blog.intigriti.com Open in urlscan Pro
192.0.78.12 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-ove...
Submission: On September 16 via api (September 16th 2021, 5:23:50 am UTC) from GB — Scanned from DE

Summary HTTP 71 Redirects Links 119 Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 13 domains to perform 71 HTTP transactions. The main IP is 192.0.78.12, located in United States and belongs to AUTOMATTIC, US. The main domain is blog.intigriti.com.
TLS certificate: Issued by R3 on July 18th 2021. Valid for: 3 months.

This is the only time blog.intigriti.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	192.0.78.12 192.0.78.12	2635 (AUTOMATTIC) (AUTOMATTIC)
15	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	13.224.193.89 13.224.193.89	16509 (AMAZON-02) (AMAZON-02)
5	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
3	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	13.225.78.125 13.225.78.125	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f02... 2a03:2880:f02d:110:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	192.0.78.23 192.0.78.23	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
71	18

21 192.0.78.12 (United States)

ASN2635 (AUTOMATTIC, US)

blog.intigriti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 192.0.77.37 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.193.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-89.fra2.r.cloudfront.net

www.intigriti.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.77.32 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-125.fra2.r.cloudfront.net

www-dev.intigriti.rocks	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:110:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.23 (United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	wp.com c0.wp.com s0.wp.com i1.wp.com widgets.wp.com i0.wp.com pixel.wp.com	639 KB
23	intigriti.com blog.intigriti.com www.intigriti.com	293 KB
10	gstatic.com fonts.gstatic.com	169 KB
3	gravatar.com secure.gravatar.com	10 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	intigriti.rocks www-dev.intigriti.rocks
2	googleapis.com fonts.googleapis.com	2 KB
1	google.de www.google.de	522 B
1	google.com www.google.com	522 B
1	wordpress.com public-api.wordpress.com	3 KB
1	doubleclick.net stats.g.doubleclick.net	465 B
1	facebook.com graph.facebook.com	666 B
1	googletagmanager.com www.googletagmanager.com	40 KB
71	13

	Domain	Requested by
21	blog.intigriti.com	blog.intigriti.com
15	c0.wp.com	blog.intigriti.com
10	fonts.gstatic.com	fonts.googleapis.com
4	s0.wp.com	blog.intigriti.com widgets.wp.com public-api.wordpress.com
3	secure.gravatar.com	blog.intigriti.com secure.gravatar.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www-dev.intigriti.rocks	blog.intigriti.com
2	www.intigriti.com	blog.intigriti.com
2	fonts.googleapis.com	blog.intigriti.com
1	pixel.wp.com
1	www.google.de	blog.intigriti.com
1	www.google.com	blog.intigriti.com
1	public-api.wordpress.com	s0.wp.com
1	i0.wp.com	blog.intigriti.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	graph.facebook.com	c0.wp.com
1	widgets.wp.com	blog.intigriti.com
1	i1.wp.com	blog.intigriti.com
1	www.googletagmanager.com	blog.intigriti.com
71	19

This site contains links to these domains. Also see Links.

Domain
intigriti.com
app.intigriti.com
www.intigriti.com
login.intigriti.com
newsletter.intigriti.com
swag.intigriti.com
securityflow.io
twitter.com
jfrog.com
labs.detectify.com
unit42.paloaltonetworks.com
github.com
msrc.microsoft.com
xret2pwn.github.io
www.youtube.com
www.trustedsec.com
owasp.org
www.hacker101.com
blog.detectify.com
www.slideshare.net
blog.zsec.uk
0xinfection.github.io
clement.notin.org
blog.nviso.eu
www.hackingarticles.in
about.gitlab.com
www.fortalicesolutions.com
ssd-disclosure.com
www.rapid7.com
www.spookjs.com
rikeshbaniyaaa.medium.com
blogs.opera.com
kattraxler.github.io
pentester.land
desi-jarvis.medium.com
docs.google.com
guides.rubyonrails.org
guides.codepath.com
pwn.college
labs.bishopfox.com
www.bugbountyhunter.com
medium.com
labs.nettitude.com
irsl.medium.com
www.hackerone.com
ctf.hacktivitycon.com
www.kali.org
frida.re
www.spiderfoot.net
github.blog
www.facebook.com
www.linkedin.com
www.instagram.com
go.intigriti.com

Subject Issuer	Validity	Valid
tls.automattic.com R3	`2021-07-18` - `2021-10-16`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.intigriti.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.intigriti.rocks Amazon	`2021-07-26` - `2022-08-24`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-06-26` - `2021-09-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
Frame ID: 7DB07C69DCBE0D4AD86184641803A452
Requests: 68 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=202137
Frame ID: 958133616C3D891D740DB9F5857BACBF
Requests: 3 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 3D96F7CDED838EF526FA0538CDEBF0BD
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bug Bytes #138 - Web app security roadmap, OWASP Top 10 & Request smuggling via integer overflow - Intigritisocial instagram

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

71
Requests

100 %
HTTPS

53 %
IPv6

13
Domains

19
Subdomains

18
IPs

4
Countries

1184 kB
Transfer

2212 kB
Size

4
Cookies

119 Outgoing links

These are links going to different origins than the main page.

URL: https://intigriti.com/

Search URL Search Domain Scan URL

URL: https://app.intigriti.com/auth/dashboard
Title: Sign in

Search URL Search Domain Scan URL

URL: https://intigriti.com/companies
Title: For companies

Search URL Search Domain Scan URL

URL: https://intigriti.com/researchers
Title: For researchers

Search URL Search Domain Scan URL

URL: https://intigriti.com/programs
Title: Public programs

Search URL Search Domain Scan URL

URL: https://intigriti.com/leaderboard
Title: Leaderboard

Search URL Search Domain Scan URL

URL: https://intigriti.com/demo
Title: Request demo

Search URL Search Domain Scan URL

URL: https://www.intigriti.com/resources
Title: Resources

Search URL Search Domain Scan URL

URL: https://intigriti.com/contact
Title: Contact us

Search URL Search Domain Scan URL

URL: https://login.intigriti.com/account/register
Title: Sign up

Search URL Search Domain Scan URL

URL: https://www.intigriti.com/
Title: HOME

Search URL Search Domain Scan URL

URL: https://www.intigriti.com/public/researchers
Title: FOR RESEARCHERS

Search URL Search Domain Scan URL

URL: https://www.intigriti.com/public/companies
Title: FOR COMPANIES

Search URL Search Domain Scan URL

URL: https://newsletter.intigriti.com/
Title: NEWSLETTER

Search URL Search Domain Scan URL

URL: https://swag.intigriti.com/
Title: SWAG

Search URL Search Domain Scan URL

URL: https://www.intigriti.com/public/login
Title: LOG IN

Search URL Search Domain Scan URL

URL: http://newsletter.intigriti.com/
Title: CLICK HERE TO SUBSCRIBE

Search URL Search Domain Scan URL

URL: https://securityflow.io/roadmap/
Title: Web Application Security Roadmap

Search URL Search Domain Scan URL

URL: https://twitter.com/HolyBugx
Title: @HolyBugx

Search URL Search Domain Scan URL

URL: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
Title: Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling

