labs.detectify.com Open in urlscan Pro
104.196.191.243 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=
Effective URL:
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Submission: On January 14 via api (January 14th 2021, 1:30:49 am UTC) from US

Summary HTTP 82 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 28 IPs in 5 countries across 24 domains to perform 82 HTTP transactions. The main IP is 104.196.191.243, located in United States and belongs to GOOGLE, US. The main domain is labs.detectify.com.
TLS certificate: Issued by RapidSSL RSA CA 2018 on May 24th 2020. Valid for: a year.

This is the only time labs.detectify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 29	104.196.191.243 104.196.191.243	15169 (GOOGLE) (GOOGLE)
6	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:816::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	172.217.23.130 172.217.23.130	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY)
1	151.101.13.2 151.101.13.2	54113 (FASTLY) (FASTLY)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:6c0... 2a02:26f0:6c00:296::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	143.204.215.88 143.204.215.88	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	3.213.100.238 3.213.100.238	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:81b::2002	15169 (GOOGLE) (GOOGLE)
1	54.197.143.221 54.197.143.221	14618 (AMAZON-AES) (AMAZON-AES)
6	2606:4700::68... 2606:4700::6812:a813	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.64.134 151.101.64.134	54113 (FASTLY) (FASTLY)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	143.204.215.65 143.204.215.65	16509 (AMAZON-02) (AMAZON-02)
4	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY)
82	28

29 104.196.191.243 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 243.191.196.104.bc.googleusercontent.com

labs.detectify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
labsdetectify.wpengine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:6c00::210:ba2a (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

detectify.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.215.88 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-88.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.213.100.238 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-100-238.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.197.143.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-143-221.compute-1.amazonaws.com

js.driftqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:a813 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.64.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.215.65 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-65.fra53.r.cloudfront.net

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.112.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	detectify.com 3 redirects labs.detectify.com	698 KB
7	disqus.com detectify.disqus.com disqus.com links.services.disqus.com	37 KB
7	typekit.net use.typekit.net p.typekit.net	105 KB
6	disquscdn.com c.disquscdn.com	257 KB
5	gstatic.com fonts.gstatic.com	79 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
3	driftt.com js.driftt.com	81 KB
3	google-analytics.com www.google-analytics.com	52 KB
2	viglink.com cdn.viglink.com	775 B
2	facebook.com www.facebook.com	496 B
2	google.de www.google.de	637 B
2	google.com www.google.com	637 B
2	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	1 KB
2	bing.com bat.bing.com	9 KB
2	quora.com a.quora.com q.quora.com	14 KB
2	facebook.net connect.facebook.net	92 KB
2	wpengine.com labsdetectify.wpengine.com	577 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	driftqa.com js.driftqa.com	21 KB
1	reddit.com alb.reddit.com	125 B
1	licdn.com snap.licdn.com	2 KB
1	redditstatic.com www.redditstatic.com	6 KB
1	googleadservices.com www.googleadservices.com	13 KB
1	googletagmanager.com www.googletagmanager.com	39 KB
82	24

	Domain	Requested by
27	labs.detectify.com	3 redirects labs.detectify.com
6	c.disquscdn.com	detectify.disqus.com
6	use.typekit.net	labs.detectify.com
5	fonts.gstatic.com	fonts.googleapis.com
4	links.services.disqus.com	c.disquscdn.com
3	js.driftt.com	labs.detectify.com js.driftt.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com labs.detectify.com
2	cdn.viglink.com	labs.detectify.com
2	disqus.com	detectify.disqus.com
2	www.facebook.com	labs.detectify.com connect.facebook.net
2	www.google.de	labs.detectify.com
2	www.google.com	labs.detectify.com
2	px.ads.linkedin.com	1 redirects labs.detectify.com
2	bat.bing.com	labs.detectify.com
2	connect.facebook.net	labs.detectify.com connect.facebook.net
2	labsdetectify.wpengine.com	labs.detectify.com
2	fonts.googleapis.com	labs.detectify.com
1	p.typekit.net	labs.detectify.com
1	js.driftqa.com	labs.detectify.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	alb.reddit.com	labs.detectify.com
1	q.quora.com	labs.detectify.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	labs.detectify.com
1	a.quora.com	labs.detectify.com
1	www.redditstatic.com	labs.detectify.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	labs.detectify.com
1	detectify.disqus.com	labs.detectify.com
82	30

This site contains links to these domains. Also see Links.

Domain
detectify.com
support.your-domain.com
x.example.com
example.com
news.ycombinator.com
www.reddit.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
labs.detectify.com RapidSSL RSA CA 2018	`2020-05-24` - `2021-05-25`	a year	crt.sh
use.typekit.net DigiCert SHA2 Secure Server CA	`2020-01-28` - `2022-02-01`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.wpengine.com RapidSSL RSA CA 2018	`2019-07-01` - `2021-08-29`	2 years	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
quora.com R3	`2020-12-27` - `2021-03-27`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.quora.com R3	`2020-12-27` - `2021-03-27`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-08` - `2021-07-06`	6 months	crt.sh
driftqa.com Amazon	`2020-06-18` - `2021-07-18`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-15` - `2021-08-15`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.typekit.net DigiCert SHA2 Secure Server CA	`2019-12-06` - `2021-12-10`	2 years	crt.sh
viglink.com Amazon	`2020-12-13` - `2022-01-11`	a year	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-11-25` - `2021-12-27`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Frame ID: FB6CCC010D34F9FDC82DBB2898E4B9A3
Requests: 77 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=detectify&t_u=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&t_d=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more&t_t=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more&s_o=default
Frame ID: 12E4C60887DA7E557F89845815DDBC5E
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: DB411CBEC70DDE36A54D35D36207CD9E
Requests: 1 HTTP requests in this frame

Frame: https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css
Frame ID: 968B53C5FD3ABB7A61A35218CA4583A7
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=fpb367pdwab4&forceShow=false&skipCampaigns=false&sessionId=ddd79beb-f8f1-4a8f-b492-f48b5c72bd12&sessionStarted=1610587830&campaignRefreshToken=9f83bc41-6b71-479d-a89b-547df5828f7c&pageLoadStartTime=1610587828730
Frame ID: 5BF5ADEFF03EB825C8FE1A5CD4E51C65
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat
Frame ID: 21D822C8CAA4F95E5C2FB89EDBB674E3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he= HTTP 301
http://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/ HTTP 301
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/ HTTP 301
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

82
Requests

100 %
HTTPS

62 %
IPv6

24
Domains

30
Subdomains

28
IPs

5
Countries

2087 kB
Transfer

2976 kB
Size

7
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://detectify.com/
Title: What is Detectify?

