urlscan.io logo urlscan.io
SecurityTrails logo

www.ciaokoko.com Open in urlscan Pro
23.227.38.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://kokociao.com/
Effective URL: https://www.ciaokoko.com/password
Submission: On August 05 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 14 HTTP transactions. The main IP is 23.227.38.65, located in Canada and belongs to CLOUDFLARENET, US. The main domain is www.ciaokoko.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 31st 2020. Valid for: 3 months.
This is the only time www.ciaokoko.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a01:238:20a:... 6724 (STRATO ST...)
2 3 23.227.38.65 13335 (CLOUDFLAR...)
10 2a04:4e42:3::104 54113 (FASTLY)
3 35.188.198.106 15169 (GOOGLE)
14 3
Apex Domain
Subdomains		 Transfer
9 shopify.com
cdn.shopify.com
178 KB
3 shopifysvc.com
monorail-edge.shopifysvc.com
1 KB
3 ciaokoko.com
www.ciaokoko.com
10 KB
1 shopifycdn.com
fonts.shopifycdn.com
41 KB
1 kokociao.com
kokociao.com
259 B
14 5
Domain Requested by
9 cdn.shopify.com www.ciaokoko.com
3 monorail-edge.shopifysvc.com cdn.shopify.com
3 www.ciaokoko.com 2 redirects
1 fonts.shopifycdn.com www.ciaokoko.com
1 kokociao.com 1 redirects
14 5

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
Subject Issuer Validity Valid
www.ciaokoko.com
Let's Encrypt Authority X3		 2020-07-31 -
2020-10-29		 3 months crt.sh
shopify.map.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-06-10 -
2021-04-18		 10 months crt.sh
monorail-edge.shopifysvc.com
Let's Encrypt Authority X3		 2020-06-24 -
2020-09-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.ciaokoko.com/password
Frame ID: 7EE83801A64FF9048FD7693C61821D8D
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://kokociao.com/ HTTP 301
    http://www.ciaokoko.com/ HTTP 301
    https://www.ciaokoko.com/ HTTP 302
    https://www.ciaokoko.com/password Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

229 kB
Transfer

733 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kokociao.com/ HTTP 301
    http://www.ciaokoko.com/ HTTP 301
    https://www.ciaokoko.com/ HTTP 302
    https://www.ciaokoko.com/password Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request password
www.ciaokoko.com/
Redirect Chain
  • http://kokociao.com/
  • http://www.ciaokoko.com/
  • https://www.ciaokoko.com/
  • https://www.ciaokoko.com/password
22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.65 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
myshopify.com
Software
cloudflare /
Resource Hash
3dd98d9b79130ec22df781bfb06f6393897c207718200439d6a3bee105ce1865
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3

Request headers

:method
GET
:authority
www.ciaokoko.com
:scheme
https
:path
/password
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dd03a3c3bc5d01429d6712872a9335dd91596630090
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 05 Aug 2020 12:21:31 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
162
x-sorting-hat-shopid
43234001059
x-frame-options
DENY
x-shopid
43234001059
x-shardid
162
content-language
de
x-shopify-generated-cart-token
d60ef1d5c5821ff9f13f8f93ebf31c6d
content-encoding
gzip
x-robots-tag
nofollow
etag
cacheable:d23eb4d3b4ee3dcfd5d348c3165e2186
x-alternate-cache-key
cacheable:5e0535a98823059537b70bd1b6be18a7
x-cache
hit, server
set-cookie
_y=5783a5e9-3658-49b1-bece-f1d312e4601a; Expires=Thu, 05-Aug-21 12:21:31 GMT; Domain=ciaokoko.com; Path=/ cart_currency=EUR; path=/; expires=Wed, 19 Aug 2020 12:21:31 GMT _orig_referrer=; Expires=Wed, 19-Aug-20 12:21:31 GMT; Domain=ciaokoko.com; Path=/; HttpOnly cart_ver=%3A0; path=/; expires=Wed, 19 Aug 2020 12:21:31 GMT; HttpOnly secure_customer_sig=; path=/; expires=Sun, 05 Aug 2040 12:21:31 GMT; secure; HttpOnly _shopify_y=5783a5e9-3658-49b1-bece-f1d312e4601a; Expires=Thu, 05-Aug-21 12:21:31 GMT; Domain=ciaokoko.com; Path=/ _landing_page=%2Fpassword; Expires=Wed, 19-Aug-20 12:21:31 GMT; Domain=ciaokoko.com; Path=/; HttpOnly cart_sig=; path=/; expires=Wed, 19 Aug 2020 12:21:31 GMT; HttpOnly
x-shopify-stage
production
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3
x-dc
gcp-us-east1,gcp-us-central1,gcp-us-central1
nel
{"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001} {"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]} {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
x-request-id
7fc09da1-562f-4a41-b964-c0b69038c8c3
x-storefront-renderer-verified
1
cf-cache-status
DYNAMIC
cf-request-id
04602add8b0000a8c1f2bfe200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5be07a75af65a8c1-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

