urlscan.io logo urlscan.io
SecurityTrails logo

www.stealmylogin.com Open in urlscan Pro
13.215.144.61  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://stealmylogin.com/
Effective URL: https://www.stealmylogin.com/
Submission: On November 10 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 2 countries across 10 domains to perform 47 HTTP transactions. The main IP is 13.215.144.61, located in Singapore, Singapore and belongs to AMAZON-02, US. The main domain is www.stealmylogin.com.
TLS certificate: Issued by R3 on November 6th 2023. Valid for: 3 months.
This is the only time www.stealmylogin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 13.215.144.61 16509 (AMAZON-02)
4 192.229.237.25 15133 (EDGECAST)
1 157.240.235.35 32934 (FACEBOOK)
4 199.232.196.134 54113 (FASTLY)
2 74.125.24.97 15169 (GOOGLE)
1 7 151.101.192.134 54113 (FASTLY)
2 104.244.42.8 13414 (TWITTER)
4 157.240.235.1 32934 (FACEBOOK)
18 18.161.111.94 16509 (AMAZON-02)
2 74.125.130.95 ()
47 11
3    13.215.144.61 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-215-144-61.ap-southeast-1.compute.amazonaws.com
stealmylogin.com
www.stealmylogin.com
4    192.229.237.25 (Marlborough, United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
1    157.240.235.35 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-04-sin6.facebook.com
www.facebook.com
4    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
stealmylogin.disqus.com
2    74.125.24.97 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f97.1e100.net
ssl.google-analytics.com
7    151.101.192.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
2    104.244.42.8 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
4    157.240.235.1 (Singapore, Singapore)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-04-sin6.fbcdn.net
static.xx.fbcdn.net
connect.facebook.net
18    18.161.111.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-161-111-94.mrs52.r.cloudfront.net
c.disquscdn.com
2    74.125.130.95 (None, )

ASN- ()
fonts.googleapis.com
Apex Domain
Subdomains		 Transfer
18 disquscdn.com
c.disquscdn.com — Cisco Umbrella Rank: 5610
a.disquscdn.com Failed
396 KB
11 disqus.com
stealmylogin.disqus.com
disqus.com — Cisco Umbrella Rank: 1282
107 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1186
syndication.twitter.com — Cisco Umbrella Rank: 1447
148 KB
3 stealmylogin.com
stealmylogin.com
www.stealmylogin.com
4 KB
2 facebook.net
connect.facebook.net
2 KB
2 googleapis.com
fonts.googleapis.com
2 KB
2 fbcdn.net
static.xx.fbcdn.net — Cisco Umbrella Rank: 933
137 KB
2 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 574
17 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 110
17 KB
0 google.com Failed
apis.google.com Failed
47 10
Domain Requested by
18 c.disquscdn.com disqus.com
c.disquscdn.com
7 disqus.com 1 redirects stealmylogin.disqus.com
c.disquscdn.com
4 stealmylogin.disqus.com www.stealmylogin.com
stealmylogin.disqus.com
disqus.com
4 platform.twitter.com www.stealmylogin.com
platform.twitter.com
2 connect.facebook.net c.disquscdn.com
connect.facebook.net
2 fonts.googleapis.com client
2 static.xx.fbcdn.net www.facebook.com
2 syndication.twitter.com platform.twitter.com
www.stealmylogin.com
2 ssl.google-analytics.com www.stealmylogin.com
2 stealmylogin.com 2 redirects
1 www.facebook.com www.stealmylogin.com
1 www.stealmylogin.com
0 apis.google.com Failed c.disquscdn.com
0 a.disquscdn.com Failed
47 14
Subject Issuer Validity Valid
*.stealmylogin.com
R3		 2023-11-06 -
2024-02-04		 3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-28 -
2024-07-26		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-08-19 -
2023-11-17		 3 months crt.sh
*.disqus.com
Sectigo RSA Domain Validation Secure Server CA		 2023-04-13 -
2024-04-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
syndication.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-12 -
2024-10-12		 a year crt.sh
a.disquscdn.com
Amazon RSA 2048 M01		 2023-08-31 -
2024-09-27		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://www.stealmylogin.com/
Frame ID: 397F38598A0B5F99FA37901A1A28D58D
Requests: 10 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwwwl.stealmylogin.com%2F&layout=button_count&show_faces=true&width=450&action=like&font=arial&colorscheme=light&height=21
Frame ID: 0A7109CC593DED21510EE8A839D13310
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.stealmylogin.com
Frame ID: CE5A19F7DE4540608372FDAF66D56089
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.d37472b4a6622d0b1fff46ad904f6896.en.html
Frame ID: 62E56F44486BB10A69A14326CB410633
Requests: 2 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
Frame ID: E78FC2503932F3729B5B5B01907CFB06
Requests: 22 HTTP requests in this frame