Search URL Search Domain Scan URL

URL: http://support.your-domain.com/
Title: support.your-domain.com

Search URL Search Domain Scan URL

URL: http://x.example.com/
Title: x.example.com

Search URL Search Domain Scan URL

URL: http://example.com/
Title: example.com

Search URL Search Domain Scan URL

URL: https://detectify.com/domain-monitoring?utm_source=labs_dm&utm_medium=text&utm_campaign=labs_dm
Title: Detectify domain monitoring

Search URL Search Domain Scan URL

URL: http://detectify.com/
Title: detectify.com

Search URL Search Domain Scan URL

URL: https://news.ycombinator.com/submitlink?u=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&t=Hostile%20Subdomain%20Takeover%20using%20Heroku/Github/Desk%20+%20more

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&title=Hostile%20Subdomain%20Takeover%20using%20Heroku/Github/Desk%20+%20more

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&title=Hostile%20Subdomain%20Takeover%20using%20Heroku/Github/Desk%20+%20more&summary=&source=

Search URL Search Domain Scan URL

URL: https://twitter.com/home?status=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F

Search URL Search Domain Scan URL

URL: https://detectify.com/contact
Title: Contact us

Search URL Search Domain Scan URL

URL: https://detectify.com/pricing
Title: Sign up for a free trial »

Search URL Search Domain Scan URL

URL: https://www.facebook.com/detectify

Search URL Search Domain Scan URL

URL: https://twitter.com/detectify

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/detectify

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCm6N84sAaQ-BiNdCaaLT4qg

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he= HTTP 301
http://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/ HTTP 301
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/ HTTP 301
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D669017%26time%3D1610587829163%26url%3Dhttps%253A%252F%252Flabs.detectify.com%252F2014%252F10%252F21%252Fhostile-subdomain-takeover-using-herokugithubdesk-more%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&liSync=true

82 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Redirect Chain

https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=
http://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-he=/
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

23 KB
7 KB

127ms
126ms

Document
text/html

104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx / WP Engine
Resource Hash: 7c4747d3a3a7212c5408a4855d277546073a9b32b1bfd164692d758be5de7b5b

Request headers

:method: GET
:authority: labs.detectify.com
:scheme: https
:path: /2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Thu, 14 Jan 2021 01:30:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-pingback
link: <https://labs.detectify.com/wp-json/>; rel="https://api.w.org/" <https://labs.detectify.com/wp-json/wp/v2/posts/113>; rel="alternate"; type="application/json" <https://labs.detectify.com/?p=113>; rel=shortlink
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
x-cache: HIT: 1
x-cache-group: normal
content-encoding: br

Redirect headers

server: nginx
date: Thu, 14 Jan 2021 01:30:28 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
expires: Thu, 14 Jan 2021 02:30:28 GMT
x-redirect-by: WordPress
x-powered-by: WP Engine
x-cacheable: non200
cache-control: max-age=600, must-revalidate
x-cache: MISS
x-cache-group: normal

GET
H2 200 tzo5nif.js Show response
use.typekit.net/ 18 KB
7 KB 138ms
125ms Script
text/javascript 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/tzo5nif.js

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

0ffbc7ee851f346b57d21c7eec566017064431ec7b93e28b020a7351c1996f3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 14 Jan 2021 01:30:28 GMT
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
content-length: 6896

GET
H2 200 css
fonts.googleapis.com/ 16 KB
1 KB 18ms
16ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a12c794412c0356b1eefb9fe3695f757094a602a2f24659f051f7787195a6ce1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 14 Jan 2021 01:30:28 GMT
server: ESF
date: Thu, 14 Jan 2021 01:30:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Jan 2021 01:30:28 GMT

GET
H2 200 style.min.css
labs.detectify.com/wp-includes/css/dist/block-library/ 50 KB
8 KB 129ms
128ms Stylesheet
text/css 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-includes/css/dist/block-library/style.min.css?ver=5.6
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:28 GMT
content-encoding: br
last-modified: Fri, 18 Dec 2020 15:40:41 GMT
server: nginx
etag: W/"5fdccd79-c8e9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 style.css
labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/ 36 KB
6 KB 149ms
148ms Stylesheet
text/css 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: ced098a24c2db69f976f3ee1154da8929d43f035cefaa3c60ee8a70edc3288ab

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:28 GMT
content-encoding: br
last-modified: Wed, 25 Nov 2020 12:54:47 GMT
server: nginx
etag: W/"5fbe5417-8e91"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery.min.js Show response
labs.detectify.com/wp-includes/js/jquery/ 87 KB
31 KB 230ms
228ms Script
application/javascript 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:28 GMT
content-encoding: br
last-modified: Fri, 18 Dec 2020 15:40:41 GMT
server: nginx
etag: W/"5fdccd79-15d98"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 jquery-migrate.min.js Show response
labs.detectify.com/wp-includes/js/jquery/ 11 KB
4 KB 276ms
275ms Script
application/javascript 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:28 GMT
content-encoding: br
last-modified: Fri, 18 Dec 2020 15:40:41 GMT
server: nginx
etag: W/"5fdccd79-2bd8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 detectify.svg
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 4 KB
2 KB 246ms
240ms Image
image/svg+xml 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/detectify.svg
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 45781771a95e51ea8c04de1c05790c612e80d6303e29e54be4dab70007efaa08

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: W/"5fbcda02-fe8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 icon-ycombinator.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 683 B
884 B 246ms
241ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/icon-ycombinator.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 61c16dfeb22d02ddbf5c8e30d305ad199979d7a7e2d6f8cab66f2cddf6a2c7dd

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-2ab"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 683

GET
H2 200 icon-reddit.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 1 KB
2 KB 246ms
241ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/icon-reddit.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: e2adf55d07c4c8e4790cf2404f54551ee1609e2490df08356b95c4f4314a4587

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-5dc"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1500

GET
H2 200 icon-linkedin.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 709 B
910 B 247ms
242ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/icon-linkedin.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: f15a612820ee6932e59908a502c52ea6370c7bacadec59a2153aed31ad876480

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-2c5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 709

GET
H2 200 icon-twitter.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 1 KB
1 KB 245ms
240ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/icon-twitter.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: b0353d7ceb6b95d450a0cbe4c2fb7d53839a3f1b7832d53bd3bfd2da8b6d49db

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-467"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1127

GET
H2 200 icon-facebook.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 760 B
961 B 245ms
241ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/icon-facebook.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: dbc2dc58ab6e0cfbcade44534efd0747d86ffacc856207a30202ef6b76198a34

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-2f8"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 760