status
302
date
Wed, 05 Aug 2020 12:21:31 GMT
content-type
text/html; charset=utf-8
x-sorting-hat-podid
162
x-sorting-hat-shopid
43234001059
x-storefront-renderer-rendered
1
x-cache
allow
location
https://www.ciaokoko.com/password
x-frame-options
DENY
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-shopid
43234001059
x-shardid
162
x-shopify-stage
production
x-dc
gcp-us-east1,gke
x-request-id
74c41ced-5c8d-4623-a384-10ee63ec4f9a
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-xss-protection
1; mode=block
nel
{"report_to":"network-errors","max_age":2592000,"failure_fraction":0.01,"success_fraction":0.0001}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://monorail-edge.shopifycloud.com/v1/reports/nel/20190325/shopify"}]}
cf-cache-status
DYNAMIC
cf-request-id
04602adcfc0000a8c1f2bf5200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5be07a74cea2a8c1-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
theme.scss.css
cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/ 		136 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/theme.scss.css?v=10259011138941890056
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
93eb1b773436a2c62bf7673ee7a8452d24109ecf27de3be0a75fe3b36d02fab9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-text/css,source-GcsShopAssetsBackend,segment2-174,segment4-44721,revision-8e6a1d43b5102d5cf1516a0c4c0dcfee31143fad,cdn-shopify-com-s-files-1-0432-3400-1059-t-1-assets-theme-scss-css,shop-43234001059
status
200
x-cache
HIT, HIT
content-length
23689
x-xss-protection
1; mode=block
x-request-id
3dff2ba61058872480e3f520ff7c2d31c63765ea51ec2c04b81d0dceba6e4ec7
x-served-by
cache-lga21940-LGA, cache-fra19183-FRA
last-modified
Fri, 31 Jul 2020 19:16:39 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.365576,VS0,VE1
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Sat, 31 Jul 2021 19:16:37 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/theme.scss.css>; rel="canonical"
x-cache-hits
1, 1
vendor.js
cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/ 		143 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/vendor.js?v=8583346420283214553
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
2dbb75cdd921d7a33db005df9d809aba3448a85e6a44e0306e0ce76f4651904e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-196,segment4-50241,revision-8e6a1d43b5102d5cf1516a0c4c0dcfee31143fad,cdn-shopify-com-s-files-1-0432-3400-1059-t-1-assets-vendor-js,shop-43234001059
status
200
x-cache
MISS, HIT
content-length
49124
x-xss-protection
1; mode=block
x-request-id
c5506f7c0e87fc1dd25f7967f7e52a7f5154675cbfadef32a178ced244c01d78
x-served-by
cache-lga21966-LGA, cache-fra19183-FRA
last-modified
Tue, 14 Jul 2020 20:24:31 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.365627,VS0,VE1
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 04 Aug 2021 11:20:22 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/vendor.js>; rel="canonical"
x-cache-hits
0, 1
theme.js
cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/ 		206 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/theme.js?v=8903157658550589297
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
d78a288913ae085450dd52c9075f060b4770b4feab0c966f2d81d3c677a39b91
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-79,segment4-20261,revision-8e6a1d43b5102d5cf1516a0c4c0dcfee31143fad,cdn-shopify-com-s-files-1-0432-3400-1059-t-1-assets-theme-js,shop-43234001059
status
200
x-cache
HIT, HIT
content-length
45524
x-xss-protection
1; mode=block
x-request-id
f0f066323712ef297b677baab33c0a50fcaa9cb64f0fa8c47c102154cc20b08c
x-served-by
cache-lga21976-LGA, cache-fra19183-FRA
last-modified
Tue, 14 Jul 2020 20:24:30 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.376484,VS0,VE1
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Sat, 31 Jul 2021 08:26:59 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/theme.js>; rel="canonical"
x-cache-hits
1, 1
password.js
cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/password.js?v=16754382210079724339
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
baae8ac1408b19f85adf0a99879b005e62b71749adff14481978d2ace3131156
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-ShopAssetsBackend,segment2-236,segment4-60490,revision-d2374ff1e0de38007c48edced16ee39dc41a664e,cdn-shopify-com-s-files-1-0432-3400-1059-t-1-assets-password-js,shop-43234001059
status
200
x-cache
MISS, HIT
content-length
1171
x-xss-protection
1; mode=block
x-request-id
bbdb96648169b986257363e19d8d75d15341aec0a0e21644a7132eaeec578b63
x-served-by
cache-lga21936-LGA, cache-fra19183-FRA
last-modified
Tue, 14 Jul 2020 20:24:29 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.387453,VS0,VE1
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 05 Aug 2021 05:16:05 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/password.js>; rel="canonical"
x-cache-hits
0, 1
load_feature-04598b77b1103a920783be825a5f4c245a91397360c621cd772069cf99347113.js
cdn.shopify.com/s/assets/storefront/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/assets/storefront/load_feature-04598b77b1103a920783be825a5f4c245a91397360c621cd772069cf99347113.js
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19178-FRA /
Resource Hash
04598b77b1103a920783be825a5f4c245a91397360c621cd772069cf99347113
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.ciaokoko.com/password
Origin
https://www.ciaokoko.com