Search URL Search Domain Scan URL

URL: https://labs.detectify.com/2021/09/13/hacking-cloudkit-how-i-accidentally-deleted-your-apple-shortcuts/
Title: Hacking CloudKit – How I accidentally deleted your Apple Shortcuts

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/azure-container-instances/
Title: Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances

Search URL Search Domain Scan URL

URL: https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
Title: GitHub Actions check-spelling community workflow – GITHUB_TOKEN leakage via advice.txt symlink

Search URL Search Domain Scan URL

URL: https://twitter.com/fransrosen
Title: @fransrosen

Search URL Search Domain Scan URL

URL: https://twitter.com/yuval_avrahami
Title: @yuval_avrahami

Search URL Search Domain Scan URL

URL: https://twitter.com/justinsteven
Title: @justinsteven

Search URL Search Domain Scan URL

URL: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
Title: CVE-2021-40444: Microsoft MSHTML Remote Code Execution Vulnerability

Search URL Search Domain Scan URL

URL: https://xret2pwn.github.io/CVE-2021-40444-Analysis-and-Exploit/
Title: @RET2_pwn’s Analysis/Exploit

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Oz16xte5UeU
Title: @lasq88’s analysis in video

Search URL Search Domain Scan URL

URL: https://github.com/lockedbyte/CVE-2021-40444
Title: @lockedbyte’s malicious docx generator

Search URL Search Domain Scan URL

URL: https://www.trustedsec.com/blog/obsidian-taming-a-collective-consciousness/
Title: Obsidian, Taming A Collective Consciousness

Search URL Search Domain Scan URL

URL: https://owasp.org/Top10/
Title: Introduction to OWASP Top 10 2021

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/retweet?tweet_id=1438122563327123459&related=twitterapi,twittermedia,twitter,support
Title: SHARE ON TWITTER

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=_JW_0TyNpus
Title: 0day Shares His Journey on Becoming #1 on TryHackMe, Learning How to Hack, Resources and more!

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=mz_naz0wyds
Title: LiveStream – Avinash Jain – Journey To Security Engineer @Microsoft

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=eC65x2LQPBc
Title: “Automation Is Going To Play Huge Role” with @kapytein (Hacker Heroes #13)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=0kfQsRwr_Bc
Title: How to search for XSS (with blacklisted HTML tags)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLJQHPJLj_SQatUsJy3O4k-VQlllquDmDr
Title: PowerShell for Pentesters

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=C8qH9fBR3d0
Title: How to learn anything in Computer Science or Cybersecurity | Security Simplified

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=CB_WIjxq1To
Title: Talking about File Formats with Ange “Corkami” Albertini

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=52bq5nmHfwI
Title: Radio Hack Ep5: Bug Bounty & Triaging – Ebrahem Hegazy

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=tnaWt4S18BU
Title: Reused VMWare exploits & Escaping Azure Container Instances [Bug Bounty Podcast]

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=xQH0jPc3UMM
Title: The Mēris Botnet – 0-Day Attack on Office Docs, WFH and Security, Return of REvil

Search URL Search Domain Scan URL

URL: https://www.hacker101.com/sessions/docker_hacking
Title: Docker Hacking

Search URL Search Domain Scan URL

URL: https://blog.detectify.com/2021/09/09/hacker-school-reboot-leading-api-hackers-video/
Title: Hacker School Reboot – insights from leading API hackers [VIDEO]

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=WchXkMlKj9w
Title: BHIS | Getting Started in Blockchain Security and Smart Contract Auditing | Beau Bullock

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/dafthack/getting-started-in-blockchain-security-and-smart-contract-auditing
Title: Slides

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=e_fwOhiiaNM&list=PLJxFUJiGVuxHlC-9xCRH_I_A_rG0cMT30&index=3
Title: Evolution of application Security – Louis Nyffenegger | SecConf 2021

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PL9fPq3eQfaaC29ZNnp5ajh9Gkmz2i_tbQ
Title: DEF CON 29 Cloud Village

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PL9fPq3eQfaaAcoxgbqH93eeC3M6NL_5Ta
Title: IoT Village

Search URL Search Domain Scan URL

URL: https://blog.zsec.uk/adexplorer-quick-tip/
Title: ADExplorer Exporting Quick Tip

Search URL Search Domain Scan URL

URL: https://0xinfection.github.io/posts/wmi-basics-part-1/
Title: Offensive WMI – The Basics (Part 1)

Search URL Search Domain Scan URL

URL: https://0xinfection.github.io/posts/wmi-classes-methods-part-2/
Title: Exploring Namespaces, Classes & Methods (Part 2)

Search URL Search Domain Scan URL

URL: https://0xinfection.github.io/posts/wmi-registry-part-3/
Title: Interacting with Windows Registry (Part 3)

Search URL Search Domain Scan URL

URL: https://clement.notin.org/blog/2021/09/02/active-directory-virtualization-safeguard-deactivation/
Title: Active Directory virtualization safeguard deactivation

Search URL Search Domain Scan URL

URL: https://blog.nviso.eu/2021/09/01/how-malicious-applications-abuse-android-permissions/
Title: How malicious applications abuse Android permissions

Search URL Search Domain Scan URL

URL: https://www.hackingarticles.in/metasploit-for-pentester-clipboard/
Title: Metasploit for Pentester: Clipboard

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=Hy4YPFA7pqA
Title: Obfuscated Password Manager?! Solution to September ’21 XSS Challenge

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=5RokLvsKeRU
Title: CSRF – Lab #2 CSRF where token validation depends on request method

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=WySZ8yZMrG0&t=123s
Title: Cyber Mentoring Monday (8/30/21) – Knife & Bank

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=C3Eg8QPPWcY
Title: Entry Level Pentesting Lab Walkthrough

Search URL Search Domain Scan URL

URL: https://about.gitlab.com/blog/2021/09/07/why-are-developers-vulnerable-to-driveby-attacks/
Title: Why are developers so vulnerable to drive-by attacks?

Search URL Search Domain Scan URL

URL: https://www.fortalicesolutions.com/posts/pkinit-ftw-chaining-shadow-credentials-and-adcs-template-abuse
Title: PKINIT FTW – Chaining Shadow Credentials and ADCS Template Abuse

Search URL Search Domain Scan URL

URL: https://ssd-disclosure.com/ssd-advisory-netgear-d7000-authentication-bypass/
Title: SSD Advisory – NETGEAR D7000 Authentication Bypass

Search URL Search Domain Scan URL

URL: https://www.rapid7.com/blog/post/2021/09/07/cve-2021-3546-78-akkadian-console-server-vulnerabilities-fixed/?utm_source=twitter&utm_medium=organic-social&utm_campaign=sm-blog
Title: CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Search URL Search Domain Scan URL

URL: https://www.spookjs.com/
Title: Spook.js: Attacking Google Chrome’s Strict Site Isolation via Speculative Execution and Type Confusion

Search URL Search Domain Scan URL

URL: https://rikeshbaniyaaa.medium.com/facebook-email-disclosure-and-account-takeover-ecdb44ee12e9
Title: Facebook email disclosure and account takeover

