HTTPS

36 %
IPv6

15
Domains

18
Subdomains

12
IPs

6
Countries

7158 kB
Transfer

7399 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://results.ci.security/case-study/seattle-indian-health-board
Title: Read the case study

Search URL Search Domain Scan URL

URL: http://www.twitter.com/@detectrespond
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cisecurity
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCwXktbtQyr1FzewMFQVz6lA
Title: YouTube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ci.security.us.cas.ms/ HTTP 307
https://ci.security/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1004878197&t=pageview&_s=1&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=976323919&gjid=1196349837&cid=688136019.1582009308&tid=UA-72734021-3&_gid=671878116.1582009308&_r=1&gtm=2ou250&z=1943971934 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=976323919&_gid=671878116.1582009308&gjid=1196349837&_v=j81&z=1943971934

Request Chain 23

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fci.security%252F%26time%3D1582009307990%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990&liSync=true

Request Chain 25

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw&verifyHash=3d577edfa66835702031c2fc30431fb0bfbcd0fa

Request Chain 30

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 35

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1004878197&t=event&ni=1&_s=3&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%201547266&_u=aHBAAUAB~&jid=2103538953&gjid=1026964495&cid=688136019.1582009308&tid=UA-72734021-3&_gid=671878116.1582009308&_r=1&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=1518361115 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=2103538953&_gid=671878116.1582009308&gjid=1026964495&_v=j81&z=1518361115

38 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
ci.security/
Redirect Chain

https://ci.security.us.cas.ms/
https://ci.security/

26 KB
10 KB

503ms
157ms

Document
text/html

207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

3a789a592e281b6cd5c1982e895d1c1e65d7cb314e3fdffd3ad98508f1dcad13

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; font-src 'self' data: .googleusercontent.com; media-src 'self' .thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-60231339223063899651276483544929' .google-analytics.com 'nonce-5483687168' s.ytimg.com .ci.security .bamboohr.com .adroll.com .linkedin.com .licdn.com .demandbase.com static.doubleclick.net .googletagmanager.com .driftt.com googleads.g.doubleclick.net .pardot.com; style-src 'self' 'unsafe-inline' .bamboohr.com .driftt.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz .company-target.com .linkedin.com .adroll.com .casalemedia.com www.google-analytics.com .twitter.com .driftt.com .bidr.io stats.g.doubleclick.net .advertising.com .casalemedia.com .rubiconproject.com .outbrain.com .pubmatic.com .yahoo.com .taboola.com/sg/adroll-network .3lift.com .bidswitch.net .adnxs.com .rlcdn.com .openx.net .bamboohr.com .pardot.com s.ytimg.com; connect-src 'self' .google-analytics.com .ci.security .google.com .bamboohr.com .twitter.com .demandbase.com .company-target.com .driftt.com .youtube.com; frame-src 'self' .youtube.com .driftt.com .ci.security .pardot.com .bamboohr.com .twitter.com .google.com .google-analytics.com; frame-ancestors 'self' .driftt.com .bamboohr.com .youtube.com; form-action 'self' js.driftt.com .ci.security ci.security *.pardot.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Host: ci.security
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Server: nginx
Date: Tue, 18 Feb 2020 07:03:19 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8159
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy: default-src 'none'; base-uri 'self'; font-src 'self' data: *.googleusercontent.com; media-src 'self' *.thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-60231339223063899651276483544929' *.google-analytics.com 'nonce-5483687168' s.ytimg.com *.ci.security *.bamboohr.com *.adroll.com *.linkedin.com *.licdn.com *.demandbase.com static.doubleclick.net *.googletagmanager.com *.driftt.com googleads.g.doubleclick.net *.pardot.com; style-src 'self' 'unsafe-inline' *.bamboohr.com *.driftt.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz *.company-target.com *.linkedin.com *.adroll.com *.casalemedia.com www.google-analytics.com *.twitter.com *.driftt.com *.bidr.io stats.g.doubleclick.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com/sg/adroll-network *.3lift.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.bamboohr.com *.pardot.com s.ytimg.com; connect-src 'self' *.google-analytics.com *.ci.security *.google.com *.bamboohr.com *.twitter.com *.demandbase.com *.company-target.com *.driftt.com *.youtube.com; frame-src 'self' *.youtube.com *.driftt.com *.ci.security *.pardot.com *.bamboohr.com *.twitter.com *.google.com *.google-analytics.com; frame-ancestors 'self' *.driftt.com *.bamboohr.com *.youtube.com; form-action 'self' js.driftt.com *.ci.security ci.security *.pardot.com;
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: max-age=2628000, public
Expires: Thu, 19 Mar 2020 07:03:19 GMT
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin

Redirect headers

Date: Tue, 18 Feb 2020 07:01:47 GMT
Connection: keep-alive
Location: https://ci.security/
Strict-Transport-Security: max-age=31536000
Content-Length: 134
X-MCAS-Request-Id: 96c4bc54-384b-41ee-92ee-495b43ee055c

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 46ms
45ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ef7792f77734e99db25ffe8f20dc7bcc3e52cde09961957a5dd4dc2da5d87d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 07:01:47 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 28495
x-xss-protection: 0
last-modified: Tue, 18 Feb 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 18 Feb 2020 07:01:47 GMT

GET
H/1.1 200
OK kraken.min.css
ci.security/static/ 104 KB
105 KB 120ms
120ms Stylesheet
text/css 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/kraken.min.css?v60231339223063899651276483544929

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

e77091727bbdb76d1fcc890e2dae9c8bcb5a0d2ab775887e6fe4e37130411157

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Tue, 18 Feb 2020 07:03:19 GMT
Referrer-Policy: strict-origin
Last-Modified: Mon, 10 Feb 2020 18:27:44 GMT
Server: nginx
ETag: "1a181-59e3ce53d0a5d"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: text/css
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 106881
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:19 GMT

GET
H/1.1 200
OK AICPA-SOC-Level2-Badge.png
ci.security/static/img/ 19 KB
20 KB 478ms
234ms Image
image/png 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/AICPA-SOC-Level2-Badge.png

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

45780f9004f49b43678a975c549852684bd5b480319aa077e70d795da9099def

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "4dfe-58f8c39917c8b"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/png
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19966
X-Content-Type-Options: nosniff
Expires: Wed, 17 Feb 2021 07:03:20 GMT

GET
H/1.1 200
OK kraken.babel.min.js Show response
ci.security/static/ 10 KB
10 KB 360ms
118ms Script
application/javascript 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/kraken.babel.min.js?v202002

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

1422b530e11686be18d89bcd9f619a20317443f1dba344d8ffd860360c204e75

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Tue, 22 Oct 2019 14:52:28 GMT
Server: nginx
ETag: "2799-59580f30002e8"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10137
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 206
Partial Content footage_480_color.mp4
ci.security/static/ 6 MB
6 MB 471ms
233ms Media
video/mp4 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/footage_480_color.mp4

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

9d9355326120ed7eff93bae35896afd0c6c0d3fe5644c1ea1ac0b1eff99d6c48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Sec-Fetch-Dest: video
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Thu, 29 Aug 2019 20:27:24 GMT
Server: nginx
ETag: "6698c2-59147555b9604"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: video/mp4
Content-Range: bytes 0-6723777/6723778
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6723778
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-72734021-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 1695
date: Tue, 18 Feb 2020 06:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Tue, 18 Feb 2020 08:33:32 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK consulting_background_@768.jpg
ci.security/static/img/backgrounds/ 43 KB
43 KB 443ms
216ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/backgrounds/consulting_background_@768.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

3d3da79e30106d0881131e8aea414939db009feab9eaa18a7c7c3e8534ac61aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "ab96-58f8c399197e3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43926
X-Content-Type-Options: nosniff
Expires: Wed, 17 Feb 2021 07:03:20 GMT

GET
H/1.1 200
OK medical_tech_doctor_stethoscope_background-100_@1200.jpg
ci.security/static/img/backgrounds/ 87 KB
87 KB 457ms
223ms Image
image/jpeg 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ci.security/static/img/backgrounds/medical_tech_doctor_stethoscope_background-100_@1200.jpg