GET
H2 200 Hacker-Pic-B-1-400x480.png
labs.detectify.com/wp-content/uploads/2019/05/ 178 KB
179 KB 245ms
241ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/uploads/2019/05/Hacker-Pic-B-1-400x480.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1e36d21bebed621dd7535cb4e15e4a36136316152bd2e11739c5daa7af9b3de1

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Fri, 24 May 2019 13:45:03 GMT
server: nginx
etag: "5ce7f55f-2c92e"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 182574

GET
H2 200 image-1-400x480.png
labs.detectify.com/wp-content/uploads/2018/08/ 30 KB
31 KB 245ms
241ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/uploads/2018/08/image-1-400x480.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 17ff494201dce24dc9609dc5983462fb494e75d2700f703565ce2c98afbb7767

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Thu, 02 Aug 2018 13:54:54 GMT
server: nginx
etag: "5b630d2e-79f8"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 31224

GET
H2 200 GraphQL_proof_of_concept-400x480.png
labs.detectify.com/wp-content/uploads/2018/03/ 99 KB
99 KB 245ms
242ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/uploads/2018/03/GraphQL_proof_of_concept-400x480.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: c3e45eb2f762247549e6ea231cadf8fdeecbab660f7a9a5fee4db27eba30ae54

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Wed, 14 Mar 2018 09:06:47 GMT
server: nginx
etag: "5aa8e627-18c64"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 101476

GET
H2 200 facebook.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 1 KB
1 KB 245ms
242ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/facebook.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 504b4de8f04d4c0c0c52a1fa8f1a745cf955fc4eda7fbf3cf28750675845ede6

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-525"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 1317

GET
H2 200 twitter.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 5 KB
5 KB 245ms
242ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/twitter.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 937708e5eaccff798e9227ab16da5a981b1e011db197b853ceb31a357255856e

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-1244"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4676

GET
H2 200 linkedin.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 15 KB
15 KB 245ms
242ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/linkedin.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: eec028c2489cb681aa45c3247bdbbd3e8b14b6d5b4b59f32a46eaff565ea0e18

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-3bce"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 15310

GET
H2 200 youtube.png
labs.detectify.com/wp-content/themes/detectify2.0.5/images/ 13 KB
13 KB 245ms
243ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/images/youtube.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 761932b546d167fd12090fd5d2cae7bb15a02270b40e10e3a6e041e02cf79dd0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: "5fbcda02-338b"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 13195

GET
H2 200 main.js Show response
labs.detectify.com/wp-content/themes/detectify2.0.5/dist/js/ 262 KB
81 KB 146ms
146ms Script
application/javascript 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/js/main.js?ver=1
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 63a4306a05ad325868f376e75966ee349e8dc5d7ec95bdd9894b8c3f91e67a05

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
last-modified: Tue, 24 Nov 2020 10:01:38 GMT
server: nginx
etag: W/"5fbcda02-4166e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-embed.min.js Show response
labs.detectify.com/wp-includes/js/ 1 KB
951 B 249ms
249ms Script
application/javascript 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-includes/js/wp-embed.min.js?ver=5.6
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
last-modified: Sat, 26 Oct 2019 00:17:07 GMT
server: nginx
etag: W/"5db39083-59a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 wp-emoji-release.min.js Show response
labs.detectify.com/wp-includes/js/ 14 KB
5 KB 245ms
243ms Script
application/javascript 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-includes/js/wp-emoji-release.min.js?ver=5.6
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3685c3818240f5f390073c7d04f944a5cb5d848093224f3a7888034e8c050eb4

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
last-modified: Fri, 18 Dec 2020 15:40:41 GMT
server: nginx
etag: W/"5fdccd79-37a6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H3-Q050 200 css
fonts.googleapis.com/ 2 KB
997 B 46ms
32ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Mono

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

774fe65376725e8aad7d70e5fe6857d77f00fd23800d8c0ef411c648ea9a1531

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 13 Jan 2021 23:31:47 GMT
server: ESF
date: Thu, 14 Jan 2021 01:30:28 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 14 Jan 2021 01:30:28 GMT

GET
H2 200 /
labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/ 23 KB
23 KB 246ms
243ms Image
text/html 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx / WP Engine
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-pingback
date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
x-cacheable: SHORT
server: nginx
x-powered-by: WP Engine
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-cache: HIT: 2
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
link: <https://labs.detectify.com/wp-json/>; rel="https://api.w.org/", <https://labs.detectify.com/wp-json/wp/v2/posts/113>; rel="alternate"; type="application/json", <https://labs.detectify.com/?p=113>; rel=shortlink
x-cache-group: normal

GET
H2 200 CircularPro-Book.otf
labs.detectify.com/wp-content/themes/detectify2.0.5/assets/CircularPro-Book/ 85 KB
85 KB 244ms
242ms Font
application/octet-stream 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/assets/CircularPro-Book/CircularPro-Book.otf
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 0c833aefd088c6fae2c65e2faf155463b75091c61b984a22292ca98718b465de

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:37 GMT
server: nginx
etag: "5fbcda01-15468"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 87144

GET
H2 200 L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-AJi8SJQt.woff
fonts.gstatic.com/s/robotomono/v12/ 15 KB
15 KB 10ms
9ms Font
font/woff 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotomono/v12/L0xuDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vq_ROW-AJi8SJQt.woff

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Mono

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

561592b91ee0231080e62a5f40f52bc55124655643af516a33eeaf29b76e1574

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://labs.detectify.com
Referer: https://fonts.googleapis.com/css?family=Roboto+Mono
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 11 Jan 2021 11:42:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 13 Jul 2020 19:15:46 GMT
server: sffe
age: 222485
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15160
x-xss-protection: 0
expires: Tue, 11 Jan 2022 11:42:24 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://labs.detectify.com
Referer: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 07 Jan 2021 20:12:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 537492
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Fri, 07 Jan 2022 20:12:17 GMT

GET
H2 200 4UaBrEBBsBhlBjvfkSLhx6jj4JN0.woff2
fonts.gstatic.com/s/alegreya/v16/ 18 KB
18 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/alegreya/v16/4UaBrEBBsBhlBjvfkSLhx6jj4JN0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

997423be26d1eae9efbfc2098141a06f626749dc4a89fc40c15d567a662856a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://labs.detectify.com
Referer: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 07 Jan 2021 16:17:00 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Oct 2020 18:54:51 GMT
server: sffe
age: 551609
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18220
x-xss-protection: 0
expires: Fri, 07 Jan 2022 16:17:00 GMT