Search URL Search Domain Scan URL

URL: https://blogs.opera.com/security/2021/09/bug-bounty-guest-post-local-file-read-via-stored-xss-in-the-opera-browser/
Title: Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser

Search URL Search Domain Scan URL

URL: https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html
Title: Bypassing GCP Org Policy with Custom Metadata

Search URL Search Domain Scan URL

URL: https://kattraxler.github.io/gcp/hacking/2021/09/11/gcp-ai-notebooks-vulnerability-remediation-update.html
Title: GCP AI Notebooks Vulnerability – Remediation

Search URL Search Domain Scan URL

URL: https://pentester.land/list-of-bug-bounty-writeups.html
Title: The list of bug bounty writeups

Search URL Search Domain Scan URL

URL: https://github.com/BlackFan/cspp-tools
Title: cspp-tools

Search URL Search Domain Scan URL

URL: https://github.com/EFForg/apkeep
Title: Apkeep

Search URL Search Domain Scan URL

URL: https://github.com/nccgroup/LazyDroid
Title: Lazydroid

Search URL Search Domain Scan URL

URL: https://desi-jarvis.medium.com/gcphound-a-swiss-army-knife-offensive-toolkit-for-google-cloud-platform-gcp-fb9e18b959b4
Title: gcpHound

Search URL Search Domain Scan URL

URL: https://github.com/mgdm/htmlq
Title: htmlq

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/wwwgrep
Title: WWWGrep

Search URL Search Domain Scan URL

URL: https://twitter.com/intigriti/status/1436655772058927106
Title: Leaking source code or auth bypass using alternate data streams

Search URL Search Domain Scan URL

URL: https://twitter.com/samwcyo/status/1437030056627523590
Title: Client side path traversal

Search URL Search Domain Scan URL

URL: https://twitter.com/insiderphd/status/1435515331393556482
Title: Api tip for finding new endpoints

Search URL Search Domain Scan URL

URL: https://twitter.com/XHackerx007/status/1435139576314671105
Title: RCE via exposed AEM Groovy console

Search URL Search Domain Scan URL

URL: https://twitter.com/podalirius_/status/1422123401855049730
Title: Did you know that ssh tries to authenticate with stored keys BEFORE the key specified with -i?

Search URL Search Domain Scan URL

URL: https://docs.google.com/spreadsheets/d/11DABHIIqwYQKj1L83AK9ywk_hYMjEkcaxpIg6phbTf0/edit#gid=1221896431
Title: Complete Jailbreak Chart

Search URL Search Domain Scan URL

URL: https://github.com/pxlpnk/awesome-ruby-security
Title: Awesome Ruby Security

Search URL Search Domain Scan URL

URL: https://guides.rubyonrails.org/v3.2.9/security.html
Title: Ruby On Rails Security Guide

Search URL Search Domain Scan URL

URL: https://github.com/proabiral/Fresh-Resolvers
Title: Fresh-Resolvers

Search URL Search Domain Scan URL

URL: https://guides.codepath.com/websecurity
Title: CodePath Web Security Guides

Search URL Search Domain Scan URL

URL: https://pwn.college/
Title: pwn.college

Search URL Search Domain Scan URL

URL: https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground
Title: IAM Vulnerable – An AWS IAM Privilege Escalation Playground

Search URL Search Domain Scan URL

URL: https://github.com/BishopFox/iam-vulnerable
Title: Repo

Search URL Search Domain Scan URL

URL: https://twitter.com/detectify/status/1436275889671651328
Title: Detectify Lisp to HTML Converter

Search URL Search Domain Scan URL

URL: https://www.bugbountyhunter.com/articles/?on=mass-assignment-and-learning-new-things
Title: Mass assignment and learning new things

Search URL Search Domain Scan URL

URL: https://medium.com/@discodamone/a-different-way-to-attack-certain-reverse-proxies-9cd2303e95fe
Title: A different way to attack certain reverse proxies

Search URL Search Domain Scan URL

URL: https://labs.nettitude.com/blog/introducing-process-hiving-runpe/
Title: Introducing Process Hiving & RunPE

Search URL Search Domain Scan URL

URL: https://irsl.medium.com/google-cloud-build-under-the-hood-bc00c68ad9de
Title: Google Cloud Build — under the hood

Search URL Search Domain Scan URL

URL: https://www.hackerone.com/hacktivitycon
Title: h@cktivitycon 2021

Search URL Search Domain Scan URL

URL: https://ctf.hacktivitycon.com/
Title: H@cktivityCon 2021 CTF

Search URL Search Domain Scan URL

URL: https://twitter.com/garethheyes/status/1435284843399729161
Title: Hackvector added support for custom tags, local and global variable tags

Search URL Search Domain Scan URL

URL: https://twitter.com/garethheyes/status/1435495941323304961
Title: Here’s how to use them

Search URL Search Domain Scan URL

URL: https://www.kali.org/blog/kali-linux-2021-3-release/
Title: Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

Search URL Search Domain Scan URL

URL: https://frida.re/news/2021/09/03/frida-15-1-released/
Title: Frida 15.1 Released ∞

Search URL Search Domain Scan URL

URL: https://github.com/maurosoria/dirsearch/releases/tag/v0.4.2
Title: dirsearch v0.4.2

Search URL Search Domain Scan URL

URL: https://github.com/projectdiscovery/nuclei/releases/tag/v2.5.1
Title: Nuclei v2.5.1

Search URL Search Domain Scan URL

URL: https://www.spiderfoot.net/top-5-osint-sources-for-penetration-testing-and-bug-bounties/
Title: Top 5 OSINT Sources for Penetration Testing and Bug Bounties

Search URL Search Domain Scan URL

URL: https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/
Title: An analysis on developer-security researcher interactions in the vulnerability disclosure process

Search URL Search Domain Scan URL

URL: https://www.facebook.com/intigriticom/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/intigriti/

Search URL Search Domain Scan URL

URL: https://twitter.com/intigriti

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hackwithintigriti/
Title: social instagram

Search URL Search Domain Scan URL

URL: https://intigriti.com/about
Title: About us

Search URL Search Domain Scan URL

URL: https://intigriti.com/sustainability
Title: Sustainability

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/legalinformation
Title: Legal information

Search URL Search Domain Scan URL

URL: https://app.intigriti.com/leaderboard
Title: Leaderboard

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/hackademy
Title: Learn to hack

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/faq
Title: Knowledge base

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/cookies
Title: Cookie policy

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/privacy
Title: Privacy policy

Search URL Search Domain Scan URL

URL: https://go.intigriti.com/tac
Title: Terms & Conditions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

71 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/ 93 KB
20 KB 536ms
477ms Document
text/html 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b0235a15ce86cc0d561ce726d0be42dc4730f800c721923367d6403ba00137ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: blog.intigriti.com
:scheme: https
:path: /2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx
date: Thu, 16 Sep 2021 05:23:45 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
vary: Accept-Encoding Cookie
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
host-header: WordPress.com
set-cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
link: <https://wp.me/paggr0-39z>; rel=shortlink
content-encoding: br
x-ac: 1.hhn _atomic_ams