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

689e0fa64d98bb75fbce794c71e8678839090e60304c51123e8351bcd8a31f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "15c0b-58f8c39923421"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: image/jpeg
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 89099
X-Content-Type-Options: nosniff
Expires: Wed, 17 Feb 2021 07:03:20 GMT

GET

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1004878197&t=pageview&_s=1&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Respon...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=976323919&_gid=671878116.1582009308&gjid=1196349837&_v=j81&z=1943971934

0
0

GET ga-audiences
www.google.com/ads/ 0
0

GET
H/1.1 200
OK Roboto-Bold-webfont.woff
ci.security/static/fonts/ 21 KB
21 KB 117ms
116ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Bold-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5348-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21320
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK Roboto-Regular-webfont.woff
ci.security/static/fonts/ 20 KB
21 KB 156ms
122ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Regular-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "51bc-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20924
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK RobotoSlab-Regular-webfont.woff
ci.security/static/fonts/ 23 KB
24 KB 231ms
116ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/RobotoSlab-Regular-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5d40-58f8c399178a3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23872
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK Roboto-Light-webfont.woff
ci.security/static/fonts/ 20 KB
21 KB 277ms
127ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/Roboto-Light-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "51a8-58f8c399174bb"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20904
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK FontAwesomeBrands-Regular-webfont.woff2
ci.security/static/fonts/ 20 KB
20 KB 276ms
121ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/FontAwesomeBrands-Regular-webfont.woff2?v=1.0.0

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

4a7acdea55252ab19b8c6e010eb38e2c11e87fee77e390798ce207b13b883d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "4e04-58f8c399170d3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19972
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK RobotoSlab-Bold-webfont.woff
ci.security/static/fonts/ 23 KB
24 KB 346ms
115ms Font
font/woff 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/RobotoSlab-Bold-webfont.woff

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "5dfc-58f8c399178a3"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24060
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK BlackTie-Regular-webfont.woff2
ci.security/static/fonts/ 13 KB
13 KB 402ms
125ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/BlackTie-Regular-webfont.woff2?v=1.0.0

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Wed, 07 Aug 2019 19:48:27 GMT
Server: nginx
ETag: "3280-58f8c3991651b"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12928
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H/1.1 200
OK line-awesome.woff2
ci.security/static/fonts/ 44 KB
45 KB 390ms
122ms Font
font/woff2 207.38.86.153
AS-30083-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

https://ci.security/static/fonts/line-awesome.woff2?v=1.1.

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

207.38.86.153 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US),

Reverse DNS

web594.webfaction.com

Software

nginx /

Resource Hash

063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:03:20 GMT
Referrer-Policy: strict-origin
Last-Modified: Tue, 13 Aug 2019 23:30:13 GMT
Server: nginx
ETag: "b034-5900805b59a2a"
X-Frame-Options: ALLOW-FROM https://www.youtube.com/
Content-Type: font/woff2
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=2628000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45108
X-Content-Type-Options: nosniff
Expires: Thu, 19 Mar 2020 07:03:20 GMT

GET
H2 200 e9cx2parnxxv.js Show response
js.driftt.com/include/1582009500000/ 136 KB
45 KB 195ms
151ms Script
application/javascript 13.224.194.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1582009500000/e9cx2parnxxv.js

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.194.54 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-54.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

cdd4a6806e93f9b297aa84ec5e498cab12a17e5f479b334ed6dd73a576130205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 07:01:48 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
last-modified: Fri, 14 Feb 2020 19:53:33 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=10
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W5DgkpFUaVz_MFlcY93z-tl9yS-6Rg_Vqe5njdF9ffTYeMP1c96J5Q==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 32ms
19ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 18 Feb 2020 07:01:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=53907
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 97379541.min.js Show response
tag.demandbase.com/ 57 KB
15 KB 444ms
394ms Script
application/javascript 13.225.73.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/97379541.min.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.37 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-37.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7d88edd30e5e3e59aad8dff22f70fa49452c8b4d5992e89ac937ed972a5ab338