GET
H2 200 4UaErEBBsBhlBjvfkSLk_xHM8pxULilENlY.woff2
fonts.gstatic.com/s/alegreya/v16/ 19 KB
19 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/alegreya/v16/4UaErEBBsBhlBjvfkSLk_xHM8pxULilENlY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12d773a48a0b51b4be416f0437556c330362763bbc06c70cd6e9a3c36e294178

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://labs.detectify.com
Referer: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 08:28:14 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Oct 2020 18:53:18 GMT
server: sffe
age: 493335
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19092
x-xss-protection: 0
expires: Sat, 08 Jan 2022 08:28:14 GMT

GET
H3-Q050 200 4UaHrEBBsBhlBjvfkSLk96rp57F2IwM.woff2
fonts.gstatic.com/s/alegreya/v16/ 18 KB
18 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/alegreya/v16/4UaHrEBBsBhlBjvfkSLk96rp57F2IwM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fb0bef9a23d2e21086eb04729ba9719e89e7ca8d78d35410fda1e2de6ec33b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://labs.detectify.com
Referer: https://fonts.googleapis.com/css?family=Alegreya:400,400i,700,700i|Open+Sans:400,400i,700,700i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:51:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Oct 2020 18:52:51 GMT
server: sffe
age: 167938
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18320
x-xss-protection: 0
expires: Wed, 12 Jan 2022 02:51:31 GMT

GET
H2 200 red2.png
labsdetectify.wpengine.com/wp-content/uploads/2016/02/ 27 KB
27 KB 671ms
341ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labsdetectify.wpengine.com/wp-content/uploads/2016/02/red2.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 793acec2f8d584b55d9921216da08fe25b3713efaf597d0f1bb257d99ab0eeb9

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 13 Sep 2016 17:33:53 GMT
server: nginx
etag: "57d83881-6a04"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 27140

GET
H2 200 all.png
labsdetectify.wpengine.com/wp-content/uploads/2016/02/ 550 KB
551 KB 467ms
137ms Image
image/png 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://labsdetectify.wpengine.com/wp-content/uploads/2016/02/all.png
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: bcfbcea42950c5e32722fb230626e4323b445e7b332d2f60562b17b87ef41bd7

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 13 Sep 2016 17:33:54 GMT
server: nginx
etag: "57d83882-8975e"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 563038

GET
H/1.1 200
OK embed.js Show response
detectify.disqus.com/ 72 KB
24 KB 227ms
147ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://detectify.disqus.com/embed.js

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

d91b957d91da6313dea39f16e9f378779d94695dffc1cd05f81837f781fe382c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:30:29 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 23902

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 116 KB
39 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:816::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TWT88B

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba3a031eb1841b8944dd1642d07d632293041dec00cb281a66205542937b65db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39863
x-xss-protection: 0
last-modified: Thu, 14 Jan 2021 00:54:02 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Jan 2021 01:30:29 GMT

GET
H2 200 CircularPro-Medium.otf
labs.detectify.com/wp-content/themes/detectify2.0.5/assets/CircularPro-Medium/ 93 KB
93 KB 177ms
177ms Font
application/octet-stream 104.196.191.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/assets/CircularPro-Medium/CircularPro-Medium.otf
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.196.191.243 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 243.191.196.104.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8df65c16e955a73528fdc581781364fd6059da9c7ffb7d9e84ebea9e34f894b6

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/wp-content/themes/detectify2.0.5/dist/css/style.css?ver=5.6
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Tue, 24 Nov 2020 10:01:37 GMT
server: nginx
etag: "5fbcda01-173ec"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 95212

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TWT88B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 657
date: Thu, 14 Jan 2021 01:19:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Thu, 14 Jan 2021 03:19:32 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
13 KB 117ms
44ms Script
text/javascript 172.217.23.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TWT88B

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s18-in-f130.1e100.net

Software

cafe /

Resource Hash

5e79436d1f00cd00ece18c935a3835b2db0dc1f36db9146ba08ea9b1bfefa2fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12183
x-xss-protection: 0
server: cafe
etag: 13630185657052990885
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 14 Jan 2021 01:30:29 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 90 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: dEt3pZtjirB3cN0xBqoowV0zsnL4LdYAWsKhUHj26krRK+XlRVeP2ZlIIIAqP8jUfyDaGfMM448YuZ4MYZx+2Q==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 14 Jan 2021 01:30:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 17 KB
6 KB 86ms
28ms Script
application/javascript 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 30 Jun 2020 17:04:46 GMT
server: snooserv
etag: "85ee817cda81317b49d1d3056f6bdf95"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 5809

GET
H2 200 qevents.js Show response
a.quora.com/ 39 KB
14 KB 88ms
28ms Script
text/plain 151.101.13.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.2 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef6de6beb1cf5bf809eccfe10f99aea0e0969c71d4eab5446410fef72695679f

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: s3LlaOWABX1LUjiLldBNr49lVAylKDRo
content-encoding: gzip
etag: "f32ebb1e93a72c0a57add6d07f688510"
age: 5582
x-cache: HIT, HIT
content-length: 13681
x-amz-id-2: Mr082XSAeK5gl9ne6fLo1egLVz8sHPMcqMfXWnw8NHeADkQ5FLNiVu7jFuWInpu3I/gnYljCvGE=
x-served-by: cache-bwi5140-BWI, cache-fra19121-FRA
last-modified: Fri, 25 Oct 2019 19:28:38 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1572031715/ctime:1572031714/gid:1000000/gname:employee/md5:f32ebb1e93a72c0a57add6d07f688510/mode:33188/mtime:1149709104/uid:1000332/uname:tzhou
x-timer: S1610587829.200189,VS0,VE0
date: Thu, 14 Jan 2021 01:30:29 GMT
vary: Accept-Encoding
x-amz-request-id: F2C73976BA935DDF
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=7200
accept-ranges: bytes
content-type: text/plain
x-cache-hits: 1, 333

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
8 KB 30ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:28 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 9DA9CCBC669B46ABBB090A7FB2FF98C4 Ref B: FRAEDGE1215 Ref C: 2021-01-14T01:30:29Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 6ms
6ms Script
application/x-javascript 2a02:26f0:6c00:296::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:30:29 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=20266
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2 200 fpb367pdwab4.js Show response
js.driftt.com/include/1610588100000/ 285 KB
81 KB 149ms
148ms Script
application/javascript 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1610588100000/fpb367pdwab4.js

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

9e75487e743a232de81010377a58dbdfa686ab218d263e06949492b8b24d995a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 13 Jan 2021 22:48:20 GMT
server: nginx
etag: W/"f45d3e277640fcd63987b8f145779557"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: AFHp_aaeONLsS368i1Mu8M0Mngp3xcay
via: 1.1 ab39b007ab81966ada6e7fb1536bf377.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: s2kjCIrdL3IEWcrnMOf0UyPLYreNTq6btwjDWEEGU-qA04ZKkpZuIg==