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-95,segment4-24320,revision-c28c7fefc65c0eaa37e71bd1dda7b2a396d7c32f,cdn-shopify-com-s-assets-storefront-load_feature-04598b77b1103a920783be825a5f4c245a91397360c621cd772069cf99347113-js
status
200
x-cache
HIT, HIT
content-length
3030
x-xss-protection
1; mode=block
x-request-id
cc93e1acc1ccdb3f0252a9ce616d91029d155bce3fab2a05d4ba370c2fd35a35
x-served-by
cache-lga21958-LGA, cache-fra19178-FRA
last-modified
Wed, 17 Jun 2020 00:59:35 GMT
server
cache-fra19178-FRA
x-timer
S1596630091.386813,VS0,VE0
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 18 Jun 2021 02:37:37 GMT
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/assets/storefront/load_feature-04598b77b1103a920783be825a5f4c245a91397360c621cd772069cf99347113.js>; rel="canonical"
x-cache-hits
306912, 9356
CiaoKoko_300x300.PNG
cdn.shopify.com/s/files/1/0432/3400/1059/files/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.shopify.com/s/files/1/0432/3400/1059/files/CiaoKoko_300x300.PNG?v=1596219938
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
5df718b6aa53396a6b1b0620745926d1aa6a021dcb007e0f25de0ad2452437c9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-image
generated
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-image/webp,source-GcsShopAssetsBackend,segment2-161,segment4-41413,revision-8e6a1d43b5102d5cf1516a0c4c0dcfee31143fad,cdn-shopify-com-s-files-1-0432-3400-1059-files-CiaoKoko-PNG,shop-43234001059
status
200
x-cache
HIT, HIT
content-length
7928
x-xss-protection
1; mode=block
x-request-id
78c66065bf4170103120e13b3882514666f6c4e130e1e3f4da0098fa0b7d18a6
x-served-by
cache-lga21936-LGA, cache-fra19183-FRA
last-modified
Sat, 01 Aug 2020 18:34:15 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.387442,VS0,VE1
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept
content-type
image/webp
access-control-allow-origin
*
expires
Sun, 01 Aug 2021 18:34:15 GMT
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0432/3400/1059/files/CiaoKoko_300x300.PNG>; rel="canonical"
x-cache-hits
1, 1
trekkie.storefront.min.js
cdn.shopify.com/s/javascripts/tricorder/ 		59 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.07.13.1
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
84e1bc230717d12e2d24de6d700409223d0d8bb48e3fbc59f02dccc96e7b3b4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-ShopAssetsBackend,segment2-149,segment4-38261,revision-d2374ff1e0de38007c48edced16ee39dc41a664e,cdn-shopify-com-s-javascripts-tricorder-trekkie-storefront-min-js
status
200
x-cache
HIT, HIT
content-length
13642
x-xss-protection
1; mode=block
x-request-id
7ba79c1adf3bf7fd939e5e9baea801612b161d204420af490406a237f0a1a972
x-served-by
cache-lga21970-LGA, cache-fra19183-FRA
last-modified
Tue, 04 Aug 2020 18:41:31 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.387412,VS0,VE0
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Tue, 04 Aug 2020 19:23:03 GMT
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js>; rel="canonical"
x-cache-hits
1782, 892
shop_events_listener-2632023fb2795bd6668b6fbae05b661baba07afb3d62048f023763eca3cd96e3.js
cdn.shopify.com/s/assets/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/s/assets/shop_events_listener-2632023fb2795bd6668b6fbae05b661baba07afb3d62048f023763eca3cd96e3.js
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
2632023fb2795bd6668b6fbae05b661baba07afb3d62048f023763eca3cd96e3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsShopAssetsBackend,segment2-206,segment4-52832,revision-371e8cfd92214eab616f28ab3b803d5ead1ef11a,cdn-shopify-com-s-assets-shop_events_listener-2632023fb2795bd6668b6fbae05b661baba07afb3d62048f023763eca3cd96e3-js
status
200
x-cache
HIT, HIT
content-length
2584
x-xss-protection
1; mode=block
x-request-id
c17065c31b7f538adabd940ad7bc2013028e87d87abb336d3d2113abb69e69be
x-served-by
cache-lga21928-LGA, cache-fra19183-FRA
last-modified
Thu, 11 Jun 2020 17:26:43 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.387401,VS0,VE0
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 30 Jun 2021 17:27:11 GMT
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/assets/shop_events_listener-2632023fb2795bd6668b6fbae05b661baba07afb3d62048f023763eca3cd96e3.js>; rel="canonical"
x-cache-hits
1, 59559
lato_n4.c86cddcf8b15d564761aaa71b6201ea326f3648b.woff2
fonts.shopifycdn.com/lato/ 		41 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.shopifycdn.com/lato/lato_n4.c86cddcf8b15d564761aaa71b6201ea326f3648b.woff2?h1=Y2lhb2tva28uY29t&hmac=a48e7725baa565988ea88bca19de6d65373c11b07e8e5b4a1ed1e952c21aee7b
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
575c97668d79c41ce6dbc1bf6d1c7fa0c5920725a1cd691aa5e11410f892f18b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://cdn.shopify.com/s/files/1/0432/3400/1059/t/1/assets/theme.scss.css?v=10259011138941890056
Origin
https://www.ciaokoko.com

