akaki.io Open in urlscan Pro
2606:4700:20::6819:a517 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://akaki.io/2019/cloud-waf_bypass.html
Submission: On June 03 via manual (June 3rd 2019, 1:21:29 am UTC) from JP

Summary HTTP 27 Redirects Links 35 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 27 HTTP transactions. The main IP is 2606:4700:20::6819:a517, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is akaki.io.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on May 25th 2019. Valid for: 6 months.

This is the only time akaki.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
24	2606:4700:20:... 2606:4700:20::6819:a517		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:81f::2008		15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:814::200e		15169 (GOOGLE) (GOOGLE - Google LLC)
27	3

24 2606:4700:20::6819:a517 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

akaki.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	akaki.io akaki.io	2 MB
2	google-analytics.com www.google-analytics.com	17 KB
1	googletagmanager.com www.googletagmanager.com	25 KB
27	3

	Domain	Requested by
24	akaki.io	akaki.io
2	www.google-analytics.com	www.googletagmanager.com akaki.io
1	www.googletagmanager.com	akaki.io
27	3

This site contains links to these domains. Also see Links.

Domain
medium.com
twitter.com
github.com
www.blackhat.com
distrinet.cs.kuleuven.be
nmap.org
dnsdumpster.com
crt.sh
www.farsightsecurity.com
securitytrails.com
toolbar.netcraft.com
viewdns.info
www.crimeflare.org
gist.github.com
cloudpiercer.org
www.domaintools.com
myip.ms
www.cloudflare.com
blog.christophetd.fr
blog.cloudflare.com
blogs.akamai.com
help.github.com
www.1337pwn.com
www.ericzhang.me
www.wordfence.com
www.rootusers.com
support.cloudflare.com
www.secjuice.com
blog.0day.rocks

Subject Issuer	Validity	Valid
ssl378557.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-05-25` - `2019-12-01`	6 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://akaki.io/2019/cloud-waf_bypass.html
Frame ID: 9B9E88C7A90030DB7ACE23A036DA3943
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

GitBook (Documentation Tools) Expand

Overall confidence: 100%
Detected patterns

meta generator /GitBook(?:.([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

27
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

2070 kB
Transfer

3545 kB
Size

4
Cookies

35 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/bugbountywriteup/bypass-cloudflare-waf-to-pwned-application-2c9e4f862319
Title: How i was able to pwned application by Bypassing Cloudflare WAF

Search URL Search Domain Scan URL

URL: https://twitter.com/vis_hacker
Title: @vis_hacker

Search URL Search Domain Scan URL

URL: https://github.com/christophetd/CloudFlair
Title: CloudFlair

Search URL Search Domain Scan URL

URL: https://twitter.com/christophetd
Title: @christophetd

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/us-13/archives.html#Nixon
Title: DDoS Protection Bypass Techniques

Search URL Search Domain Scan URL

URL: https://distrinet.cs.kuleuven.be/news/2016/BypassingCloud.pdf
Title: Maneuvering Around Clouds: Bypassing Cloud-based Security Providers

Search URL Search Domain Scan URL

URL: https://nmap.org/nsedoc/scripts/dns-brute.html
Title: dns-brute

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/Amass
Title: Amass

Search URL Search Domain Scan URL

URL: https://dnsdumpster.com/
Title: DNSdumpster

Search URL Search Domain Scan URL

URL: https://crt.sh/
Title: crt.sh

Search URL Search Domain Scan URL

URL: https://www.farsightsecurity.com/solutions/dnsdb/
Title: DNSDB

Search URL Search Domain Scan URL

URL: https://securitytrails.com/dns-trails
Title: SecurityTrails

Search URL Search Domain Scan URL

URL: https://toolbar.netcraft.com/site_report
Title: Netcraft

Search URL Search Domain Scan URL

URL: https://viewdns.info/iphistory/
Title: ViewDNS.info

Search URL Search Domain Scan URL

URL: http://www.crimeflare.org:82/cfs.html
Title: Crimeflare

Search URL Search Domain Scan URL

URL: https://github.com/vincentcox/bypass-firewalls-by-DNS-history
Title: Bypass firewalls by abusing DNS history