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 85 KB
34 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-P729945&t=gtm4&cid=193270723.1610587829

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5541cfb67684ceba743744d4496dc9dc41fce81af5f56c16a1c95e1acb454335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34127
x-xss-protection: 0
expires: Thu, 14 Jan 2021 01:30:29 GMT

GET
H2 200 670320013354403 Show response
connect.facebook.net/signals/config/ 240 KB
69 KB 49ms
49ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/670320013354403?v=2.9.32&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

813d6874bd1f23696f3719fde392eadd516f7e314a58afe0c82a954c42ecf558

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: xzLtNr4PMww05TLemhLB4VampZGNPF5b1i/fYyP6mAn6luFE9LWsC1cGti72caUgjMOvLmlplQAELb1vgKsIqA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 14 Jan 2021 01:30:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 814255232
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D669017%26time%3D1610587829163%26url%3Dhttps%253A%252F%252Flabs.detectify.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&liSync...

0
61 B

165ms
165ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&liSync=true
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: AjQZARn1WRaQ0RM/sSoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: /Kj4+hj1WRawWqyu7yoAAA==
pragma: no-cache
x-li-pop: afd-prod-ltx1
x-msedge-ref: Ref A: 384B99C02A7748148B2C858C027FCADD Ref B: FRAEDGE1109 Ref C: 2021-01-14T01:30:29Z
x-frame-options: sameorigin
date: Thu, 14 Jan 2021 01:30:28 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=669017&time=1610587829163&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-27509029-1&cid=193270723.1610587829&jid=1474360352&gjid=605342860&_gid=1077403745.1610587829&_u=aGDAgEADQAAAAE~&z=2072571408

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 14 Jan 2021 01:30:29 GMT
content-type: text/plain
access-control-allow-origin: https://labs.detectify.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
120 B 6ms
6ms Image
image/gif 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=758442445&t=pageview&_s=1&dl=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&dr=&ul=en-us&de=UTF-8&dt=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more%20%7C%20Detectify%20Labs&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=1474360352&gjid=605342860&cid=193270723.1610587829&tid=UA-27509029-1&_gid=1077403745.1610587829&gtm=2wg161TWT88B&z=372073103

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Jan 2021 12:31:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 46731
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-27509029-1&cid=193270723.1610587829&jid=1474360352&_u=aGDAgEADQAAAAE~&z=816535006

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 16ms
16ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-27509029-1&cid=193270723.1610587829&jid=1474360352&_u=aGDAgEADQAAAAE~&z=816535006

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
410 B 19ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=670320013354403&ev=PageView&dl=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&rl=&if=false&ts=1610587829238&cd[site_websiteName]=undefined&cd[site_websiteID]=undefined&cd[page_path]=undefined&cd[page_title]=undefined&sw=1600&sh=1200&v=2.9.32&r=stable&ec=0&o=30&fbp=fb.1.1610587829236.905496946&it=1610587829160&coo=false&rqm=GET

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 14 Jan 2021 01:30:29 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/1fdf7ccfca6242509a1527df793b82c7/ 43 B
420 B 394ms
98ms Image
image/gif 3.213.100.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/1fdf7ccfca6242509a1527df793b82c7/pixel?j=1&u=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&tag=ViewContent&ts=1610587829247

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.213.100.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-213-100-238.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:30:29 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,284ad5869ebb95064076877da700c181,10.0.0.113,5214,82.102.18.114,,58679441874,1,1610587829.587,0.002,,.,0,0,0.000,0.004,-,0,0,197,146,73,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 192ms
132ms Image
image/gif 151.101.113.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1610587829250&id=t2_7xml9zo6&event=PageVisit&uuid=359890ec-5bca-46ae-adf0-4f1d4789a61a&s=IlQsdM9JC9W4H7tyKmVceyRVQjdQU3dqbmrsfWFmDE0%3D
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/963762917/ 2 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:81b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/963762917/?random=1610587829308&cv=9&fst=1610587829308&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg161&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&tiba=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more%20%7C%20Detectify%20Labs&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c350e5341423e3e509feec39d45a1fc91cb67466c58a5e78924d58a8f6bd0637

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1083
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 206 notification.d46d7db1.mp3
js.driftqa.com/conductor/assets/media/ 20 KB
21 KB 350ms
115ms Media
audio/mpeg 54.197.143.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftqa.com/conductor/assets/media/notification.d46d7db1.mp3

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.143.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-143-221.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ad80ac33ed04b4e6d78167b4162ecd3d2e8c29d17b43eb3df1f35b216b2ac5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-amz-server-side-encryption: AES256
date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Thu, 14 Jan 2021 00:07:02 GMT
server: nginx
access-control-allow-origin: *
etag: "d46d7db110874da77e094dcbc4bec8e6"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
Content-Range: bytes 0-20896/20897
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 20897

GET
H2 200 lounge.93b42de3124a0dd0533f88d602ff11e8.css
c.disquscdn.com/next/embed/styles/ 0
22 KB 37ms
20ms Other
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.93b42de3124a0dd0533f88d602ff11e8.css

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 625327
strict-transport-security: max-age=300; includeSubdomains
content-length: 22661
cf-request-id: 07a01d0c6b0000d72d5b02d000000001
timing-allow-origin: *
last-modified: Thu, 17 Dec 2020 22:41:59 GMT
server: cloudflare
etag: "5fdbdeb7-5885"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW55-C3
accept-ranges: bytes
cf-ray: 6113978d791dd72d-FRA
x-amz-cf-id: FoLAKKYeyCVOQCHjxkf648euNl2eE6RaXpXOfpVsO0oF_J48wSAC-w==
expires: Thu, 06 Jan 2022 19:48:21 GMT

GET
H2 200 common.bundle.38ea27189bdb723eae3dabf5bc7b8c0b.js
c.disquscdn.com/next/embed/ 0
93 KB 31ms
14ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.38ea27189bdb723eae3dabf5bc7b8c0b.js

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 181044
strict-transport-security: max-age=300; includeSubdomains
content-length: 94778
cf-request-id: 07a01d0c6b0000d72d7319f000000001
timing-allow-origin: *
last-modified: Mon, 11 Jan 2021 21:10:38 GMT
server: cloudflare
etag: "5ffcbece-1723a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW55-C3
accept-ranges: bytes
cf-ray: 6113978d7921d72d-FRA
x-amz-cf-id: IPH2Ychi9ylfThDq4vOs9o2Rc8M0Ypdu-s2Q_SL2aA1yH56ait05kA==
expires: Tue, 11 Jan 2022 23:13:03 GMT