Response headers

x-amz-version-id
Hk9EfjfV6_.4qzfhKYaVrgmumvhhTA9x
via
1.1 varnish
etag
"13a15a60521ed0a8a9b2dac5ec2f79dd"
age
40241
x-cache
HIT
status
200
content-length
42156
x-amz-id-2
mEdQQXj3F5Yl7thE2lInLgNNARfJVwnChXbMW/Zkls3jKbVrfxi9e9lUdQd8xpNs/NYzaP0H8Eo=
x-served-by
cache-fra19178-FRA
last-modified
Wed, 02 May 2018 18:21:14 GMT
server
AmazonS3
x-timer
S1596630091.390526,VS0,VE0
date
Wed, 05 Aug 2020 12:21:31 GMT
x-amz-request-id
F451881D7085019A
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
content-type
application/octet-stream
x-cache-hits
598
shopify-boomerang-1.0.0.min.js
cdn.shopify.com/shopifycloud/boomerang/ 		99 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: www.ciaokoko.com
URL: https://www.ciaokoko.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::104 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
cache-fra19183-FRA /
Resource Hash
80687dcbd6759bc7b6443f10ac8d7a8549615e828e43bc210a4dffb0a630531c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cdn
Fastly, http2
x-dc
gke
edge-cache-tag
mime-application/javascript,source-GcsBackend,segment2-96,segment4-24675,revision-0e39eb8df6950381f176b615821502f05bd72e4a,cdn-shopify-com-shopifycloud-boomerang-shopify-boomerang-1-0-0-min-js
status
200
x-cache
HIT, HIT
content-length
30964
x-xss-protection
1; mode=block
x-request-id
fd9a91e71fb8d300558aa8d273ac7c3a66dcd592b1deb00730bdc6096d197bfe
x-served-by
cache-lga21924-LGA, cache-fra19183-FRA
last-modified
Thu, 09 Jul 2020 18:16:37 GMT
server
cache-fra19183-FRA
x-timer
S1596630091.488002,VS0,VE0
date
Wed, 05 Aug 2020 12:21:31 GMT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Fri, 09 Jul 2021 18:17:12 GMT
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js>; rel="canonical"
x-cache-hits
3, 57150
produce
monorail-edge.shopifysvc.com/v1/ 		0
468 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.07.13.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.188.198.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
106.198.188.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 05 Aug 2020 12:21:31 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.ciaokoko.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
37a5902e-402f-4ab4-9e8a-bbc903e709ec
produce
monorail-edge.shopifysvc.com/v1/ 		0
468 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/s/javascripts/tricorder/trekkie.storefront.min.js?v=2020.07.13.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.188.198.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
106.198.188.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 05 Aug 2020 12:21:31 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.ciaokoko.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
8045321f-6172-49b4-92de-db5aa354f057
produce
monorail-edge.shopifysvc.com/v1/ 		0