Search URL Search Domain Scan URL

URL: https://gist.github.com/chokepoint/28bed027606c5086ed9eeb274f3b840a
Title: Cloudsnare

Search URL Search Domain Scan URL

URL: https://github.com/Warflop/CloudBunny
Title: CloudBunny

Search URL Search Domain Scan URL

URL: https://cloudpiercer.org/
Title: CloudPiercer

Search URL Search Domain Scan URL

URL: https://www.domaintools.com/
Title: DomainTools

Search URL Search Domain Scan URL

URL: https://myip.ms/
Title: Myip.ms

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/products/argo-tunnel/
Title: Argo Tunnel

Search URL Search Domain Scan URL

URL: https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
Title: https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/

Search URL Search Domain Scan URL

URL: https://blog.cloudflare.com/ddos-prevention-protecting-the-origin/
Title: https://blog.cloudflare.com/ddos-prevention-protecting-the-origin/

Search URL Search Domain Scan URL

URL: https://blogs.akamai.com/2013/08/bypassing-content-delivery-security.html
Title: https://blogs.akamai.com/2013/08/bypassing-content-delivery-security.html

Search URL Search Domain Scan URL

URL: https://help.github.com/en/articles/setting-up-an-apex-domain#configuring-a-records-with-your-dns-provider
Title: https://help.github.com/en/articles/setting-up-an-apex-domain#configuring-a-records-with-your-dns-provider

Search URL Search Domain Scan URL

URL: https://www.1337pwn.com/how-to-find-real-ip-address-website-behind-cloudflare/
Title: https://www.1337pwn.com/how-to-find-real-ip-address-website-behind-cloudflare/

Search URL Search Domain Scan URL

URL: https://www.ericzhang.me/resolve-cloudflare-ip-leakage/
Title: https://www.ericzhang.me/resolve-cloudflare-ip-leakage/

Search URL Search Domain Scan URL

URL: https://www.wordfence.com/blog/2016/10/endpoint-vs-cloud-security-cloud-waf-bypass-problem/
Title: https://www.wordfence.com/blog/2016/10/endpoint-vs-cloud-security-cloud-waf-bypass-problem/

Search URL Search Domain Scan URL

URL: https://www.rootusers.com/find-the-ip-address-of-a-website-behind-cloudflare/
Title: https://www.rootusers.com/find-the-ip-address-of-a-website-behind-cloudflare/

Search URL Search Domain Scan URL

URL: https://blog.cloudflare.com/thoughts-on-abuse/
Title: https://blog.cloudflare.com/thoughts-on-abuse/

Search URL Search Domain Scan URL

URL: https://support.cloudflare.com/hc/en-us/articles/200170166-General-website-security-guidelines
Title: https://support.cloudflare.com/hc/en-us/articles/200170166-General-website-security-guidelines

Search URL Search Domain Scan URL

URL: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-Cloudflare-s-IP-addresses-in-iptables-
Title: https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-Cloudflare-s-IP-addresses-in-iptables-

Search URL Search Domain Scan URL

URL: https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/
Title: https://www.secjuice.com/finding-real-ips-of-origin-servers-behind-cloudflare-or-tor/

Search URL Search Domain Scan URL

URL: https://blog.0day.rocks/securing-a-web-hidden-service-89d935ba1c1d
Title: https://blog.0day.rocks/securing-a-web-hidden-service-89d935ba1c1d

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cloud-waf_bypass.html Show response
akaki.io/2019/ 63 KB
11 KB 190ms
124ms Document
text/html 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2770ec15a30135ac457f660d58c135f35f1c731fb829b3c8a31bd316a7ea7ae