Frame: https://disqus.com/recommendations/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms
Frame ID: 94AEB80A0BA65536C573604A717D7BCD
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

StealMyLogin.com - exposing the dangers of insecure login forms

Page URL History Show full URLs

  1. http://stealmylogin.com/ HTTP 301
    https://stealmylogin.com/ HTTP 301
    https://www.stealmylogin.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div[^>]+id="disqus_thread"
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Page Statistics

47
Requests

91 %
HTTPS

0 %
IPv6

10
Domains

14
Subdomains

11
IPs

2
Countries

829 kB
Transfer

2801 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://stealmylogin.com/ HTTP 301
    https://stealmylogin.com/ HTTP 301
    https://www.stealmylogin.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://disqus.com/forums/stealmylogin/count.js HTTP 302
  • https://stealmylogin.disqus.com/count.js

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.stealmylogin.com/
Redirect Chain
  • http://stealmylogin.com/
  • https://stealmylogin.com/
  • https://www.stealmylogin.com/
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.stealmylogin.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.215.144.61 Singapore, Singapore, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-215-144-61.ap-southeast-1.compute.amazonaws.com
Software
Netlify /
Resource Hash
011f39efc71b98b19ea39718ebb7676a4fc5da761736cc39480991b910d821a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
205173
cache-control
public,max-age=0,must-revalidate
content-encoding
br
content-length
3340
content-type
text/html; charset=UTF-8
date
Fri, 10 Nov 2023 05:24:35 GMT
etag
"333618fcf7be2313b8e89e27c11f38bd-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-nf-request-id
01HEVV0WAZVG7QWGEBBJHM80DB

Redirect headers

content-length
44
content-type
text/plain; charset=utf-8
date
Fri, 10 Nov 2023 05:24:35 GMT
location
https://www.stealmylogin.com/
server
Netlify
strict-transport-security
max-age=31536000
x-nf-request-id
01HEVV0W5ZYM297BM9NEBAV94T
widgets.js
platform.twitter.com/ 		91 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.237.25 Marlborough, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mbw/47B3) /
Resource Hash
9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:36 GMT
Content-Encoding
gzip
Age
851
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
27598
Last-Modified
Mon, 09 Oct 2023 20:29:49 GMT
Server
ECS (mbw/47B3)
Etag
"391b7fdf0c468036f27102529636f0ca+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=1800
Vary
Accept-Encoding
like.php
www.facebook.com/plugins/ Frame 0A71 		46 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwwwl.stealmylogin.com%2F&layout=button_count&show_faces=true&width=450&action=like&font=arial&colorscheme=light&height=21
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.235.35 Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-04-sin6.facebook.com
Software
/
Resource Hash
eaa188308e12fad99cbfc13ebb2c1501e2ce2bd812689686448a5d51d107487e
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.stealmylogin.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Fri, 10 Nov 2023 05:24:37 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=()
pragma
no-cache
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints
default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
DyqaEYrYcVq6vdcd2Y1NYXBUTUiwis6KtNp28GEcJiWG895RuvUWfNeL+3C/hd/4auZvM8yfo4xwyTc4deovcg==
x-xss-protection
0
embed.js
stealmylogin.disqus.com/ 		78 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stealmylogin.disqus.com/embed.js
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
d0d97e64c24e22ac6827d43208e8e15a9411bb8a598c2ab3d22b2452cf92b643
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:37 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
Server
openresty
Age
0
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
25430
ga.js
ssl.google-analytics.com/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f97.1e100.net
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 10 Nov 2023 04:41:54 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
2562
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Fri, 10 Nov 2023 06:41:54 GMT
count.js
stealmylogin.disqus.com/
Redirect Chain
  • https://disqus.com/forums/stealmylogin/count.js
  • https://stealmylogin.disqus.com/count.js
1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stealmylogin.disqus.com/count.js
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
HTTP/1.1
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:37 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=300; includeSubdomains
X-Amz-Cf-Pop
DFW3-C1
Age
142
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
871
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 08 Nov 2023 16:13:52 GMT
Server
nginx
ETag
"654bb3c0-367"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=300
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id
cjP0j6X6D3VB654spwUhSmgjDW2tTk5J9nbpKIXDfS8PD6-rx-l68w==