GET
H2 200 style.css
blog.intigriti.com/wp-content/plugins/gutenberg/build/block-library/ 84 KB
10 KB 185ms
183ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/gutenberg/build/block-library/style.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c5fb3c6d4ea0131529fee01a0db2c052adb64e6e273f1c1a97e73bbd19250705

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/gutenberg/build/block-library/style.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 01 Sep 2021 06:07:02 GMT
server: nginx
etag: W/"612f1886-14fe2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/ 11 KB
3 KB 23ms
7ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/ 4 KB
1 KB 24ms
7ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 coblocks-style.css
blog.intigriti.com/wp-content/plugins/coblocks/dist/ 180 KB
20 KB 197ms
194ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/coblocks/dist/coblocks-style.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

26b67bd22f5bf5f5192c88305f6b85bddebdd7b1a01b74238178c741b6e1a3e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/coblocks/dist/coblocks-style.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 12 Aug 2021 20:29:52 GMT
server: nginx
etag: W/"611584c0-2cee5"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 front.min.css
blog.intigriti.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 182ms
179ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/cookie-notice/css/front.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

8c21cdf7be2219908a953d92fba153dcc7175f7ee238856bd9954da18b0e05dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/cookie-notice/css/front.min.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Sep 2021 16:45:33 GMT
server: nginx
etag: W/"6142232d-1568"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 enlighterjs.min.css
blog.intigriti.com/wp-content/plugins/enlighter/cache/ 78 KB
8 KB 202ms
199ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/enlighter/cache/enlighterjs.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/enlighter/cache/enlighterjs.min.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 24 Aug 2021 12:49:59 GMT
server: nginx
etag: W/"6124eaf7-13686"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/10.1/_inc/social-logos/ 12 KB
8 KB 23ms
7ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/social-logos/social-logos.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 30 Jun 2020 14:24:10 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/10.1/css/ 85 KB
16 KB 23ms
8ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/css/jetpack.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4c71cab3e2b7defd9022059c922d2c91359df1ba71dd47e8543b108c70537f25

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 07 Sep 2021 15:38:53 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 43ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b328b002a9fa7a867f171bc838e4d3aa56bd782d669b06241b28b69a5f32aa18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 05:23:07 GMT
server: ESF
date: Thu, 16 Sep 2021 05:23:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Sep 2021 05:23:45 GMT

GET
H2 200 font-awesome.min.css
blog.intigriti.com/wp-content/themes/intigriti/assets/css/ 56 KB
12 KB 360ms
358ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

231220ad755b65af7da21909df4ef6b97390205178661730918fd9c907769037

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intigriti/assets/css/font-awesome.min.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: W/"606f7ed4-e013"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 style.css
blog.intigriti.com/wp-content/themes/intigriti/ 67 KB
12 KB 345ms
343ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/style.css

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b6a3475db5159959342dc95bd039bd3fbeef6cac992d0535c91d1dca1d718bf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intigriti/style.css
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 14 Aug 2021 11:06:39 GMT
server: nginx
etag: W/"6117a3bf-10ba3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/jquery/ 87 KB
30 KB 23ms
8ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/jquery/jquery.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/jquery/ 11 KB
4 KB 23ms
8ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 flexslider.js Show response
blog.intigriti.com/wp-content/themes/intigriti/assets/js/ 53 KB
11 KB 215ms
214ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/js/flexslider.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c6c8293e02709c803f07fba9cf6667a4daf03a758a403e99cd696a3fcf75209e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intigriti/assets/js/flexslider.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: W/"606f7ed4-d3fd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 doubletaptogo.js Show response
blog.intigriti.com/wp-content/themes/intigriti/assets/js/ 926 B
469 B 357ms
355ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/js/doubletaptogo.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

98e1b3475e2568cb240726ac6edcfab418ecedf64c96649b5a9c213943368915

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intigriti/assets/js/doubletaptogo.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: W/"606f7ed4-39e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:45 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:45 GMT

GET
H2 200 front.min.js Show response
blog.intigriti.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 188ms
186ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/cookie-notice/js/front.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/cookie-notice/js/front.min.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Wed, 15 Sep 2021 16:45:33 GMT
server: nginx
etag: W/"6142232d-20b3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 /
blog.intigriti.com/ 52 KB
7 KB 379ms
378ms Stylesheet
text/css 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/?custom-css=398f713a06

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

cd590481fc0feed8a2a74ae07241740239275bbd6517d00825b2fb2a7f23b9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /?custom-css=398f713a06
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nananana: Batcache-Hit
strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 16 Sep 2021 05:21:13 GMT
server: nginx
date: Thu, 16 Sep 2021 05:23:45 GMT
vary: Accept-Encoding Cookie
content-type: text/css;charset=utf-8
pragma: no-cache
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
cache-control: no-store, no-cache, must-revalidate
x-ac: 1.hhn _atomic_ams
host-header: WordPress.com
expires: Fri, 16 Sep 2022 05:21:13 GMT

GET
H2 200 webfont.js Show response
blog.intigriti.com/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/ 12 KB
5 KB 348ms
346ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/webfont.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/webfont.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 13 Sep 2021 13:26:32 GMT
server: nginx
etag: W/"613f5188-30cd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 intigriti.svg
www.intigriti.com/assets/img/intigriti/ 1 KB
3 KB 72ms
26ms Image
image/svg+xml 13.224.193.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intigriti.com/assets/img/intigriti/intigriti.svg

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-89.fra2.r.cloudfront.net

Software

Hidden /

Resource Hash

7fce939120a210b4d7374747554e1605d7f24c4df022196618c6b43ec5dd5645

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-hashes' https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/analytics/ https://js-na1.hs-scripts.com/ 'sha256-+wewE03+AFVjJOdVLklkJgaFNEDlr8Pxry89Qhi5LyA=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' 'unsafe-inline'; font-src 'self' https://js.intercomcdn.com; img-src 'self' data: blob: https://.intigriti.com https://blogintigriti.files.wordpress.com https://i.ytimg.com https://www.google-analytics.com https://.doubleclick.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://intercom.help https://.wp.com/blog.intigriti.com/ https://www.google.com/ads/ https://track.hubspot.com/; connect-src 'self' https://.intigriti.com wss://*.intigriti.com https://www.google-analytics.com https://api.intercom.io https://public-api.wordpress.com/rest/v1.1/sites/blog.intigriti.com/posts/ https://www.googleapis.com/youtube/ https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; frame-src https://login.intigriti.com https://www.google.com/recaptcha/ https://intercom-sheets.com https://share.intercom.io https://www.youtube-nocookie.com https://www.intercom-reporting.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 17 Aug 2021 23:23:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2527242
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Tue, 17 Aug 2021 22:54:12 GMT
server: Hidden
x-frame-options: deny
etag: W/"575-17b56527e20"
expect-ct: enforce, max-age=30
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; payment 'none';
content-security-policy: script-src 'self' 'unsafe-hashes' https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/analytics/ https://js-na1.hs-scripts.com/ 'sha256-+wewE03+AFVjJOdVLklkJgaFNEDlr8Pxry89Qhi5LyA=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' 'unsafe-inline'; font-src 'self' https://js.intercomcdn.com; img-src 'self' data: blob: https://*.intigriti.com https://blogintigriti.files.wordpress.com https://i.ytimg.com https://www.google-analytics.com https://*.doubleclick.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://intercom.help https://*.wp.com/blog.intigriti.com/ https://www.google.com/ads/ https://track.hubspot.com/; connect-src 'self' https://*.intigriti.com wss://*.intigriti.com https://www.google-analytics.com https://api.intercom.io https://public-api.wordpress.com/rest/v1.1/sites/blog.intigriti.com/posts/ https://www.googleapis.com/youtube/ https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; frame-src https://login.intigriti.com https://www.google.com/recaptcha/ https://intercom-sheets.com https://share.intercom.io https://www.youtube-nocookie.com https://www.intercom-reporting.com; object-src 'self';
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: q3XojrkRuhSiWuJG_ENYuuiNsZ6Flkcs1ursTAI_eSnrEeQc_SLDdw==