Request headers

:method: GET
:authority: akaki.io
:scheme: https
:path: /2019/cloud-waf_bypass.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Mon, 03 Jun 2019 01:21:11 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=db0be3bca6e7377633886bda687b5208a1559524871; expires=Tue, 02-Jun-20 01:21:11 GMT; path=/; domain=.akaki.io; HttpOnly
last-modified: Mon, 27 May 2019 08:46:45 GMT
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 01:31:11 GMT
cache-control: max-age=600
x-github-request-id: FD7E:0E27:6F18E9:90B549:5CF47606
via: 1.1 varnish
age: 0
x-served-by: cache-fra19140-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1559524871.245948,VS0,VE97
vary: Accept-Encoding
x-fastly-request-id: 7602a32253a4a6a94db0ed7249a8c29205aed86d
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4e0dd94d2dad9ac8-FRA
content-encoding: br

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 64 KB
25 KB 41ms
23ms Script
application/javascript 2a00:1450:4001:81f::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-136221103-1

Requested by

Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

92110fc8aa93a11bdd2b26335173184e81d5b5dec6827558d063b6c451f7bc41

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 01:21:11 GMT
content-encoding: br
last-modified: Thu, 30 May 2019 16:41:01 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25343
x-xss-protection: 0
expires: Mon, 03 Jun 2019 01:21:11 GMT

GET
H2 200 style.css
akaki.io/gitbook/ 51 KB
10 KB 15ms
13ms Stylesheet
text/css 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/style.css
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34371ebc05d2283de5af24b3edd218002b10e3ac9354f30b29d7c7547e711d71

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 38b63d8ac96a8af68d5049aede1de0e2a2476bd9
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1537-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 9A66:0B4A:7467C3:97BCFA:5CF47602
x-timer: S1559524867.872540,VS0,VE96
etag: W/"5ceba3f5-cddd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e0e7d9ac8-FRA
x-cache-hits: 0

GET
H2 200 website.css
akaki.io/gitbook/gitbook-plugin-highlight/ 31 KB
2 KB 14ms
13ms Stylesheet
text/css 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-highlight/website.css
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd0cb0ef3d5418da8f6f1368101a6c710dc6c150e0b3022abc66f76cd84369f8

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: abab97737ec86cb54c87a77a092de7e3f4480243
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-fra19134-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: E87C:5BBF:787666:9CF636:5CF475FC
x-timer: S1559524867.878372,VS0,VE94
etag: W/"5ceba3f5-7ad6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e0e7e9ac8-FRA
x-cache-hits: 0

GET
H2 200 search.css
akaki.io/gitbook/gitbook-plugin-search/ 974 B
454 B 14ms
12ms Stylesheet
text/css 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-search/search.css
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f391f37697089a5a2fc326ec0ff55bca5752e18a2e6ec8460334327413d57b3

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 5ca86c97478ac9a763519dbf9ec9ae06f2f554ad
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-fra19156-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 1EC2:2009:774288:9B173D:5CF47600
x-timer: S1559524867.877938,VS0,VE92
etag: W/"5ceba3f5-3ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e0e809ac8-FRA
x-cache-hits: 0

GET
H2 200 website.css
akaki.io/gitbook/gitbook-plugin-fontsettings/ 8 KB
1 KB 15ms
14ms Stylesheet
text/css 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-fontsettings/website.css
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f9d5c7aa04f5041cb92a76de4499813854450d9599cee78f2ee7e8e0f31bc0b

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: d38e77516bd2cd0a6bb385d87eb2623f2fbbc145
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1548-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 448A:7794:41B568:559482:5CF47601
x-timer: S1559524867.880529,VS0,VE92
etag: W/"5ceba3f5-2194"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e0e829ac8-FRA
x-cache-hits: 0

GET
H2 200 book.css
akaki.io/ 228 B
371 B 13ms
11ms Stylesheet
text/css 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/book.css
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a3dcb7cbbf1910c0f895a5febb601a1c5adeb5ada158e3fa7eb2af0ef1673e78

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 46ca29bf071dc17e4e3afe5b2be7191c7d052f86
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1551-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 09BC:5E88:1C6270:257075:5CF47602
x-timer: S1559524867.881492,VS0,VE90
etag: W/"5ceba3f5-e4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e0e839ac8-FRA
x-cache-hits: 0