GET
H2 200 lounge.bundle.e99bef264ab1dbdf324efcfb446cf290.js
c.disquscdn.com/next/embed/ 0
114 KB 37ms
20ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.e99bef264ab1dbdf324efcfb446cf290.js

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 181044
strict-transport-security: max-age=300; includeSubdomains
content-length: 116439
cf-request-id: 07a01d0c6b0000d72d170b1000000001
timing-allow-origin: *
last-modified: Mon, 11 Jan 2021 21:10:38 GMT
server: cloudflare
etag: "5ffcbece-1c6d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW55-C3
accept-ranges: bytes
cf-ray: 6113978d7923d72d-FRA
x-amz-cf-id: RpxEggxphocoSC2TYivFfRA1ZJSY_j6ULQ7_6jad6RGUblRyJB-kZQ==
expires: Tue, 11 Jan 2022 23:13:03 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
11 KB 59ms
19ms Other
application/javascript 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:30:29 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 47
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 10242
X-XSS-Protection: 1; mode=block

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/963762917/ 42 B
530 B 40ms
24ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/963762917/?random=1610587829308&cv=9&fst=1610586000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg161&sendb=1&frm=0&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&tiba=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more%20%7C%20Detectify%20Labs&async=1&fmt=3&is_vtc=1&random=688219027&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/963762917/ 42 B
530 B 49ms
33ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/963762917/?random=1610587829308&cv=9&fst=1610586000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg161&sendb=1&frm=0&url=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&tiba=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more%20%7C%20Detectify%20Labs&async=1&fmt=3&is_vtc=1&random=688219027&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 l
use.typekit.net/af/dacbbb/000000000000000000014a3f/27/ 15 KB
15 KB 17ms
6ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/dacbbb/000000000000000000014a3f/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b4f6b15171db948a3719ec5d9ad29101296dbfe801dc29040db8b5d9974fc037

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: nginx
etag: "9f69a3fb9ccd97d61c83bc04e10301a095b7a449"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15600

GET
H2 200 l
use.typekit.net/af/5e5e35/000000000000000000014a3e/27/ 15 KB
16 KB 19ms
8ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/5e5e35/000000000000000000014a3e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ebaa235bd73fd575f091a0d36701d7d4fee2fc38b0aeea515e28f10ab3bf001e

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: nginx
etag: "552cbdb1c37116efa6da228cc29728b358eb1e4c"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 15772

GET
H2 200 l
use.typekit.net/af/c19086/000000000000000000014a3b/27/ 15 KB
15 KB 18ms
7ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/c19086/000000000000000000014a3b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9db911c69298b73dcac7905443fa87aa253bb2d1a2b0d0e2840c696bf9ea97d4

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: nginx
etag: "dda97810a2e0dcc5cea33a3d827efaac98f39199"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 14920

GET
H2 200 l
use.typekit.net/af/59af34/000000000000000000014a3d/27/ 17 KB
17 KB 24ms
13ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/59af34/000000000000000000014a3d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5b9db5acc5e9d4fa4baf66b5a8385d3ed4d697faa7f60148f757bf509792f8d2

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: nginx
etag: "1b875ac65d89bbbcbc04766acc6ceae8d1e45209"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 17028

GET
H2 200 l
use.typekit.net/af/143f81/000000000000000000014a40/27/ 35 KB
35 KB 28ms
17ms Font
application/font-woff2 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/143f81/000000000000000000014a40/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 8e479c3cd41c52d18a82dd032758a93e98242987ff281d04a163a50a3fe984ac

Request headers

Origin: https://labs.detectify.com
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
server: nginx
etag: "9eb6f2d6fc5498c8f83e6e2d042c442386ba5a88"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
content-length: 35756

GET
H2 204 0
bat.bing.com/action/ 0
115 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17423398&Ver=2&mid=38810eae-381c-47a1-92a3-034ef7243d17&sid=16054db0560811ebb432a9f5e67ee598&vid=16055150560811ebb5c4b35407590448&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more%20%7C%20Detectify%20Labs&p=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&r=&lt=1671&evt=pageLoad&msclkid=N&sv=1&rn=552091
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 14 Jan 2021 01:30:29 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 7120446D10E245C7AAC85E8F3C059538 Ref B: FRAEDGE1215 Ref C: 2021-01-14T01:30:29Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p.gif
p.typekit.net/ 35 B
182 B 19ms
7ms Image
image/gif 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=tzo5nif&ht=tk&h=labs.detectify.com&f=15759.15760.15761.22737.22740&a=520577&js=1.20.0&app=typekit&e=js&_=1610587829436
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
last-modified: Wed, 24 Jun 2020 18:11:26 GMT
server: nginx
etag: "5ef3974e-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 35

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 12E4 0
0 139ms
138ms Document
text/html 151.101.64.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=detectify&t_u=https%3A%2F%2Flabs.detectify.com%2F2014%2F10%2F21%2Fhostile-subdomain-takeover-using-herokugithubdesk-more%2F&t_d=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more&t_t=Hostile%20Subdomain%20Takeover%20using%20Heroku%2FGithub%2FDesk%20%2B%20more&s_o=default

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.64.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Response headers

Connection: keep-alive
Content-Length: 8862
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Tue, 12 Jan 2021 10:06:52 GMT
ETag: W/"lounge:view:4644724845.379911b9ca2ebdfca46431e9f7f711fb.2"
Content-Encoding: gzip
Date: Thu, 14 Jan 2021 01:30:29 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

POST
H2 200 /
www.facebook.com/tr/ 0
86 B 6ms
6ms Other
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8EIubUnpP4eCx2G5

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
server: proxygen-bolt
date: Thu, 14 Jan 2021 01:30:29 GMT
content-type: text/plain
access-control-allow-origin: https://labs.detectify.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0

GET
H2 200 alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js Show response
c.disquscdn.com/next/embed/ 78 KB
26 KB 14ms
13ms Script
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1655265
strict-transport-security: max-age=300; includeSubdomains
content-length: 26578
cf-request-id: 07a01d0e6d0000d72d41295000000001
timing-allow-origin: *
last-modified: Mon, 23 Nov 2020 17:22:41 GMT
server: cloudflare
etag: "5fbbefe1-67d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW55-C3
accept-ranges: bytes
cf-ray: 61139790ab21d72d-FRA
x-amz-cf-id: iwXvkWWneYUzTgpoGXrolZxBkoZQ2bfC3Qst_9vVPBWLaqb-vIiHXg==
expires: Mon, 29 Nov 2021 02:25:38 GMT