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 5 KB
2 KB 23ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202137
Requested by: Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: ccd1ae8d139b4ddb53c470f4a9ff95259b89b0572b88bc33b4baf78636f2782d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: gzip
server: nginx
etag: W/"612678e4-1386"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Tue, 13 Sep 2022 00:00:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 99 KB
40 KB 45ms
21ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-86369720-1

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4edcad17f49c3045508e950836285ea5af38033d6ea5377675ff85f294e8aac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40328
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Sep 2021 05:23:46 GMT

GET
H2 200 loading.gif
blog.intigriti.com/wp-content/plugins/jetpack/modules/sharedaddy/images/ 2 KB
3 KB 180ms
179ms Image
image/gif 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.intigriti.com/wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/jetpack/modules/sharedaddy/images/loading.gif
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Wed, 09 Mar 2011 16:12:50 GMT
server: nginx
etag: "4d77a702-9e2"
strict-transport-security: max-age=31536000
content-type: image/gif
cache-control: max-age=604800
accept-ranges: bytes
content-length: 2530
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/photon/ 758 B
425 B 6ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/photon/photon.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 coblocks-animation.js Show response
blog.intigriti.com/wp-content/plugins/coblocks/dist/js/ 1 KB
632 B 191ms
186ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/coblocks/dist/js/coblocks-animation.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9437740449797836ca274c468ba502dd46dceac9bb19c496718756b6d8adddde

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/coblocks/dist/js/coblocks-animation.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 12 Aug 2021 20:29:52 GMT
server: nginx
etag: W/"611584c0-550"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 coblocks-lightbox.js Show response
blog.intigriti.com/wp-content/plugins/coblocks/dist/js/ 4 KB
1 KB 183ms
178ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/coblocks/dist/js/coblocks-lightbox.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

84588d9ced8d05a424e8726107b7c365680fea343a29df1b460cba158cb4c238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/coblocks/dist/js/coblocks-lightbox.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 12 Aug 2021 20:29:52 GMT
server: nginx
etag: W/"611584c0-1044"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 23 KB
7 KB 37ms
6ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/js/gprofiles.js
Requested by: Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 15:50:36 GMT
server: nginx
etag: W/"5e8609cc-5dea"
content-type: application/javascript
cache-control: max-age=604800
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 wpgroho.js Show response
c0.wp.com/p/jetpack/10.1/modules/ 2 KB
787 B 11ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/modules/wpgroho.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 28 Jul 2020 17:06:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 global.js Show response
blog.intigriti.com/wp-content/themes/intigriti/assets/js/ 2 KB
810 B 189ms
185ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/js/global.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

14dcc6529df4d3ced6a9ba2c45d3d7ac754e099b937e0186f2da0c610599eed2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/themes/intigriti/assets/js/global.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: W/"606f7ed4-957"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/ 3 KB
1 KB 11ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/comment-reply.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Thu, 18 Mar 2021 17:48:23 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 intersection-observer.js Show response
blog.intigriti.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 9 KB
3 KB 185ms
180ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

550bee253a00a7e6089b3aa136a1f21d904592e93ee0740f08d4d36e4b1dcbe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 31 Aug 2021 18:39:50 GMT
server: nginx
etag: W/"612e7776-2390"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 lazy-images.js Show response
blog.intigriti.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/ 2 KB
999 B 192ms
188ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/lazy-images.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

0c97c6ce5fdeb2d91e4bc6263d3714ca800b990c1994cf0b6dac0f23c8fbabfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/jetpack/vendor/automattic/jetpack-lazy-images/dist/lazy-images.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 31 Aug 2021 18:39:50 GMT
server: nginx
etag: W/"612e7776-98f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 postmessage.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/ 6 KB
3 KB 10ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/postmessage.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 05 Jan 2021 15:42:42 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 jquery.jetpack-resize.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/ 3 KB
1 KB 11ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/jquery.jetpack-resize.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 queuehandler.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/likes/ 6 KB
2 KB 11ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/likes/queuehandler.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

37a14da858caee742741d5f558bc6489f9abcefee4aebb9f68db96106e38f2c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 27 Jul 2021 22:52:10 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 enlighterjs.min.js Show response
blog.intigriti.com/wp-content/plugins/enlighter/cache/ 57 KB
16 KB 192ms
188ms Script
application/javascript 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/plugins/enlighter/cache/enlighterjs.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:path: /wp-content/plugins/enlighter/cache/enlighterjs.min.js
pragma: no-cache
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 24 Aug 2021 12:49:59 GMT
server: nginx
etag: W/"6124eaf7-e33f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.8.1/wp-includes/js/ 1 KB
719 B 10ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.8.1/wp-includes/js/wp-embed.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 jetpack-carousel.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/carousel/ 24 KB
7 KB 10ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/carousel/jetpack-carousel.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9178a82df64317d29d119ce43ed0b313125b87afdfe37830ed303c68fc00e030

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 31 Aug 2021 18:39:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/10.1/_inc/build/sharedaddy/ 12 KB
4 KB 10ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.1/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 16 Sep 2021 05:23:45 GMT
content-encoding: br
last-modified: Tue, 26 Jan 2021 16:25:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Fri, 16 Sep 2022 05:23:45 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 Screenshot-2021-04-09-at-11.48.16.png
i1.wp.com/blog.intigriti.com/wp-content/uploads/2021/04/ 139 KB
140 KB 23ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/blog.intigriti.com/wp-content/uploads/2021/04/Screenshot-2021-04-09-at-11.48.16.png?fit=1486%2C1380&ssl=1

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

f729c1ddd933cf04d614ebdde4df06fa768c8ac66485b37136f68a94304eccb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Thu, 16 Sep 2021 05:23:46 GMT
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 09:53:47 GMT
server: nginx
etag: "788e6f6798ba3777"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.intigriti.com/wp-content/uploads/2021/04/Screenshot-2021-04-09-at-11.48.16.png>; rel="canonical"
content-length: 142654
expires: Sun, 09 Apr 2023 21:53:47 GMT