Redirect headers

Date
Fri, 10 Nov 2023 05:24:36 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
Server
Varnish
Location
https://stealmylogin.disqus.com/count.js
Cache-Control
public, max-age=3600
Cross-Origin-Resource-Policy
cross-origin
Connection
close
Content-Length
0
widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html
platform.twitter.com/widgets/ Frame CE5A 		319 KB
104 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.stealmylogin.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.237.25 Marlborough, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mbw/479D) /
Resource Hash
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer
https://www.stealmylogin.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
2710321
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105429
Content-Type
text/html; charset=utf-8
Date
Fri, 10 Nov 2023 05:24:36 GMT
Etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified
Mon, 09 Oct 2023 20:29:18 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (mbw/479D)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
settings
syndication.twitter.com/ Frame CE5A 		870 B
661 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=3edadef783f4a0a1eaa26f8d4e5fd95ca0b1b588
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.d37472b4a6622d0b1fff46ad904f6896.html?origin=https%3A%2F%2Fwww.stealmylogin.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_r /
Resource Hash
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
146
date
Fri, 10 Nov 2023 05:24:36 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Fri, 10 Nov 2023 05:24:36 GMT
server
tsa_r
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
c889e86bab095bf8
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
3bb25b07b0f2403c776281e6bab8bd76ea64769e9781615beaa1fc9f27d39bb5
content-length
338
__utm.gif
ssl.google-analytics.com/r/ 		35 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1910454983&utmhn=www.stealmylogin.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&utmhid=2131154083&utmr=-&utmp=%2F&utmht=1699593877043&utmac=UA-1155620-6&utmcc=__utma%3D242215488.161766473.1699593877.1699593877.1699593877.1%3B%2B__utmz%3D242215488.1699593877.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1832450611&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f97.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Nov 2023 05:24:37 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
button.13c48d2966337fafa1c1eb5533fdf29d.js
platform.twitter.com/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.13c48d2966337fafa1c1eb5533fdf29d.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.237.25 Marlborough, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mbw/47B3) /
Resource Hash
fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:37 GMT
Content-Encoding
gzip
Age
2710268
x-amz-server-side-encryption
AES256
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length
2617
Last-Modified
Mon, 09 Oct 2023 20:29:15 GMT
Server
ECS (mbw/47B3)
Etag
"def6f3052007521ae22a38b870dfd318+gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
x-tw-cdn
VZ
Cache-Control
public, max-age=315360000
tweet_button.d37472b4a6622d0b1fff46ad904f6896.en.html
platform.twitter.com/widgets/ Frame 62E5 		34 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.d37472b4a6622d0b1fff46ad904f6896.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.229.237.25 Marlborough, United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (mbw/47B3) /
Resource Hash
856377fde78e4bdc57703db6457f6e243db704c135a4829e1951185173cec9b7