GET
H2 200 cloud-waf.png
akaki.io/assets/ 52 KB
52 KB 21ms
19ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/cloud-waf.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c806ffba6fed541efbafcbb166048a131d60161f44835c47389d56b60d57c7bd

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: a7c2438677e791937c908b7ded83208607f97984
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 52952
x-served-by: cache-fra19173-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 5036:1FC2:7AF2B4:A0560C:5CF47603
x-timer: S1559524867.880754,VS0,VE528
etag: "5ceba3f5-ced8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e0e849ac8-FRA
x-cache-hits: 0

GET
H2 200 dig_ns.png
akaki.io/assets/ 141 KB
142 KB 20ms
12ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/dig_ns.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5489d5f2dd3e02b32ba0544c0ace9572a1741ced13da8062b7736ee2614805a5

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: d22414107cc87c3211b062c06660398380321189
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 144590
x-served-by: cache-hhn1533-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: F924:216C:4568CA:5A6F68:5CF47603
x-timer: S1559524867.883924,VS0,VE617
etag: "5ceba3f5-234ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e969ac8-FRA
x-cache-hits: 0

GET
H2 200 dig_a.png
akaki.io/assets/ 193 KB
193 KB 26ms
19ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/dig_a.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d55f48b67a2dc302be1558c7708b74cb289d8361d4bc66120c9aa56e5a8d605b

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: a8081615ab3d1bedbfad4ab8dbffdc93ba11de6a
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 197704
x-served-by: cache-fra19126-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: D0DC:3207:709FE1:932147:5CF47601
x-timer: S1559524867.882016,VS0,VE105
etag: "5ceba3f5-30448"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e979ac8-FRA
x-cache-hits: 0

GET
H2 200 cloudflare-waf.png
akaki.io/assets/ 566 KB
567 KB 24ms
17ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/cloudflare-waf.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 398f0730baadbe3be15f23462dfe5dea397775ff23cd62d27bdc0ab1398cfdf3

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: c806d526163864611c893574111e003813d8cca0
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 579326
x-served-by: cache-hhn1527-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 1006:65F9:824DDC:A98AE8:5CF47602
x-timer: S1559524867.887495,VS0,VE95
etag: "5ceba3f5-8d6fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e989ac8-FRA
x-cache-hits: 0

GET
H2 200 cloud-waf_bypass.png
akaki.io/assets/ 71 KB
71 KB 28ms
21ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/cloud-waf_bypass.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7f75c456ba937ea960339bb4ff0e80c97862ffb2609b813fbeebdf9adac8fa

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 62387dc56ab56f11388acaf627efb60544259472
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 72822
x-served-by: cache-fra19133-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 2082:01DD:8324CA:AB1E9D:5CF47602
x-timer: S1559524867.882697,VS0,VE91
etag: "5ceba3f5-11c76"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e999ac8-FRA
x-cache-hits: 0

GET
H2 200 cloudflare-waf_bypass.png
akaki.io/assets/ 189 KB
189 KB 28ms
22ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/cloudflare-waf_bypass.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a76549a4d6e3513a927def3f2a316be3f87b13ee5dbc4941e7715130c8b8514

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: f83c9dc6e9b0fa8275d8c152588abb108ef9d302
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 193038
x-served-by: cache-hhn1528-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: A06E:36EB:780431:9BE4C4:5CF47602
x-timer: S1559524867.882627,VS0,VE271
etag: "5ceba3f5-2f20e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e9a9ac8-FRA
x-cache-hits: 0

GET
H2 200 outbound.png
akaki.io/assets/ 76 KB
77 KB 28ms
21ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/outbound.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 061a9dce89072533b498ae02e81eb826ea65cd76b45c590959af940e41d5c0c7

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 60f0f3c695833d58a7bfedfd5fa766b2e0b0f3e4
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 78328
x-served-by: cache-hhn1524-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: F548:6E04:7CCE45:A301B5:5CF47602
x-timer: S1559524867.885910,VS0,VE92
etag: "5ceba3f5-131f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e9b9ac8-FRA
x-cache-hits: 0