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 07:01:49 GMT
content-encoding: gzip
last-modified: Thu, 16 Jan 2020 17:50:37 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: 5hG1Z6eobxwqTFy3H2wSODS4WUHe8cLO
status: 200
cache-control: public, max-age=3600
content-type: application/javascript; charset=utf-8
x-amz-cf-id: tBwXsZr-LObrJ5KH6N3NEAbMH5J7mJIdhWi3cMn-Ar_zr2DUoJ74aQ==
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D569164%26url%3Dhttps%253A%252F%252Fci.security%252F%26time%3D1582009307990%26liSy...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990&liSync=true

0
274 B

173ms
172ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990&liSync=true
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 18 Feb 2020 07:01:48 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server: Play
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: iNxEjhVt9BWA18z+bysAAA==

Redirect headers

date: Tue, 18 Feb 2020 07:01:48 GMT
x-content-type-options: nosniff
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-li-uuid: AEFEhBVt9BUQXjJJkisAAA==
server: Play
pragma: no-cache
x-li-pop: prod-tln1
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=569164&url=https%3A%2F%2Fci.security%2F&time=1582009307990&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 436 B
932 B 112ms
71ms XHR
application/json 13.225.73.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fci.security%2F&page_title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&key=ef6f04d2df1cbefc03f9dae82644e767&src=tag
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/97379541.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.25 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-25.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 442c0c2f4559bee30649c1064f295384c2086a564b5fd9654737c2dda7ba745b

Request headers

Referer: https://ci.security/
Origin: https://ci.security
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 18 Feb 2020 07:01:48 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
status: 200
request-id: 6d80b3a2-bc36-47eb-bc48-b31acb67d0e9
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://ci.security
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 1bf129b8787cf2e96d3bce725554e4d5.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zAodLQ9ObOa6JH0eUFk4lBGMKQMoIYVo95UjfUGaMsn29MGrR9aGjw==
expires: Mon, 17 Feb 2020 07:01:48 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw&verifyHash=3d577edfa66835702031c2fc30431fb0bfbcd0fa

26 B
408 B

193ms
193ms

Image
image/gif

13.225.73.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw&verifyHash=3d577edfa66835702031c2fc30431fb0bfbcd0fa
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.73.16 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-73-16.fra2.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Tue, 18 Feb 2020 07:01:49 GMT
Via: 1.1 ff2bcb2d3b4a3d9e0615ddd1033c38c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 62808d57893c3f31
X-Amz-Cf-Id: 40K3GaX85xvfX-rlZ7zZ4s_B6XLbVXUnwbuqMoDS31c8p-pdLFGogg==

Redirect headers

Date: Tue, 18 Feb 2020 07:01:49 GMT
Via: 1.1 ff2bcb2d3b4a3d9e0615ddd1033c38c4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAFFeE68lxgAABDDPcTNHw&verifyHash=3d577edfa66835702031c2fc30431fb0bfbcd0fa
Connection: keep-alive
trace-id: 01d2846fcfe66d67
Content-Length: 0
X-Amz-Cf-Id: oQ5b5pEOLxMzMUMt_eMyS0NGdZBwUxD29km1h6NnNeK9ugXzDcnZ_Q==

GET
H2 200 collect
www.google-analytics.com/ 35 B
106 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&a=1004878197&t=event&ni=1&_s=2&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAUAB~&jid=&gjid=&cid=688136019.1582009308&tid=UA-72734021-3&_gid=671878116.1582009308&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=1876133234

Requested by

Host: ci.security
URL: https://ci.security/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 04 Feb 2020 20:05:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1162554
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 448ms
111ms Script
application/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Tue, 18 Feb 2020 07:01:49 GMT
Content-Encoding: gzip
X-Pardot-Route: ea50fcd3dcf777490e1499615b883deb
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
Last-Modified: Mon, 29 Oct 2018 21:17:36 GMT
Server: PardotServer
ETag: "13e7-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
Cache-Control: max-age=63072000
Accept-Ranges: bytes
Content-Length: 1817
Expires: Thu, 17 Feb 2022 07:01:49 GMT

GET
H2 200 index.html
js.driftt.com/deploy/assets/ Frame 9C9E 0
0 23ms
22ms Document
text/html 13.224.194.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/deploy/assets/index.html