Request headers

Referer
https://www.stealmylogin.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
2710299
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
12585
Content-Type
text/html; charset=utf-8
Date
Fri, 10 Nov 2023 05:24:37 GMT
Etag
"8c8e58156094069be7351386d79afb40+gzip"
Last-Modified
Mon, 09 Oct 2023 20:29:17 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (mbw/47B3)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
embeds
syndication.twitter.com/i/jot/ 		43 B
151 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.stealmylogin.com%2F%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1699593877176%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%2201917f4d1d4cb%3A1696883169554%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=3edadef783f4a0a1eaa26f8d4e5fd95ca0b1b588
Requested by
Host: www.stealmylogin.com
URL: https://www.stealmylogin.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_r /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-response-time
147
date
Fri, 10 Nov 2023 05:24:37 GMT
strict-transport-security
max-age=631138519
last-modified
Fri, 10 Nov 2023 05:24:37 GMT
server
tsa_r
vary
Origin
content-type
image/gif
x-transaction-id
2d393903fe3a0828
cache-control
must-revalidate, max-age=600
perf
7626143928
x-connection-hash
3bb25b07b0f2403c776281e6bab8bd76ea64769e9781615beaa1fc9f27d39bb5
content-length
43
T3DO38Clbii.js
static.xx.fbcdn.net/rsrc.php/v3i7244/yQ/l/en_GB/ Frame 0A71 		525 KB
136 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i7244/yQ/l/en_GB/T3DO38Clbii.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwwwl.stealmylogin.com%2F&layout=button_count&show_faces=true&width=450&action=like&font=arial&colorscheme=light&height=21
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.235.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-04-sin6.fbcdn.net
Software
/
Resource Hash
1b45391c0956b68124eabfa0912664cd847244c02d4975368e247b8e0f213d63
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:24:37 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
2LPw1ryRL14qUUhUFmjg1w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
138506
reporting-endpoints
x-fb-debug
bPMIJUl5/YaYTmJX2tXofTSYPmc+Yj0pKqC8vI/Eo/oaYWhn2uIqZIH/t4EVhrS77i77CdBPVMWppE2ZSPKmww==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Origin
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://www.facebook.com
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Fri, 08 Nov 2024 17:36:18 GMT
FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 0A71 		299 B
901 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwwwl.stealmylogin.com%2F&layout=button_count&show_faces=true&width=450&action=like&font=arial&colorscheme=light&height=21
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.235.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-04-sin6.fbcdn.net
Software
/
Resource Hash
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Fri, 10 Nov 2023 05:24:37 GMT
x-content-type-options
nosniff
content-md5
OIlAxCmR79nrM/Ez4ygGlg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
299
reporting-endpoints
x-fb-debug
+S4V9G/O1lPU8dPQeZK0Uq/J2H/lfq3icDS970synagAfUDbUzP3x4S8xjLEBmKFvwNwgyT4PTPCk97/F/6OHw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Sun, 27 Oct 2024 09:52:45 GMT
truncated
/ Frame 62E5 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/svg+xml
recommendations.js
stealmylogin.disqus.com/ 		64 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stealmylogin.disqus.com/recommendations.js
Requested by
Host: stealmylogin.disqus.com
URL: https://stealmylogin.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
f5fbb0cd6131601c4b5fdcf621ff87702a44b0aebd7e53d4706c76f66661a9d1
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:37 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=300; includeSubdomains
Server
openresty
Age
0
Vary
Accept-Encoding, Accept, Accept-Encoding, X-Forwarded-Proto, X-Disqus-Shortname, X-Disqus-Device, X-Disqus-Experiment, X-Disqus-Is-Private, X-Disqus-Development-Base
Content-Type
application/javascript; charset=utf-8
Cache-Control
stale-while-revalidate=60, public, stale-if-error=86400, max-age=60
X-Service
router
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21229
count-data.js
stealmylogin.disqus.com/ 		266 B
847 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stealmylogin.disqus.com/count-data.js?2=https%3A%2F%2Fwww.stealmylogin.com%2F
Requested by
Host: disqus.com
URL: https://disqus.com/forums/stealmylogin/count.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
110533a631f0404dc9cfbaed028dc3c339ac17e1d592d81c2ff7a11862e14d12
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.stealmylogin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:37 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
266
X-XSS-Protection
1; mode=block
/
disqus.com/embed/comments/ Frame E78F 		31 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
Requested by
Host: stealmylogin.disqus.com
URL: https://stealmylogin.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
18f9fe2d468110f1de1c842290b7f399b94f6a983ae5cc91c838d0343dfa84ab
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.stealmylogin.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Age
0
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection
keep-alive
Content-Encoding
gzip
Content-Length
7342
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Fri, 10 Nov 2023 05:24:38 GMT
ETag
W/"lounge:view:156506944.a4f4359eb4d7b74b4145f4a257bfbd61.2"
Last-Modified
Sun, 05 Nov 2023 13:53:46 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy
no-referrer-when-downgrade
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
/
disqus.com/recommendations/ Frame 94AE 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/recommendations/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms
Requested by
Host: stealmylogin.disqus.com
URL: https://stealmylogin.disqus.com/recommendations.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
593e199ec32ed6c0c3a71a7f88661cc0ca90b7bd9f8e00f4ddbd59d027570285
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.stealmylogin.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