GET
H2 403 corner-arrow-black.ee701c1e3697f0c9d59a.svg
www-dev.intigriti.rocks/ 0
0 200ms
148ms Image
text/html 13.225.78.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www-dev.intigriti.rocks/corner-arrow-black.ee701c1e3697f0c9d59a.svg
Requested by: Host: blog.intigriti.com
URL: https://blog.intigriti.com/?custom-css=398f713a06
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-125.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 403 footer-stripe.b3d6b2e36700ec2bfbf9.svg
www-dev.intigriti.rocks/ 0
0 200ms
149ms Image
text/html 13.225.78.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www-dev.intigriti.rocks/footer-stripe.b3d6b2e36700ec2bfbf9.svg
Requested by: Host: blog.intigriti.com
URL: https://blog.intigriti.com/?custom-css=398f713a06
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-125.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 30ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 17:42:30 GMT
x-content-type-options: nosniff
age: 42076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 15 Sep 2022 17:42:30 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 36ms
13ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 06:39:46 GMT
x-content-type-options: nosniff
age: 341040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 06:39:46 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2
fonts.gstatic.com/s/merriweather/v25/ 19 KB
19 KB 44ms
21ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v25/u-4n0qyriQwlOrhSvowK_l52_wFZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32872225c70cc59428eea5fa412b86aa82e4f73ac5fa20fbe34ee1702ba270aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 20:47:48 GMT
x-content-type-options: nosniff
age: 290158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19792
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:22:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 20:47:48 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 42ms
19ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 04:13:08 GMT
x-content-type-options: nosniff
age: 177038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 04:13:08 GMT

GET
H2 200 u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
fonts.gstatic.com/s/merriweather/v25/ 19 KB
19 KB 40ms
17ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweather/v25/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ecaf445d3f1e63f15b6e423e287813a5675461cc9454184d0b49123b286cea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 04:04:01 GMT
x-content-type-options: nosniff
age: 177585
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19696
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:22:18 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 04:04:01 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Referer
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 fa-solid-900.woff2
blog.intigriti.com/wp-content/themes/intigriti/assets/fonts/font-awesome/ 78 KB
78 KB 710ms
710ms Font
application/font-woff2 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/fonts/font-awesome/fa-solid-900.woff2

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-fetch-mode: cors
origin: https://blog.intigriti.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
:path: /wp-content/themes/intigriti/assets/fonts/font-awesome/fa-solid-900.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: "606f7ed4-13654"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 79444
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 fa-brands-400.woff2
blog.intigriti.com/wp-content/themes/intigriti/assets/fonts/font-awesome/ 75 KB
75 KB 236ms
236ms Font
application/font-woff2 192.0.78.12
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.intigriti.com/wp-content/themes/intigriti/assets/fonts/font-awesome/fa-brands-400.woff2

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.12 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-fetch-mode: cors
origin: https://blog.intigriti.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: PHPSESSID=d89a42ae1e7eab2349c1837f2fcdfefc
:path: /wp-content/themes/intigriti/assets/fonts/font-awesome/fa-brands-400.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: blog.intigriti.com
referer: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.intigriti.com/wp-content/themes/intigriti/assets/css/font-awesome.min.css
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
x-ac: 1.hhn _atomic_ams
last-modified: Thu, 08 Apr 2021 22:08:20 GMT
server: nginx
etag: "606f7ed4-12b44"
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 76612
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 S6uyw4BMUTPHjxAwXjeu.woff2
fonts.gstatic.com/s/lato/v20/ 5 KB
5 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjxAwXjeu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato%3A400%2C700%2C900%2C400italic%2C700italic%7CMerriweather%3A700%2C900%2C400italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b7ad361cce9dbab34c8fd714b379707d7aa40199bf90b90f9f19c7c1db5171b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 12 Sep 2021 20:52:27 GMT
x-content-type-options: nosniff
age: 289879
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5480
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:00 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 12 Sep 2022 20:52:27 GMT

GET
H2 200 intigriti-full-logo-black-kpotnx.svg
www.intigriti.com/assets/img/intigriti/ 2 KB
3 KB 22ms
21ms Image
image/svg+xml 13.224.193.89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.intigriti.com/assets/img/intigriti/intigriti-full-logo-black-kpotnx.svg

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.193.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-193-89.fra2.r.cloudfront.net

Software

Hidden /

Resource Hash

2f1091d2cc8a95bb5f0aedcac19a4514ff76585e0a812e99ce003ae460547006

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-hashes' https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/analytics/ https://js-na1.hs-scripts.com/ 'sha256-+wewE03+AFVjJOdVLklkJgaFNEDlr8Pxry89Qhi5LyA=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' 'unsafe-inline'; font-src 'self' https://js.intercomcdn.com; img-src 'self' data: blob: https://.intigriti.com https://blogintigriti.files.wordpress.com https://i.ytimg.com https://www.google-analytics.com https://.doubleclick.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://intercom.help https://.wp.com/blog.intigriti.com/ https://www.google.com/ads/ https://track.hubspot.com/; connect-src 'self' https://.intigriti.com wss://*.intigriti.com https://www.google-analytics.com https://api.intercom.io https://public-api.wordpress.com/rest/v1.1/sites/blog.intigriti.com/posts/ https://www.googleapis.com/youtube/ https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; frame-src https://login.intigriti.com https://www.google.com/recaptcha/ https://intercom-sheets.com https://share.intercom.io https://www.youtube-nocookie.com https://www.intercom-reporting.com; object-src 'self';
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 02 Sep 2021 00:41:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1226532
x-cache: Hit from cloudfront
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 25 Aug 2021 11:48:12 GMT
server: Hidden
x-frame-options: deny
etag: W/"98c-17b7d23a060"
expect-ct: enforce, max-age=30
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
feature-policy: camera 'none'; microphone 'none'; geolocation 'none'; payment 'none';
content-security-policy: script-src 'self' 'unsafe-hashes' https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/analytics/ https://js-na1.hs-scripts.com/ 'sha256-+wewE03+AFVjJOdVLklkJgaFNEDlr8Pxry89Qhi5LyA=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' 'unsafe-inline'; font-src 'self' https://js.intercomcdn.com; img-src 'self' data: blob: https://*.intigriti.com https://blogintigriti.files.wordpress.com https://i.ytimg.com https://www.google-analytics.com https://*.doubleclick.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://intercom.help https://*.wp.com/blog.intigriti.com/ https://www.google.com/ads/ https://track.hubspot.com/; connect-src 'self' https://*.intigriti.com wss://*.intigriti.com https://www.google-analytics.com https://api.intercom.io https://public-api.wordpress.com/rest/v1.1/sites/blog.intigriti.com/posts/ https://www.googleapis.com/youtube/ https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; frame-src https://login.intigriti.com https://www.google.com/recaptcha/ https://intercom-sheets.com https://share.intercom.io https://www.youtube-nocookie.com https://www.intercom-reporting.com; object-src 'self';
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: wEoWXNaclk8wSnT9oL8KEuJNb17votBPNwCT9FUWRK1X782MtwtSwQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-86369720-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 1906
date: Thu, 16 Sep 2021 04:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Thu, 16 Sep 2021 06:52:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
209 B 14ms
14ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=967240982&t=pageview&_s=1&dl=https%3A%2F%2Fblog.intigriti.com%2F2021%2F09%2F15%2Fbug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow%2F&ul=en-us&de=UTF-8&dt=Bug%20Bytes%20%23138%20-%20Web%20app%20security%20roadmap%2C%20OWASP%20Top%2010%20%26%20Request%20smuggling%20via%20integer%20overflow%20-%20Intigriti&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=538721330&gjid=62776884&cid=927231059.1631769826&tid=UA-86369720-1&_gid=92620549.1631769826&_r=1&gtm=2ou9f0&z=228447934