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
387 B 89ms
28ms Image
image/gif 143.204.215.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=1.6752899422964853
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-65.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:25 GMT
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront)
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: AmazonS3
age: 4
etag: "221d8352905f2c38b3cb2bd191d630b0"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=15, must-revalidate
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: OrL2-363jAO6tVFC5PvujT10v3imtLYKYSKqPvG9Sp1gRMY0qf9-jw==

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
388 B 90ms
29ms Image
image/gif 143.204.215.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=1.6752899422964853
Requested by: Host: labs.detectify.com
URL: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-65.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:25 GMT
via: 1.1 befe3b8553d90339ecf78e5d7cefa60b.cloudfront.net (CloudFront)
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: AmazonS3
age: 4
etag: "221d8352905f2c38b3cb2bd191d630b0"
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=15, must-revalidate
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 43
x-amz-cf-id: DOFmnqxXUCkA6NhHdUsFmNU-7Cr7Q2BtRXPT4XeVvXcsGw5UDyVBlw==

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame DB41 337 B
715 B 12ms
12ms Stylesheet
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1632777
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
cf-request-id: 07a01d0ec10000d72d5b03e000000001
timing-allow-origin: *
last-modified: Tue, 17 Nov 2020 19:25:20 GMT
server: cloudflare
etag: "5fb423a0-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW3-C1
accept-ranges: bytes
cf-ray: 611397913b7fd72d-FRA
x-amz-cf-id: bXIMJ1-lqAO3UdooVh5uxIMFBzfzU1TPN0UMbp_Yhh2TonBiviCwsA==
expires: Thu, 18 Nov 2021 12:38:46 GMT

GET
H2 200 realtime.af77184dec69e96e69aff958ae2bb738.css
c.disquscdn.com/next/embed/styles/ Frame 968B 337 B
354 B 14ms
14ms Stylesheet
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/realtime.af77184dec69e96e69aff958ae2bb738.css

Requested by

Host: detectify.disqus.com
URL: https://detectify.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:30:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1632777
strict-transport-security: max-age=300; includeSubdomains
content-length: 244
cf-request-id: 07a01d0ec70000d72d731b1000000001
timing-allow-origin: *
last-modified: Tue, 17 Nov 2020 19:25:20 GMT
server: cloudflare
etag: "5fb423a0-f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: DFW3-C1
accept-ranges: bytes
cf-ray: 611397913b84d72d-FRA
x-amz-cf-id: bXIMJ1-lqAO3UdooVh5uxIMFBzfzU1TPN0UMbp_Yhh2TonBiviCwsA==
expires: Thu, 18 Nov 2021 12:38:46 GMT

GET
H2 200 core
js.driftt.com/ Frame 5BF5 0
0 131ms
131ms Document
text/html 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=fpb367pdwab4&forceShow=false&skipCampaigns=false&sessionId=ddd79beb-f8f1-4a8f-b492-f48b5c72bd12&sessionStarted=1610587830&campaignRefreshToken=9f83bc41-6b71-479d-a89b-547df5828f7c&pageLoadStartTime=1610587828730

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1610588100000/fpb367pdwab4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core?embedId=fpb367pdwab4&forceShow=false&skipCampaigns=false&sessionId=ddd79beb-f8f1-4a8f-b492-f48b5c72bd12&sessionStarted=1610587830&campaignRefreshToken=9f83bc41-6b71-479d-a89b-547df5828f7c&pageLoadStartTime=1610587828730
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 13 Jan 2021 22:48:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ZEOrLjfBtyw31jWBTNbrkGrp7nHIFp91
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 14 Jan 2021 01:30:30 GMT
cache-control: no-cache
etag: W/"6d0234471404f1a2e00d378e30611d6e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 ab39b007ab81966ada6e7fb1536bf377.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: dE0Y_rkdTQauu8eHKdWlGssRXQ0DYJ7NxEBAM9IX_qbLL8QKCRh7Eg==

GET
H2 200 chat
js.driftt.com/core/ Frame 21D8 0
0 328ms
327ms Document
text/html 143.204.215.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1610588100000/fpb367pdwab4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.88 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-88.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core/chat
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Wed, 13 Jan 2021 22:48:10 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: ZEOrLjfBtyw31jWBTNbrkGrp7nHIFp91
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 14 Jan 2021 01:30:30 GMT
cache-control: no-cache
etag: W/"6d0234471404f1a2e00d378e30611d6e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 ab39b007ab81966ada6e7fb1536bf377.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: hgmW4nm7muWjgOMrFlqU_X9piZYo-zZSFLBxrHMPoy5sv5WnCbbAMg==

POST
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 299 B
925 B 128ms
63ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: e772ed85c401fe340ba074b1ae7b83e25f6a00febabd53faa247671b65672443

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:30:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://labs.detectify.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 299
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sync.gif
links.services.disqus.com/api/ 43 B
565 B 56ms
56ms Image
image/gif 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:30:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Type: image/gif;charset=UTF-8
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 76 B
701 B 118ms
61ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 8c7f5c2d81ced50109b62b9501837c677c06a262e6ed50713e7b20ba29413ce2

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:30:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://labs.detectify.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 76
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK domains Show response
links.services.disqus.com/api/ 42 B
667 B 98ms
62ms XHR
text/javascript 151.101.112.64
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/domains
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 4f5ef0b77621bfff889f1eafa87bd915d715c60b6b63d7702c951f6ea76f381b

Request headers

Referer: https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:30:30 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://labs.detectify.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.labs.detectify.com/	1970-01-19 17:32:43	Name: _rdt_uuid Value: 1610587829250.359890ec-5bca-46ae-adf0-4f1d4789a61a
labs.detectify.com/	1970-01-19 15:23:09	Name: drift_campaign_refresh Value: 9f83bc41-6b71-479d-a89b-547df5828f7c
.detectify.com/	1970-01-19 15:24:34	Name: _gid Value: GA1.2.1077403745.1610587829
.detectify.com/	1970-01-19 15:24:34	Name: _uetsid Value: 16054db0560811ebb432a9f5e67ee598
.detectify.com/	1970-01-19 15:46:31	Name: _uetvid Value: 16055150560811ebb5c4b35407590448
.detectify.com/	1970-01-19 17:32:43	Name: _fbp Value: fb.1.1610587829236.905496946
.detectify.com/	1970-01-20 08:54:19	Name: _ga Value: GA1.2.193270723.1610587829