Age
0
Cache-Control
stale-while-revalidate=30, no-cache, must-revalidate, stale-if-error=3600, public
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2289
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type
text/html; charset=utf-8
Cross-Origin-Resource-Policy
cross-origin
Date
Fri, 10 Nov 2023 05:24:38 GMT
Last-Modified
Wed, 02 Nov 2022 15:01:20 GMT
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Server
nginx
Strict-Transport-Security
max-age=300; includeSubdomains
Timing-Allow-Origin
*
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
lounge.load.d629e5b49d79391619c4533260a745df.js
c.disquscdn.com/next/embed/ Frame E78F 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.load.d629e5b49d79391619c4533260a745df.js
Requested by
Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
71768b54872ed6c50ba9939bf74c4780c8c91ea53df76ba6a4d623e97a0e933d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 08 Nov 2023 17:26:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
129518
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
631
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 08 Nov 2023 16:20:23 GMT
server
nginx
etag
"654bb547-277"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
z862mowR29xYuLl_kgOHUzIqCscQFu6WjKYnRhjhgFp-8I4n_JGHhQ==
expires
Thu, 07 Nov 2024 17:26:01 GMT
recommendations.load.6f9045c469ff6ff394e03c781e2a4d12.js
c.disquscdn.com/next/recommendations/ Frame 94AE 		923 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.load.6f9045c469ff6ff394e03c781e2a4d12.js
Requested by
Host: disqus.com
URL: https://disqus.com/recommendations/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
ff615e0555532d90883c0d3b64510249db528fd65a201d5345ca3ccfaf21c264
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://disqus.com/
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 08 Nov 2023 17:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
129523
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
448
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 08 Nov 2023 16:20:23 GMT
server
nginx
etag
"654bb547-1c0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
QpHtPwO2nJ0bkscEwUOZ8weiH4hAHp0w8qnz2OrOh63EwLjiVNx89Q==
expires
Thu, 07 Nov 2024 17:25:56 GMT
common.bundle.830e49a0658a776869ead04c9a88a6fc.js
c.disquscdn.com/next/embed/ Frame E78F 		280 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.d629e5b49d79391619c4533260a745df.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
8505d8233b3c79b966130e48a46181cc2c26a8a82c2ffc92be25c37360cfe6f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 08 Nov 2023 17:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
129517
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
94211
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 08 Nov 2023 16:20:23 GMT
server
nginx
etag
"654bb547-17003"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
QxVWZNqD6SKPDclGS4MwF4t4iQqKOg7BekqhnBcXBZ3LYp1HxS6u_A==
expires
Thu, 07 Nov 2024 17:26:02 GMT
common.bundle.333ad30e1f1c9323d996f231c4aca879.js
c.disquscdn.com/next/recommendations/ Frame 94AE 		262 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/common.bundle.333ad30e1f1c9323d996f231c4aca879.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/recommendations.load.6f9045c469ff6ff394e03c781e2a4d12.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
7a421bb42bfbe4db5583d302d106d6249448998407ca50ee806fb9c2babc4a5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 08 Nov 2023 17:25:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
129523
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
88923
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 08 Nov 2023 16:20:23 GMT
server
nginx
etag
"654bb547-15b5b"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
oLLqccnuoXofvb8kSGhnAx8Iugk8uzNRe9tzqOH4Q8scZ60Q6qvPgg==
expires
Thu, 07 Nov 2024 17:25:56 GMT
lounge.dbc47866f009f9d6f1556cd58214d9a3.css
c.disquscdn.com/next/embed/styles/ Frame E78F 		233 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 30 May 2023 18:53:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
14121080
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
33282
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Tue, 30 May 2023 18:28:53 GMT
server
nginx
etag
"64764065-8202"
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
B3c2yTaqNclI7j5hkhX5NpCt4KrXiIqL7r-JhfHcPQi7bbYHM2u8vQ==
expires
Wed, 29 May 2024 18:53:20 GMT
lounge.bundle.662d72b7f080f273f7df031f9bbf1e0b.js
c.disquscdn.com/next/embed/ Frame E78F 		513 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.662d72b7f080f273f7df031f9bbf1e0b.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
1039e7d2b04889925ce15466156861da03315d3fdd9ae8470670557f63a1ca8c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 08 Nov 2023 17:26:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
129518
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
130950
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 08 Nov 2023 16:20:23 GMT
server
nginx
etag
"654bb547-1ff86"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
TuN-LJQefhO-XxPJiXJINuiNiH8WKtYplsd-FYv6YQrRtLzYWjEgmw==
expires
Thu, 07 Nov 2024 17:26:02 GMT
config.js
disqus.com/next/ Frame E78F 		19 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1659b2340aa9d4248b473a6d65ac78f15f0dff1b2913978bf77af6997819c1b8
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
49
X-Frame-Options
SAMEORIGIN
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
19144
X-XSS-Protection
1; mode=block
recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
c.disquscdn.com/next/recommendations/styles/ Frame 94AE 		14 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/styles/recommendations.10022a97346f1c6e3798931bbd8e4bb5.css
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.333ad30e1f1c9323d996f231c4aca879.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
ad59b3c437a380375b4205e22d9bf50856690b094d2fa425ae90971f5b58758e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 23 Jul 2023 23:07:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
9440208
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2968
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 12 Jul 2023 14:04:56 GMT
server
nginx
etag
"64aeb308-b98"
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
EMJ86xTEL3xXZOoWQYEd4wkFpAHZt2VxFN5R8JCHTMxDk9CUo7_XXg==
expires
Mon, 22 Jul 2024 23:07:52 GMT
recommendations.bundle.b1d305f840327c58f4ac9b236b8cd735.js