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.intigriti.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 05:23:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://blog.intigriti.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame 9581 3 KB
1 KB 7ms
6ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=202137
Requested by: Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 09692b251eb6e2745202db2b109785eddbf47c6f212bb4938f4870457d7aa85c

Request headers

:method: GET
:authority: widgets.wp.com
:scheme: https
:path: /likes/master.html?ver=202137
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.intigriti.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/

Response headers

server: nginx
date: Thu, 16 Sep 2021 05:23:46 GMT
content-type: text/html
last-modified: Wed, 18 Aug 2021 07:57:41 GMT
vary: Accept-Encoding
etag: W/"611cbd75-aca"
content-encoding: gzip
x-ac: 2.hhn _dca
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT hhn 1

GET
H2 200 hovercard.min.css
secure.gravatar.com/dist/css/ 8 KB
2 KB 7ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/hovercard.min.css?ver=202138
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Wed, 11 Nov 2020 15:57:10 GMT
server: nginx
etag: W/"5fac09d6-1e86"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 services.min.css
secure.gravatar.com/dist/css/ 3 KB
587 B 7ms
6ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.gravatar.com/dist/css/services.min.css?ver=202138
Requested by: Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Thu, 22 Mar 2018 09:46:04 GMT
server: nginx
etag: W/"5ab37b5c-a54"
content-type: text/css
cache-control: max-age=604800
expires: Thu, 23 Sep 2021 05:23:46 GMT

GET
H2 200 / Show response
graph.facebook.com/ 244 B
666 B 48ms
33ms Script
text/javascript 2a03:2880:f02d:110:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fblog.intigriti.com%2F2021%2F09%2F15%2Fbug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow%2F

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.1/_inc/build/sharedaddy/sharing.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:110:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

486ea90736576a57aa2c8f67d1d09364f1739486c2ffc235013e57316d738ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004404270
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 183
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: G5RxPZOhGsIHB+kHM5WLvnBpY91ajTLm/sQEZtLit5j7Ge0pySN08LlPw5V4+RwT1q3RmUy0Sxpd/gWxAuN60g==
x-fb-trace-id: ABEUZvJ3X1+
date: Thu, 16 Sep 2021 05:23:46 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: A-wRTQX7uqkXeTJR_GNMIXU
cache-control: no-store
facebook-api-version: v4.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
465 B 43ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-86369720-1&cid=927231059.1631769826&jid=538721330&gjid=62776884&_gid=92620549.1631769826&_u=YEBAAUAAAAAAAC~&z=219055709

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.intigriti.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 16 Sep 2021 05:23:46 GMT
content-type: text/plain
access-control-allow-origin: https://blog.intigriti.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ATOS_PHOTO-FINAL-BIG-1.png
i0.wp.com/blog.intigriti.com/wp-content/uploads/2021/09/ 389 KB
389 KB 8ms
7ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.intigriti.com/wp-content/uploads/2021/09/ATOS_PHOTO-FINAL-BIG-1.png?w=463&ssl=1

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

a04cefad2223ee674c1a70a89bcd80b35e11f2b708511961289e7a152621cb8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Thu, 16 Sep 2021 05:23:46 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Sep 2021 12:51:32 GMT
server: nginx
etag: "4402ed014c522eba"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://blog.intigriti.com/wp-content/uploads/2021/09/ATOS_PHOTO-FINAL-BIG-1.png>; rel="canonical"
content-length: 398052
expires: Sat, 16 Sep 2023 00:51:32 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 9581 22 KB
5 KB 7ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/rlt-proxy.js?m=20210413
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202137
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-56cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Thu, 14 Apr 2022 02:02:07 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 9581 62 KB
16 KB 8ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20210818
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202137
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 8989d973021d7024c2754b7737946b2c421f66413502d75bf89386dda0c91291

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 05:01:55 GMT
server: nginx
etag: W/"611c9443-f79e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Thu, 18 Aug 2022 07:58:06 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 3D96 8 KB
3 KB 157ms
140ms Document
text/html 192.0.78.23
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/tannin/compat.min.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20210818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.23 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c6571876dfcbb11c6d3433e714f76c8acbf206b2be801cb65f63f18b9e3d510e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: public-api.wordpress.com
:scheme: https
:path: /wp-admin/rest-proxy/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://widgets.wp.com/

Response headers

server: nginx
date: Thu, 16 Sep 2021 05:23:46 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
set-cookie: wp_api=+; expires=Wed, 16-Sep-2020 05:23:46 GMT; Max-Age=0; path=/wp-admin/rest-proxy/; domain=public-api.wordpress.com; secure; SameSite=None wp_api_sec=+; expires=Wed, 16-Sep-2020 05:23:46 GMT; Max-Age=0; path=/; domain=public-api.wordpress.com; secure; HttpOnly; SameSite=None
content-encoding: gzip
x-ac: 1.hhn _dfw
strict-transport-security: max-age=15552000

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 41ms
19ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-86369720-1&cid=927231059.1631769826&jid=538721330&_u=YEBAAUAAAAAAAC~&z=567627103

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 05:23:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 40ms
18ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-86369720-1&cid=927231059.1631769826&jid=538721330&_u=YEBAAUAAAAAAAC~&z=567627103

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/2021/09/15/bug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Sep 2021 05:23:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
880 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:r%7COpen+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Requested by

Host: blog.intigriti.com
URL: https://blog.intigriti.com/wp-content/mu-plugins/wpcomsh/vendor/automattic/custom-fonts/js/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

22f536971681a9acaafa3e6bf0cd26c64eae39956aae72a4e867751bd2e0212b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 16 Sep 2021 05:23:46 GMT
server: ESF
date: Thu, 16 Sep 2021 05:23:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 16 Sep 2021 05:23:46 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v23/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:r%7COpen+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 05:03:27 GMT
x-content-type-options: nosniff
age: 519619
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:34 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 05:03:27 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:r%7COpen+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 13 Sep 2021 04:26:58 GMT
x-content-type-options: nosniff
age: 262608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 04:26:58 GMT

GET
H2 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v23/ 13 KB
14 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:r%7COpen+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4607112a6b3245394fee13973cf8cf8a22b727f919f60636436a945886005b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Mon, 13 Sep 2021 04:39:23 GMT
x-content-type-options: nosniff
age: 261863
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13792
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:08 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 04:39:23 GMT

GET
H2 200 memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2
fonts.gstatic.com/s/opensans/v23/ 13 KB
14 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/memnYaGs126MiZpBA-UFUKWiUNhrIqM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:r%7COpen+Sans:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8c17e5dd0633499e73cab90d02e2ee089e60b718c6a917e9b1c3b418c15c179

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.intigriti.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 22:14:37 GMT
x-content-type-options: nosniff
age: 25749
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13792
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 15 Sep 2022 22:14:37 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 3D96 22 KB
5 KB 6ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/rlt-proxy.js?m=20210413
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 16 Sep 2021 05:23:46 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-56cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Thu, 14 Apr 2022 02:02:07 GMT