GET
H2 200 dig_txt.png
akaki.io/assets/ 179 KB
180 KB 27ms
21ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/dig_txt.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba2778f53868c190be64d7fd4f371df9f8802899a479a4af46cd2690dc92194b

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 99838ce64917d3f24cb46ead340537c278f92eb0
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 183337
x-served-by: cache-hhn1534-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: BF4E:148B:C3F0D:104C92:5CF47602
x-timer: S1559524867.888288,VS0,VE92
etag: "5ceba3f5-2cc29"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e9c9ac8-FRA
x-cache-hits: 0

GET
H2 200 cloudpiercer.png
akaki.io/assets/ 235 KB
235 KB 28ms
22ms Image
image/png 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://akaki.io/assets/cloudpiercer.png
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 008966ac564ecb964bbccad123d08ee66589a7ab80d9f5b6c0f942c92d239d4d

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: f115ccf58e0100570c8d160d57a7b1faf10409ad
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-length: 240528
x-served-by: cache-hhn1535-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 723C:55E3:1AEE9F:2379A1:5CF47602
x-timer: S1559524867.884415,VS0,VE95
etag: "5ceba3f5-3ab90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e2e9d9ac8-FRA
x-cache-hits: 0

GET
H2 200 gitbook.js Show response
akaki.io/gitbook/ 103 KB
35 KB 36ms
27ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7930d498d5c2baf37d89a9388b69d6afe189d785238e2a017670af3cc1ffc821

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 58ff587209ad9d9dd65fb4ceaa53295ce7d616a1
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1538-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 86CE:2F73:B35AC:F0CB4:5CF47602
x-timer: S1559524867.884331,VS0,VE97
etag: W/"5ceba3f5-19bb9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e8f9ac8-FRA
x-cache-hits: 0

GET
H2 200 theme.js Show response
akaki.io/gitbook/ 111 KB
38 KB 31ms
22ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/theme.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b67d493be64b4e93aab64d39d0a37702d72bec1a1bb649e5138675fa0b576ff

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: b22c893cbfe8efe486b2b3aafeeeaead08fb1f41
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-fra19176-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 9EC2:0A1F:809225:A724CD:5CF475FC
x-timer: S1559524867.875551,VS0,VE128
etag: W/"5ceba3f5-1ba70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e909ac8-FRA
x-cache-hits: 0

GET
H2 200 search-engine.js Show response
akaki.io/gitbook/gitbook-plugin-search/ 1 KB
633 B 23ms
14ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-search/search-engine.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: dd7a202dcd1a1ab6b3ea7561e634dab3e9262d96d03608724d19c29846277097

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 61c338f1cf5aba0976a5f461e86592071ce8207f
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-fra19131-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 5626:2009:774288:9B16CA:5CF475FD
x-timer: S1559524867.880161,VS0,VE105
etag: W/"5ceba3f5-4f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e919ac8-FRA
x-cache-hits: 0

GET
H2 200 search.js Show response
akaki.io/gitbook/gitbook-plugin-search/ 6 KB
2 KB 23ms
15ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-search/search.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09f0db0b09f1f032555d7545bf74d7ba93c12a908d2e2d4527063b4b7881e99a

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: ad074807e8cb18763eb20253e099d72ac50b32d5
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-fra19139-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 4C2C:55E6:778392:9B550C:5CF475FF
x-timer: S1559524867.881678,VS0,VE92
etag: W/"5ceba3f5-18e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e929ac8-FRA
x-cache-hits: 0

GET
H2 200 lunr.min.js Show response
akaki.io/gitbook/gitbook-plugin-lunr/ 15 KB
5 KB 21ms
13ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-lunr/lunr.min.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfc153429b0b70ef8d836763d31f32b69ef262c1e9925534846b4258fa9c764e

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 0b9d2eb9306697bee4bfa804f0a318ef00565518
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1535-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 83EE:0A1F:809226:A725D2:5CF47602
x-timer: S1559524867.883097,VS0,VE109
etag: W/"5ceba3f5-3a9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e939ac8-FRA
x-cache-hits: 0