c.disquscdn.com/next/recommendations/ Frame 94AE 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/recommendations/recommendations.bundle.b1d305f840327c58f4ac9b236b8cd735.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.333ad30e1f1c9323d996f231c4aca879.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
47d4cc8f41a50c8835c9f83a13ab174866b9f82a24ea590b854574a6773a071a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 31 Oct 2023 14:00:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-amz-cf-pop
MRS52-P4
age
833022
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
20373
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Tue, 31 Oct 2023 13:53:35 GMT
server
nginx
etag
"654106df-4f95"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
timing-allow-origin
*
x-amz-cf-id
zXMiWVoCdU5juXThd13fSlCOJwLY3Wl6oW8dtFABy7sMkr6HVwHdbg==
expires
Wed, 30 Oct 2024 14:00:58 GMT
config.js
disqus.com/next/ Frame 94AE 		19 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.333ad30e1f1c9323d996f231c4aca879.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
1659b2340aa9d4248b473a6d65ac78f15f0dff1b2913978bf77af6997819c1b8
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/recommendations/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
49
X-Frame-Options
SAMEORIGIN
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
19144
X-XSS-Protection
1; mode=block
details
disqus.com/api/3.0/forums/ Frame E78F 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=stealmylogin&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29f870d3be238e57cd45bb0ef815c98ef3db1570634ff102cb9b51993b7c82af
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
X-Requested-With
XMLHttpRequest
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:41 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
3080
X-XSS-Protection
1; mode=block
css2
fonts.googleapis.com/ Frame E78F 		11 KB
947 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.130.95 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 Nov 2023 05:24:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 03:33:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 Nov 2023 05:24:41 GMT
loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 20 Aug 2023 12:05:10 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
7060771
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2971
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 02 Aug 2023 23:18:56 GMT
server
nginx
etag
"64cae460-b9b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
M3hNfwZ3g-CjjKjsIgYZZ_YDUeODWaoYcYTNWu4Fkkyw6Sv809c9sQ==
expires
Mon, 19 Aug 2024 12:05:10 GMT
email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		840 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 14 Nov 2022 05:36:22 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
31189699
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
840
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Fri, 11 Nov 2022 07:03:00 GMT
server
nginx
etag
"636df3a4-348"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
IwnYGkOtem1b-b90yk81dkCdcBYtWPI2lJluJ-Y7pXvBHgaR-uDSww==
expires
Tue, 14 Nov 2023 05:36:22 GMT
privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		891 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sat, 12 Nov 2022 02:28:02 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
31373799
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
891
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Fri, 11 Nov 2022 07:03:00 GMT
server
nginx
etag
"636df3a4-37b"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
EJy45NC2tlIavlVRiz1AVe3Z6w92_hhaQde9CJ9j9uhqOMzqU2A7kQ==
expires
Sun, 12 Nov 2023 02:28:02 GMT
warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		605 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 04 Dec 2022 10:05:42 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
29445539
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
605
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Thu, 01 Dec 2022 19:00:29 GMT
server
nginx
etag
"6388f9cd-25d"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
ajTD7wsc1_cNQ0c4iWPMbdNU45p5FgpIg0XXKrv-gVFHpm42pFOKlQ==
expires
Mon, 04 Dec 2023 10:05:42 GMT
sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Mon, 24 Jul 2023 12:53:27 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
9390674
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1763
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 12 Jul 2023 14:04:56 GMT
server
nginx
etag
"64aeb308-6e3"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
VSI7irF5oHx7Ldbleb8NrXjjGTq2EVSCnTz53e8ZrDNeXOLPSRZL4g==
expires
Tue, 23 Jul 2024 12:53:27 GMT
icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame E78F 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sat, 22 Jul 2023 02:00:22 GMT
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
9602659
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
7900
x-xss-protection
1; mode=block
x-served-by
static-web-1
surrogate-key
next
last-modified
Wed, 12 Jul 2023 14:04:56 GMT
server
nginx
etag
"64aeb308-1edc"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_wy6ZL8l-pGZ5MYoh-TI0loYTSWHcXNsGbIuqRyHurTPM7vBlDCvCg==
expires
Sun, 21 Jul 2024 02:00:22 GMT
noavatar92.png
a.disquscdn.com/1698341030/images/ Frame E78F 		0
0
details
disqus.com/api/3.0/forums/ Frame 94AE 		3 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://disqus.com/api/3.0/forums/details?forum=stealmylogin&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/recommendations/common.bundle.333ad30e1f1c9323d996f231c4aca879.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
29f870d3be238e57cd45bb0ef815c98ef3db1570634ff102cb9b51993b7c82af
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://disqus.com/recommendations/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms
X-Requested-With
XMLHttpRequest
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date
Fri, 10 Nov 2023 05:24:41 GMT
Strict-Transport-Security
max-age=300; includeSubdomains
X-Content-Type-Options
nosniff
Server
nginx
Age
0
X-Frame-Options
SAMEORIGIN
Vary
Origin, Cookie
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type
application/json
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
3080
X-XSS-Protection
1; mode=block
sdk.js
connect.facebook.net/en_US/ Frame E78F 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.830e49a0658a776869ead04c9a88a6fc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.235.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-04-sin6.fbcdn.net