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1582009500000/e9cx2parnxxv.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.194.54 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-54.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /deploy/assets/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ci.security/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ci.security/

Response headers

status: 200
content-type: text/html; charset=utf-8
content-length: 894
server: nginx
last-modified: Fri, 14 Feb 2020 19:53:33 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 18 Feb 2020 07:01:49 GMT
etag: "15dac01e89595d89b43144dc64da7722"
cache-control: max-age=10
x-cache: Hit from cloudfront
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: fPC9fn-k4Bm0JVRx8DwbjOHby5Cok9h50788ZjSniZMxBnGTWJA-ZA==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 34 KB
11 KB 74ms
25ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: ci.security
URL: https://ci.security/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 18193705ab98d0aa0d38c44621932f9599495d8e708fc41afb7ef892ab0895ae

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: lfmGdNKg5RpvOV9rgmEkoYf4yRMYp92f
Content-Encoding: gzip
x-amz-request-id: CF2698AF4ECDBB0C
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 18 Feb 2020 07:01:49 GMT
Connection: keep-alive
Content-Length: 10738
x-amz-id-2: XOPKCCC75hTreRBEowGrlWbCCdZ7Sq9AOTK9wflo/A42EY34c+mx3gheNXC+rUzATlHFDVwJg1E=
Last-Modified: Thu, 06 Feb 2020 22:47:39 GMT
Server: AmazonS3
ETag: "bdad36c9dcb5278bdd961fb364516719"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/PVQ657GQDFFXLFGCNQJYZN/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

23ms
23ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: Y8nS1mIzhBe8JEQvENARcyn9JPX.scLz
Content-Encoding: gzip
x-amz-request-id: E1C9941DB941DD1E
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 18 Feb 2020 07:01:49 GMT
Connection: keep-alive
Content-Length: 48
x-amz-id-2: lqt/Q3YwSp0JZGFSkK+nCWTAycdLPcPppTHD0vKT62G9CJJy1uY9PFVXzze6e8zRgmHtjNxi+Co=
Last-Modified: Thu, 06 Feb 2020 23:04:12 GMT
Server: AmazonS3
ETag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Tue, 18 Feb 2020 07:01:49 GMT
Server: AkamaiGHost
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/ 0
773 B 288ms
236ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/PVQ657GQDFFXLFGCNQJYZN/TSOEJUVR2RDQTK7UULEUDW/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: MV_MGc9amkrWEO5poMmduTkQmysjehwv
Content-Encoding: gzip
x-amz-request-id: 184EDE35353ADE7F
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Tue, 18 Feb 2020 07:01:49 GMT
Connection: keep-alive
Content-Length: 20
x-amz-id-2: TZM5UP6O3ab4aXYFtPfX6LQq9ftaGqA8luvs11Z4CjsDu7F/faVYCUlKZMw4VX/RwNRoSdAaDRo=
Last-Modified: Mon, 17 Feb 2020 21:43:35 GMT
Server: AmazonS3
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET PVQ657GQDFFXLFGCNQJYZN
d.adroll.mgr.consensu.org/consent/iabcheck/ 0
0

GET
H/1.0 200
OK analytics Show response
pi.pardot.com/ 1 KB
2 KB 291ms
291ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: e4338987c5846a18b620232ea7864547adc0ebb23eb8edef105306326d64f7ab

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Tue, 18 Feb 2020 07:01:49 GMT
Content-Encoding: gzip
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/67/232
Vary: Accept-Encoding,User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 536
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.0 200
OK analytics Show response
cybersecurity.ci.security/ 50 B
1 KB 571ms
201ms Script
text/javascript 35.174.78.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cybersecurity.ci.security/analytics?conly=true&visitor_id=699915668&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=&visitor_id_sign=95fdd0b93da460b490a50bc4f21e3e64b1ae39a61b885d0a26a898ed15820cff19a053e550d293f405262842a8d35053cc05b3c1
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&pi_opt_in=&campaign_id=20750&account_id=415142&title=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&url=https%3A%2F%2Fci.security%2F&referrer=
Protocol: HTTP/1.0
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.78.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: pi0-lba1-5-ue1.aws.pardot.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Tue, 18 Feb 2020 07:01:50 GMT
X-Pardot-Route: 13c7a24cfc43e49b0467af9964bf67ec
X-Pardot-LB: d3d7f55bb0643f40d338b3c1e133d5c5
X-Pardot-Rsp: 16/89/84
Vary: User-Agent
P3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Content-Length: 50
Server: PardotServer
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1004878197&t=event&ni=1&_s=3&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Resp...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=2103538953&_gid=671878116.1582009308&gjid=1026964495&_v=j81&z=1518361115