GET
H2 200 search-lunr.js Show response
akaki.io/gitbook/gitbook-plugin-lunr/ 2 KB
739 B 28ms
21ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-lunr/search-lunr.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5c482c155f619152557926aa8eeb3d4c044192e95782fe32631cacee45ab609

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: afc7ba3c2b8b994bf253b759cc1b9ae56fc83e5f
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1541-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: 5A42:5E71:790729:9DC263:5CF47602
x-timer: S1559524867.882220,VS0,VE92
etag: W/"5ceba3f5-650"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e949ac8-FRA
x-cache-hits: 0

GET
H2 200 fontsettings.js Show response
akaki.io/gitbook/gitbook-plugin-fontsettings/ 6 KB
2 KB 28ms
20ms Script
application/javascript 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/gitbook-plugin-fontsettings/fontsettings.js
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d93862986b341b2b43b077e27e3045629e9a3fa514f99d66f475f93cfc449c12

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 1f7fc8ed6727538a787dbc323788256d3a701306
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: HIT
x-cache: MISS
status: 200
content-encoding: br
x-served-by: cache-hhn1525-HHN
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: E25C:148F:73358E:962175:5CF47602
x-timer: S1559524867.883357,VS0,VE111
etag: W/"5ceba3f5-192f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
cf-ray: 4e0dd94e2e959ac8-FRA
x-cache-hits: 0

GET
H2 200 fontawesome-webfont.woff2
akaki.io/gitbook/fonts/fontawesome/ 70 KB
71 KB 22ms
21ms Font
font/woff2 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/gitbook/fonts/fontawesome/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://akaki.io/gitbook/style.css
Origin: https://akaki.io

Response headers

x-fastly-request-id: f7c0c082a8a918120e51223abeb8ce11c3c44552
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
cf-cache-status: MISS
x-cache: HIT
status: 200
content-length: 71896
x-served-by: cache-fra19141-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: E87C:5BBF:78766E:9CF732:5CF47602
x-timer: S1559524871.437328,VS0,VE1
etag: "5ceba3f5-118d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Mon, 03 Jun 2019 05:21:11 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4e0dd94e6ecb9ac8-FRA
x-cache-hits: 1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-136221103-1

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 May 2019 23:53:44 GMT
server: Golfe2
age: 6516
date: Sun, 02 Jun 2019 23:32:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17595
expires: Mon, 03 Jun 2019 01:32:35 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 14ms
13ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j76&a=279195935&t=pageview&_s=1&dl=https%3A%2F%2Fakaki.io%2F2019%2Fcloud-waf_bypass.html&ul=en-us&de=UTF-8&dt=%E3%82%AA%E3%83%AA%E3%82%B8%E3%83%B3IP%E3%81%AE%E7%89%B9%E5%AE%9A%E3%81%AB%E3%82%88%E3%82%8B%E3%82%AF%E3%83%A9%E3%82%A6%E3%83%89%E5%9E%8BWAF%E3%81%AE%E3%83%90%E3%82%A4%E3%83%91%E3%82%B9%20%C2%B7%20GitBook&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1331021328&gjid=722567913&cid=1184729031.1559524872&tid=UA-136221103-1&_gid=1501875499.1559524872&_r=1&gtm=2ou5m0&z=1162707451

Requested by

Host: akaki.io
URL: https://akaki.io/2019/cloud-waf_bypass.html

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://akaki.io/2019/cloud-waf_bypass.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jun 2019 01:21:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 search_index.json Show response
akaki.io/ 1 MB
142 KB 22ms
21ms XHR
application/json 2606:4700:20::6819:a517
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://akaki.io/search_index.json
Requested by: Host: akaki.io
URL: https://akaki.io/gitbook/gitbook.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::6819:a517 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 798753d82b1766e3b485a3d352c4b7132602e225d1c14c2c344836bfb2371e8d