GET
H2 204 boom.gif
pixel.wp.com/ 0
51 B 22ms
6ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.001&largest_contentful_paint=1026&provider=wordpress.com&service=atomic&effective_connection_type=4g&host_name=blog.intigriti.com&url_path=%2F2021%2F09%2F15%2Fbug-bytes-138-web-app-security-roadmap-owasp-top-10-request-smuggling-via-integer-overflow%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=44&nt_connectStart=44&nt_connectEnd=60&nt_secureConnectionStart=49&nt_requestStart=60&nt_responseStart=537&nt_responseEnd=551&nt_domLoading=540&nt_domInteractive=1144&nt_domContentLoadedEventStart=1144&nt_domContentLoadedEventEnd=1148&nt_domComplete=1714&nt_loadEventStart=1714&nt_loadEventEnd=1715&nt_redirectCount=0&nt_api_level=2&start_render=1026&first_contentful_paint=1026&resource_size=1222064&resource_transferred=462677&js_size=305796&js_transferred=97893&resource_cache_percent=0&js_cache_percent=0&last_resource_end=1709
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://blog.intigriti.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 05:23:48 GMT
cache-control: no-cache
server: nginx

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
blog.intigriti.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: d89a42ae1e7eab2349c1837f2fcdfefc
.intigriti.com/	1970-01-20 14:47:21	Name: _ga Value: GA1.2.927231059.1631769826
.intigriti.com/	1970-01-19 21:17:36	Name: _gid Value: GA1.2.92620549.1631769826
.intigriti.com/	1970-01-19 21:16:09	Name: _gat_gtag_UA_86369720_1 Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www-dev.intigriti.rocks/corner-arrow-black.ee701c1e3697f0c9d59a.svg Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www-dev.intigriti.rocks/footer-stripe.b3d6b2e36700ec2bfbf9.svg Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.intigriti.com
c0.wp.com
fonts.googleapis.com
fonts.gstatic.com
graph.facebook.com
i0.wp.com
i1.wp.com
pixel.wp.com
public-api.wordpress.com
s0.wp.com
secure.gravatar.com
stats.g.doubleclick.net
widgets.wp.com
www-dev.intigriti.rocks
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.intigriti.com
13.224.193.89
13.225.78.125
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
192.0.78.12
192.0.78.23
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2003
2a00:1450:4001:813::2004
2a00:1450:4001:828::2008
2a00:1450:4001:830::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c00::9a
2a03:2880:f02d:110:face:b00c:0:2
2a04:fa87:fffe::c000:4902
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
09692b251eb6e2745202db2b109785eddbf47c6f212bb4938f4870457d7aa85c
0c97c6ce5fdeb2d91e4bc6263d3714ca800b990c1994cf0b6dac0f23c8fbabfe
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
14dcc6529df4d3ced6a9ba2c45d3d7ac754e099b937e0186f2da0c610599eed2
1a0b51af7ff79f11c0a779bf478304fa451ac5587675952b8378b47f0a97504d
1ecaf445d3f1e63f15b6e423e287813a5675461cc9454184d0b49123b286cea4
22f536971681a9acaafa3e6bf0cd26c64eae39956aae72a4e867751bd2e0212b
231220ad755b65af7da21909df4ef6b97390205178661730918fd9c907769037
265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e
26b67bd22f5bf5f5192c88305f6b85bddebdd7b1a01b74238178c741b6e1a3e2
2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac
2b7ad361cce9dbab34c8fd714b379707d7aa40199bf90b90f9f19c7c1db5171b
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88
2f1091d2cc8a95bb5f0aedcac19a4514ff76585e0a812e99ce003ae460547006
32872225c70cc59428eea5fa412b86aa82e4f73ac5fa20fbe34ee1702ba270aa
3742b8f2006b7a23df3252c615bb113e94f77729ac9cc4b021e35517285cf0c2
37a14da858caee742741d5f558bc6489f9abcefee4aebb9f68db96106e38f2c1
3fa54e29f88aee644eaaac38e11681ea07858eb1ea76b1baae12597aae83fe82
486ea90736576a57aa2c8f67d1d09364f1739486c2ffc235013e57316d738ff3
4c71cab3e2b7defd9022059c922d2c91359df1ba71dd47e8543b108c70537f25
4edcad17f49c3045508e950836285ea5af38033d6ea5377675ff85f294e8aac8
53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f
550bee253a00a7e6089b3aa136a1f21d904592e93ee0740f08d4d36e4b1dcbe5
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d9190292acdd48ba0fc35080f7e7448f3cdf0d79199a4d23f0f49b5341fdf29
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
7fce939120a210b4d7374747554e1605d7f24c4df022196618c6b43ec5dd5645
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
84588d9ced8d05a424e8726107b7c365680fea343a29df1b460cba158cb4c238
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8989d973021d7024c2754b7737946b2c421f66413502d75bf89386dda0c91291
8c21cdf7be2219908a953d92fba153dcc7175f7ee238856bd9954da18b0e05dd
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
9178a82df64317d29d119ce43ed0b313125b87afdfe37830ed303c68fc00e030
9437740449797836ca274c468ba502dd46dceac9bb19c496718756b6d8adddde
98e1b3475e2568cb240726ac6edcfab418ecedf64c96649b5a9c213943368915
a04cefad2223ee674c1a70a89bcd80b35e11f2b708511961289e7a152621cb8a
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
aa4607112a6b3245394fee13973cf8cf8a22b727f919f60636436a945886005b
b0235a15ce86cc0d561ce726d0be42dc4730f800c721923367d6403ba00137ca
b328b002a9fa7a867f171bc838e4d3aa56bd782d669b06241b28b69a5f32aa18
b6a3475db5159959342dc95bd039bd3fbeef6cac992d0535c91d1dca1d718bf6
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8c17e5dd0633499e73cab90d02e2ee089e60b718c6a917e9b1c3b418c15c179
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c5fb3c6d4ea0131529fee01a0db2c052adb64e6e273f1c1a97e73bbd19250705
c6571876dfcbb11c6d3433e714f76c8acbf206b2be801cb65f63f18b9e3d510e
c6c8293e02709c803f07fba9cf6667a4daf03a758a403e99cd696a3fcf75209e
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
ccd1ae8d139b4ddb53c470f4a9ff95259b89b0572b88bc33b4baf78636f2782d
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708
cd590481fc0feed8a2a74ae07241740239275bbd6517d00825b2fb2a7f23b9a1
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f729c1ddd933cf04d614ebdde4df06fa768c8ac66485b37136f68a94304eccb7
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

blog.intigriti.com Open in urlscan Pro 192.0.78.12 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

71 Requests

100 %HTTPS

53 %IPv6

13 Domains

19 Subdomains

18 IPs

4 Countries

1184 kBTransfer

2212 kBSize

4 Cookies

119 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.intigriti.com Open in urlscan Pro
192.0.78.12 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

100 %
HTTPS

53 %
IPv6

13
Domains

19
Subdomains

18
IPs

4
Countries

1184 kB
Transfer

2212 kB
Size

4
Cookies

71 HTTP transactions
2 data transactions