0
0

GET
H2 200 collect
www.google-analytics.com/ 35 B
106 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&a=1004878197&t=event&ni=1&_s=4&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%201547266&_u=aHBAAUAB~&jid=&gjid=&cid=688136019.1582009308&tid=UA-72734021-3&_gid=671878116.1582009308&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=965307954

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 04 Feb 2020 20:05:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1162557
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET ga-audiences
www.google.com/ads/ 0
0

GET
H2 200 collect
www.google-analytics.com/ 35 B
106 B 6ms
6ms Image
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j81&a=1004878197&t=event&ni=1&_s=5&dl=https%3A%2F%2Fci.security%2F&ul=en-us&de=UTF-8&dt=Threat%20Detection.%20Human%20Investigation.%20Rapid%20Response.%20%7C%20CI%20Security&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Drift%20Widget&ea=Message%20Received&el=Playbook%20ID%3A%201547266&_u=aHBAAUAB~&jid=&gjid=&cid=688136019.1582009308&tid=UA-72734021-3&_gid=671878116.1582009308&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&cd19=(Non-Company%20Visitor)&cd20=(Non-Company%20Visitor)&z=76556849

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ci.security/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Tue, 04 Feb 2020 20:05:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 1162558
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=976323919&_gid=671878116.1582009308&gjid=1196349837&_v=j81&z=1943971934

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=688136019.1582009308&jid=976323919&_v=j81&z=1943971934

Domain: d.adroll.mgr.consensu.org
URL: https://d.adroll.mgr.consensu.org/consent/iabcheck/PVQ657GQDFFXLFGCNQJYZN?_s=fc2f33c4cf354e10ba3da4add02fcc49&_b=2

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-72734021-3&cid=688136019.1582009308&jid=2103538953&_gid=671878116.1582009308&gjid=1026964495&_v=j81&z=1518361115

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-72734021-3&cid=688136019.1582009308&jid=2103538953&_v=j81&z=1518361115

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ci.security/	1970-01-20 00:59:27	Name: driftt_aid Value: 37a92bbd-94e8-4eee-9d12-5f81d6342c17
.ci.security/	1970-01-19 07:26:49	Name: _gat_gtag_UA_72734021_3 Value: 1
.ci.security/	1970-01-19 07:28:15	Name: _gid Value: GA1.2.671878116.1582009308
.ci.security/	1970-01-20 00:58:01	Name: _ga Value: GA1.2.688136019.1582009308

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://ci.security/(Line 5) Message: Production GA Script