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://akaki.io/2019/cloud-waf_bypass.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fastly-request-id: 513b238883aa8605fe2c243afa1d875cf36b619a
date: Mon, 03 Jun 2019 01:21:11 GMT
via: 1.1 varnish
age: 4
x-cache: HIT
status: 200
x-cache-hits: 1
content-encoding: br
x-served-by: cache-fra19147-FRA
last-modified: Mon, 27 May 2019 08:46:45 GMT
server: cloudflare
x-github-request-id: F66E:113B:465B6E:5B8CDF:5CF47601
x-timer: S1559524872.774164,VS0,VE1
etag: W/"5ceba3f5-13cc48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
cf-ray: 4e0dd95088799ac8-FRA
expires: Mon, 03 Jun 2019 01:31:07 GMT

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| gtag object| dataLayer object| gitbook function| $ function| jQuery function| require object| google_tag_manager string| GoogleAnalyticsObject function| ga function| Mousetrap function| lunr object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.akaki.io/	1970-01-19 01:12:04	Name: _gat_gtag_UA_136221103_1 Value: 1
			.akaki.io/	1970-01-19 18:43:16	Name: _ga Value: GA1.2.1184729031.1559524872
			.akaki.io/	1970-01-19 01:13:31	Name: _gid Value: GA1.2.1501875499.1559524872
			.akaki.io/	1970-01-19 09:57:40	Name: __cfduid Value: db0be3bca6e7377633886bda687b5208a1559524871

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://akaki.io/gitbook/gitbook.js(Line 4) Message: page has changed

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

akaki.io
www.google-analytics.com
www.googletagmanager.com
2606:4700:20::6819:a517
2a00:1450:4001:814::200e
2a00:1450:4001:81f::2008
008966ac564ecb964bbccad123d08ee66589a7ab80d9f5b6c0f942c92d239d4d
061a9dce89072533b498ae02e81eb826ea65cd76b45c590959af940e41d5c0c7
09f0db0b09f1f032555d7545bf74d7ba93c12a908d2e2d4527063b4b7881e99a
2f9d5c7aa04f5041cb92a76de4499813854450d9599cee78f2ee7e8e0f31bc0b
34371ebc05d2283de5af24b3edd218002b10e3ac9354f30b29d7c7547e711d71
398f0730baadbe3be15f23462dfe5dea397775ff23cd62d27bdc0ab1398cfdf3
3a76549a4d6e3513a927def3f2a316be3f87b13ee5dbc4941e7715130c8b8514
5489d5f2dd3e02b32ba0544c0ace9572a1741ced13da8062b7736ee2614805a5
5c7f75c456ba937ea960339bb4ff0e80c97862ffb2609b813fbeebdf9adac8fa
5f391f37697089a5a2fc326ec0ff55bca5752e18a2e6ec8460334327413d57b3
7930d498d5c2baf37d89a9388b69d6afe189d785238e2a017670af3cc1ffc821
798753d82b1766e3b485a3d352c4b7132602e225d1c14c2c344836bfb2371e8d
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8b67d493be64b4e93aab64d39d0a37702d72bec1a1bb649e5138675fa0b576ff
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
92110fc8aa93a11bdd2b26335173184e81d5b5dec6827558d063b6c451f7bc41
a3dcb7cbbf1910c0f895a5febb601a1c5adeb5ada158e3fa7eb2af0ef1673e78
ba2778f53868c190be64d7fd4f371df9f8802899a479a4af46cd2690dc92194b
c806ffba6fed541efbafcbb166048a131d60161f44835c47389d56b60d57c7bd
cfc153429b0b70ef8d836763d31f32b69ef262c1e9925534846b4258fa9c764e
d2770ec15a30135ac457f660d58c135f35f1c731fb829b3c8a31bd316a7ea7ae
d55f48b67a2dc302be1558c7708b74cb289d8361d4bc66120c9aa56e5a8d605b
d93862986b341b2b43b077e27e3045629e9a3fa514f99d66f475f93cfc449c12
dd0cb0ef3d5418da8f6f1368101a6c710dc6c150e0b3022abc66f76cd84369f8
dd7a202dcd1a1ab6b3ea7561e634dab3e9262d96d03608724d19c29846277097
f5c482c155f619152557926aa8eeb3d4c044192e95782fe32631cacee45ab609