Software
/
Resource Hash
3fba78589ef5a0cb8bbc750a86f276ce55c16bdc5730008ca6539ca6aee83af0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 10 Nov 2023 05:24:41 GMT
content-md5
4ikscjuB5cQBXnpk4S57dw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1688
reporting-endpoints
x-fb-debug
p/h77nw0UAbWZHG3fY49ebDkeF5be7BP466d/hd8s9Mq5D2IK683MHAx6NCzCyjCJZbX4kFxneL2Nu+HQrZldA==
x-fb-content-md5
b58c2f706f0f6481122ef8962aa64d06
cross-origin-opener-policy
same-origin-allow-popups
etag
"e1e14545a9cf28762dee6ff6ba7689a8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin
*
expires
Fri, 10 Nov 2023 05:31:18 GMT
api.js
apis.google.com/js/ Frame E78F 		0
0
css2
fonts.googleapis.com/ Frame 94AE 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,600;0,700;1,400;1,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.130.95 -, , ASN (),
Reverse DNS
Software
ESF /
Resource Hash
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 10 Nov 2023 05:24:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 10 Nov 2023 03:31:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 10 Nov 2023 05:24:41 GMT
listRecommendations.json
disqus.com/api/3.0/discovery/ Frame 94AE 		0
0
like.855606fb4e3a7a6448e6c782f3f54e5a.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/like.855606fb4e3a7a6448e6c782f3f54e5a.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
3b8a8d998dd7dc014bdb52a01adea8ec1be82193e7e7c6e0c7067a58435b7c28
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 25 Jul 2023 16:20:59 GMT
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
9291822
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1655
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Mon, 24 Jul 2023 13:43:23 GMT
server
nginx
etag
"64be7ffb-677"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
VQdcEcEVneVipjw5VSrxZ9t18B4Gx21xHmGPPPqYYtHSvVK93HFRqg==
expires
Wed, 24 Jul 2024 16:20:59 GMT
dislike.612d8ba98928c381e4c789c1b309cda1.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/dislike.612d8ba98928c381e4c789c1b309cda1.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
8bd3068a31f037d3d198e40d59ae6acf610e3550c11ebff7b6c66bdf8e8b2e3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 26 Jul 2023 21:11:15 GMT
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
9188006
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1796
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Wed, 26 Jul 2023 16:31:55 GMT
server
nginx
etag
"64c14a7b-704"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
3kdSutyKMInBFI51vyrEM5ecvId2s2pGNehR7qDhv6pqf6nODbDdhg==
expires
Thu, 25 Jul 2024 21:11:15 GMT
follow-v2.411b1215980cdde315e43cc006cfbea6.svg
c.disquscdn.com/next/embed/assets/img/ Frame E78F 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/next/embed/assets/img/follow-v2.411b1215980cdde315e43cc006cfbea6.svg
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
5ab9af97734b7a1b76e65a6aff767898e4dd763725c46ee56d340a5fd116e6a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://c.disquscdn.com/next/embed/styles/lounge.dbc47866f009f9d6f1556cd58214d9a3.css
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Tue, 07 Mar 2023 13:43:26 GMT
via
1.1 8ddb34cf6930071cc06ac942a8998048.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
21397274
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1557
x-xss-protection
1; mode=block
x-served-by
static-web-2
surrogate-key
next
last-modified
Thu, 02 Mar 2023 09:36:57 GMT
server
nginx
etag
"64006e39-615"
content-type
image/svg+xml; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
NPB4WxDyTsa8txxg3RaqqZ-CKqzuaNG_wzrIA6556tHfXLqfOptmVQ==
expires
Wed, 06 Mar 2024 13:43:26 GMT
avatar92.jpg
c.disquscdn.com/uploads/users/14054/ Frame E78F 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.disquscdn.com/uploads/users/14054/avatar92.jpg?1583434462
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.161.111.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-161-111-94.mrs52.r.cloudfront.net
Software
nginx /
Resource Hash
7b40e23130f7a851146ce7da0584d5c18606aec83c6ad2534f7c796c58fbe64c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 22 Oct 2023 15:38:40 GMT
via
1.1 70c2070350a45741fecf38e4dded07ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
MRS52-P4
age
1604761
x-cache
Hit from cloudfront
content-length
2626
x-xss-protection
1; mode=block
x-served-by
static-web-2
last-modified
Thu, 05 Mar 2020 18:54:23 GMT
server
nginx
etag
"4d6d35c265e6cca91c16cfdeb44abd7b"
content-type
image/jpeg
cache-control
max-age=31536000, public, immutable
accept-ranges
bytes
x-amz-cf-id
IAU7yDb33JwBtJOkP1yD2fY0OfhSS_SygxzuAoCPVXP_lth4ELKrfw==
expires
Mon, 21 Oct 2024 15:38:40 GMT
sdk.js
connect.facebook.net/en_US/ Frame E78F 		81 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=f406f2d8875630379c0290a3a3c0f909
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.235.1 Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-04-sin6.fbcdn.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://disqus.com/embed/comments/?base=default&f=stealmylogin&t_u=https%3A%2F%2Fwww.stealmylogin.com%2F&t_d=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&t_t=StealMyLogin.com%20-%20exposing%20the%20dangers%20of%20insecure%20login%20forms&s_o=default
Origin
https://disqus.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 10 Nov 2023 05:24:41 GMT
content-md5
ozj3r86t2fO6hp80F/5YXQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88330
reporting-endpoints
x-fb-debug
Tm7tqasgFySDtjaz1i8CMKhN2uvxigGapzxvhGlRc5/krd8eohvBlTi+MbJSul8Q3zO6WNxqFJ05P3zFf51SLw==
x-fb-content-md5
0a5fdbb38bea4bc10a71513bc196c3af
cross-origin-opener-policy
same-origin-allow-popups
etag
"d7dcb86ea01d94e9855cdee4a97d18ae"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
priority
u=3,i
expires
Sat, 09 Nov 2024 04:29:35 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
a.disquscdn.com
URL
https://a.disquscdn.com/1698341030/images/noavatar92.png
Domain
apis.google.com
URL
https://apis.google.com/js/api.js
Domain
disqus.com
URL
https://disqus.com/api/3.0/discovery/listRecommendations.json?forum=stealmylogin&thread=url%3Ahttps%3A%2F%2Fwww.stealmylogin.com%2F&limit=8&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| documentPictureInPicture object| __twttrll object| twttr object| __twttr object| _gaq string| disqus_shortname object| _gat object| gaGlobal function| disqus_config object| DISQUS function| disqus_recommendations_config object| DISQUSWIDGETS undefined| disqus_domain object| DISQUS_RECOMMENDATIONS