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; font-src 'self' data: .googleusercontent.com; media-src 'self' .thekraken.xyz; manifest-src 'self';script-src 'self' 'nonce-60231339223063899651276483544929' .google-analytics.com 'nonce-5483687168' s.ytimg.com .ci.security .bamboohr.com .adroll.com .linkedin.com .licdn.com .demandbase.com static.doubleclick.net .googletagmanager.com .driftt.com googleads.g.doubleclick.net .pardot.com; style-src 'self' 'unsafe-inline' .bamboohr.com .driftt.com; img-src 'self' data: 'unsafe-inline' cms.thekraken.xyz .company-target.com .linkedin.com .adroll.com .casalemedia.com www.google-analytics.com .twitter.com .driftt.com .bidr.io stats.g.doubleclick.net .advertising.com .casalemedia.com .rubiconproject.com .outbrain.com .pubmatic.com .yahoo.com .taboola.com/sg/adroll-network .3lift.com .bidswitch.net .adnxs.com .rlcdn.com .openx.net .bamboohr.com .pardot.com s.ytimg.com; connect-src 'self' .google-analytics.com .ci.security .google.com .bamboohr.com .twitter.com .demandbase.com .company-target.com .driftt.com .youtube.com; frame-src 'self' .youtube.com .driftt.com .ci.security .pardot.com .bamboohr.com .twitter.com .google.com .google-analytics.com; frame-ancestors 'self' .driftt.com .bamboohr.com .youtube.com; form-action 'self' js.driftt.com .ci.security ci.security *.pardot.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://www.youtube.com/
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.company-target.com
ci.security
ci.security.us.cas.ms
cybersecurity.ci.security
d.adroll.mgr.consensu.org
js.driftt.com
match.prod.bidr.io
pi.pardot.com
px.ads.linkedin.com
s.adroll.com
segments.company-target.com
snap.licdn.com
stats.g.doubleclick.net
tag.demandbase.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
d.adroll.mgr.consensu.org
stats.g.doubleclick.net
www.google.com
13.224.194.54
13.225.73.16
13.225.73.25
13.225.73.37
207.38.86.153
23.210.248.216
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2008
2a02:26f0:6c00:28c::25ea
2a05:f500:11:101::b93f:9001
2a05:f500:11:101::b93f:9005
35.174.78.146
40.81.127.140
52.215.1.63
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
072c31e5770897b5bf1d6a566b33b9332bfd7e0baeb64d45dd58d02794eeb4a6
1422b530e11686be18d89bcd9f619a20317443f1dba344d8ffd860360c204e75
15c730c302225ad29a32a1852a683e1c02f45e4e8a018bef6c7901a51458e62d
18193705ab98d0aa0d38c44621932f9599495d8e708fc41afb7ef892ab0895ae
3a789a592e281b6cd5c1982e895d1c1e65d7cb314e3fdffd3ad98508f1dcad13
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3d3da79e30106d0881131e8aea414939db009feab9eaa18a7c7c3e8534ac61aa
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
442c0c2f4559bee30649c1064f295384c2086a564b5fd9654737c2dda7ba745b
45780f9004f49b43678a975c549852684bd5b480319aa077e70d795da9099def
4a7acdea55252ab19b8c6e010eb38e2c11e87fee77e390798ce207b13b883d2d
4ef7792f77734e99db25ffe8f20dc7bcc3e52cde09961957a5dd4dc2da5d87d9
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
689e0fa64d98bb75fbce794c71e8678839090e60304c51123e8351bcd8a31f46
7838acd6a8bd0836972523ffbe20c9745d03b07d89968d9cc9bc57f46e567895
7d88edd30e5e3e59aad8dff22f70fa49452c8b4d5992e89ac937ed972a5ab338
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9d9355326120ed7eff93bae35896afd0c6c0d3fe5644c1ea1ac0b1eff99d6c48
a629b5570d16e1450d7621907a85b07392f2959b2792145864ac84fc0dbe7307
cdd4a6806e93f9b297aa84ec5e498cab12a17e5f479b334ed6dd73a576130205
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
de2ab805d9a0d28cbc9bcb5a4adf47ba419db64e21b94330cc97eb57fe9467c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4338987c5846a18b620232ea7864547adc0ebb23eb8edef105306326d64f7ab
e77091727bbdb76d1fcc890e2dae9c8bcb5a0d2ab775887e6fe4e37130411157
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6652dacc3641651bf842bb18861c6fbb66581a3dd2c41dde3226764740684b6
faf7aa5ba903daf6658fba09b30abd2bc812c6956df52df9791e9f59be86f7ed

ci.security Open in urlscan Pro 207.38.86.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

38 Requests

87 %HTTPS

36 %IPv6

15 Domains

18 Subdomains

12 IPs

6 Countries

7158 kBTransfer

7399 kBSize

4 Cookies

4 Outgoing links

Page URL History

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

ci.security Open in urlscan Pro
207.38.86.153 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

87 %
HTTPS

36 %
IPv6

15
Domains

18
Subdomains

12
IPs

6
Countries

7158 kB
Transfer

7399 kB
Size

4
Cookies

38 HTTP transactions
2 data transactions