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://labs.detectify.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
alb.reddit.com
bat.bing.com
c.disquscdn.com
cdn.viglink.com
connect.facebook.net
detectify.disqus.com
disqus.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.driftqa.com
js.driftt.com
labs.detectify.com
labsdetectify.wpengine.com
links.services.disqus.com
p.typekit.net
px.ads.linkedin.com
q.quora.com
snap.licdn.com
stats.g.doubleclick.net
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
104.196.191.243
143.204.215.65
143.204.215.88
151.101.112.64
151.101.113.140
151.101.12.134
151.101.13.2
151.101.64.134
172.217.23.130
2606:4700::6812:a813
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::2003
2a00:1450:4001:803::200a
2a00:1450:4001:806::2003
2a00:1450:4001:808::200e
2a00:1450:4001:816::2008
2a00:1450:4001:816::200e
2a00:1450:4001:81b::2002
2a00:1450:4001:81d::2004
2a00:1450:400c:c0c::9b
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00:296::25ea
2a02:26f0:6c00::210:ba2a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.213.100.238
54.197.143.221
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0c833aefd088c6fae2c65e2faf155463b75091c61b984a22292ca98718b465de
0ffbc7ee851f346b57d21c7eec566017064431ec7b93e28b020a7351c1996f3d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12d773a48a0b51b4be416f0437556c330362763bbc06c70cd6e9a3c36e294178
17ff494201dce24dc9609dc5983462fb494e75d2700f703565ce2c98afbb7767
1e36d21bebed621dd7535cb4e15e4a36136316152bd2e11739c5daa7af9b3de1
3685c3818240f5f390073c7d04f944a5cb5d848093224f3a7888034e8c050eb4
45781771a95e51ea8c04de1c05790c612e80d6303e29e54be4dab70007efaa08
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4f5ef0b77621bfff889f1eafa87bd915d715c60b6b63d7702c951f6ea76f381b
4fb0bef9a23d2e21086eb04729ba9719e89e7ca8d78d35410fda1e2de6ec33b1
504b4de8f04d4c0c0c52a1fa8f1a745cf955fc4eda7fbf3cf28750675845ede6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5541cfb67684ceba743744d4496dc9dc41fce81af5f56c16a1c95e1acb454335
561592b91ee0231080e62a5f40f52bc55124655643af516a33eeaf29b76e1574
5b9db5acc5e9d4fa4baf66b5a8385d3ed4d697faa7f60148f757bf509792f8d2
5c2288ca7b324881faae5e368eb4d69457e2784e042e868de335d3827bb90981
5e79436d1f00cd00ece18c935a3835b2db0dc1f36db9146ba08ea9b1bfefa2fc
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
61c16dfeb22d02ddbf5c8e30d305ad199979d7a7e2d6f8cab66f2cddf6a2c7dd
63a4306a05ad325868f376e75966ee349e8dc5d7ec95bdd9894b8c3f91e67a05
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
761932b546d167fd12090fd5d2cae7bb15a02270b40e10e3a6e041e02cf79dd0
774fe65376725e8aad7d70e5fe6857d77f00fd23800d8c0ef411c648ea9a1531
793acec2f8d584b55d9921216da08fe25b3713efaf597d0f1bb257d99ab0eeb9
7c4747d3a3a7212c5408a4855d277546073a9b32b1bfd164692d758be5de7b5b
813d6874bd1f23696f3719fde392eadd516f7e314a58afe0c82a954c42ecf558
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c7f5c2d81ced50109b62b9501837c677c06a262e6ed50713e7b20ba29413ce2
8df65c16e955a73528fdc581781364fd6059da9c7ffb7d9e84ebea9e34f894b6
8e479c3cd41c52d18a82dd032758a93e98242987ff281d04a163a50a3fe984ac
937708e5eaccff798e9227ab16da5a981b1e011db197b853ceb31a357255856e
997423be26d1eae9efbfc2098141a06f626749dc4a89fc40c15d567a662856a3
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9db911c69298b73dcac7905443fa87aa253bb2d1a2b0d0e2840c696bf9ea97d4
9e75487e743a232de81010377a58dbdfa686ab218d263e06949492b8b24d995a
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a12c794412c0356b1eefb9fe3695f757094a602a2f24659f051f7787195a6ce1
a8755954660f9bef43d2dc61d725f022a3115b81ae76a6af093ab18cfdfa5de7
ad80ac33ed04b4e6d78167b4162ecd3d2e8c29d17b43eb3df1f35b216b2ac5c5
b0353d7ceb6b95d450a0cbe4c2fb7d53839a3f1b7832d53bd3bfd2da8b6d49db
b4f6b15171db948a3719ec5d9ad29101296dbfe801dc29040db8b5d9974fc037
ba3a031eb1841b8944dd1642d07d632293041dec00cb281a66205542937b65db
bcfbcea42950c5e32722fb230626e4323b445e7b332d2f60562b17b87ef41bd7
c284dcb06ef882b1b45e11e0a16baa223b4117eca94e243c8e725c4ce3f909b3
c350e5341423e3e509feec39d45a1fc91cb67466c58a5e78924d58a8f6bd0637
c3e45eb2f762247549e6ea231cadf8fdeecbab660f7a9a5fee4db27eba30ae54
ced098a24c2db69f976f3ee1154da8929d43f035cefaa3c60ee8a70edc3288ab
d91b957d91da6313dea39f16e9f378779d94695dffc1cd05f81837f781fe382c
dbc2dc58ab6e0cfbcade44534efd0747d86ffacc856207a30202ef6b76198a34
e2adf55d07c4c8e4790cf2404f54551ee1609e2490df08356b95c4f4314a4587
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e772ed85c401fe340ba074b1ae7b83e25f6a00febabd53faa247671b65672443
e88e0ed354170d8b73435fadf714ab8fff7c00b985295495d146b5eb92dc3e50
ebaa235bd73fd575f091a0d36701d7d4fee2fc38b0aeea515e28f10ab3bf001e
eec028c2489cb681aa45c3247bdbbd3e8b14b6d5b4b59f32a46eaff565ea0e18
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6de6beb1cf5bf809eccfe10f99aea0e0969c71d4eab5446410fef72695679f
f15a612820ee6932e59908a502c52ea6370c7bacadec59a2153aed31ad876480

labs.detectify.com Open in urlscan Pro 104.196.191.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

82 Requests

100 %HTTPS

62 %IPv6

24 Domains

30 Subdomains

28 IPs

5 Countries

2087 kBTransfer

2976 kBSize

7 Cookies

17 Outgoing links

Page URL History

Redirected requests

82 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.detectify.com Open in urlscan Pro
104.196.191.243 Public Scan

Screenshot
Live screenshot

Full Image

82
Requests

100 %
HTTPS

62 %
IPv6

24
Domains

30
Subdomains

28
IPs

5
Countries

2087 kB
Transfer

2976 kB
Size

7
Cookies

82 HTTP transactions
0 data transactions