468 B 		Other
General
Check archive.org
Download Go to
Full URL
https://monorail-edge.shopifysvc.com/v1/produce
Requested by
Host: cdn.shopify.com
URL: https://cdn.shopify.com/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.188.198.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
106.198.188.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.ciaokoko.com/password
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 05 Aug 2020 12:21:31 GMT
x-dc
gke
status
200
access-control-max-age
86400
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://www.ciaokoko.com
access-control-allow-credentials
true
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-headers
User-Agent,Accept,Content-Type,X-Monorail-Edge-Event-Created-At-Ms,X-Monorail-Edge-Event-Sent-At-Ms,X-Monorail-Edge-Client-Message-Id,X-Monorail-Edge-Device-Install-Id,X-Monorail-Edge-Accept-Language,X-Monorail-Edge-Content-Language,X-Forwarded-For
content-length
0
x-request-id
e56a26b9-dbd0-40d8-8ece-6bacff903610

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Shopify object| __st boolean| ShopifyPaypalV4VisibilityTracking object| meta string| attr object| ShopifyAnalytics object| trekkie function| storefrontFormsRecaptchaCallback object| theme object| enquire function| $ function| jQuery function| _ function| mobileCheck object| Modernizr object| bodyScrollLock object| selectors function| onYouTubeIframeAPIReady object| slate object| $slideshow function| gm_authFailure object| $RecoverHeading object| $RecoverEmail object| $LoginHeading function| Modals object| _visit object| BOOMR

14 Cookies

Domain/Path Name / Value
.ciaokoko.com/ Name: _shopify_sa_p
Value:
.ciaokoko.com/ Name: _shopify_fs
Value: 2020-08-05T12%3A21%3A31.471Z
.ciaokoko.com/ Name: _shopify_s
Value: be91c9bb-A9C2-49BA-02DA-C75A3195035F
.www.ciaokoko.com/ Name: __cfduid
Value: dd03a3c3bc5d01429d6712872a9335dd91596630090
.ciaokoko.com/ Name: _s
Value: be91c9bb-A9C2-49BA-02DA-C75A3195035F
.ciaokoko.com/ Name: _landing_page
Value: %2Fpassword
www.ciaokoko.com/ Name: secure_customer_sig
Value:
www.ciaokoko.com/ Name: cart_currency
Value: EUR
www.ciaokoko.com/ Name: cart_sig
Value:
.ciaokoko.com/ Name: _y
Value: 5783a5e9-3658-49b1-bece-f1d312e4601a
.ciaokoko.com/ Name: _shopify_sa_t
Value: 2020-08-05T12%3A21%3A31.476Z
.ciaokoko.com/ Name: _shopify_y
Value: 5783a5e9-3658-49b1-bece-f1d312e4601a
www.ciaokoko.com/ Name: cart_ver
Value: %3A0
.ciaokoko.com/ Name: _orig_referrer
Value:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /csp-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block; report=/xss-report?source%5Baction%5D=password&source%5Bapp%5D=Shopify&source%5Bcontroller%5D=storefront_section%2Fstorefront&source%5Bsection%5D=storefront&source%5Buuid%5D=7fc09da1-562f-4a41-b964-c0b69038c8c3