7 Cookies

Domain/Path Name / Value
.stealmylogin.com/ Name: __utma
Value: 242215488.161766473.1699593877.1699593877.1699593877.1
.stealmylogin.com/ Name: __utmc
Value: 242215488
.stealmylogin.com/ Name: __utmz
Value: 242215488.1699593877.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.stealmylogin.com/ Name: __utmt
Value: 1
.stealmylogin.com/ Name: __utmb
Value: 242215488.1.10.1699593877
disqus.com/ Name: __jid
Value: 8sflr3hba6ob0
.disqus.com/ Name: disqus_unique
Value: 8sflr613o0cou0

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
apis.google.com
c.disquscdn.com
connect.facebook.net
disqus.com
fonts.googleapis.com
platform.twitter.com
ssl.google-analytics.com
static.xx.fbcdn.net
stealmylogin.com
stealmylogin.disqus.com
syndication.twitter.com
www.facebook.com
www.stealmylogin.com
a.disquscdn.com
apis.google.com
disqus.com
104.244.42.8
13.215.144.61
151.101.192.134
157.240.235.1
157.240.235.35
18.161.111.94
192.229.237.25
199.232.196.134
74.125.130.95
74.125.24.97
011f39efc71b98b19ea39718ebb7676a4fc5da761736cc39480991b910d821a8
0589c5845288117448d7aa710af60618b151d78efd1a2653f89a0b57f7eb3de8
068753b8f09b32ad8a3283199c7252090d0076a56924df724dda72828ae31b95
1039e7d2b04889925ce15466156861da03315d3fdd9ae8470670557f63a1ca8c
110533a631f0404dc9cfbaed028dc3c339ac17e1d592d81c2ff7a11862e14d12
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
1659b2340aa9d4248b473a6d65ac78f15f0dff1b2913978bf77af6997819c1b8
18f9fe2d468110f1de1c842290b7f399b94f6a983ae5cc91c838d0343dfa84ab
1b45391c0956b68124eabfa0912664cd847244c02d4975368e247b8e0f213d63
29f870d3be238e57cd45bb0ef815c98ef3db1570634ff102cb9b51993b7c82af
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3b8a8d998dd7dc014bdb52a01adea8ec1be82193e7e7c6e0c7067a58435b7c28
3fba78589ef5a0cb8bbc750a86f276ce55c16bdc5730008ca6539ca6aee83af0
47d4cc8f41a50c8835c9f83a13ab174866b9f82a24ea590b854574a6773a071a
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
4dbc45bd7ed8caf2aeeae8de34e519d874987d5285c79b5b4a93a1d670a929c4
593e199ec32ed6c0c3a71a7f88661cc0ca90b7bd9f8e00f4ddbd59d027570285
5ab9af97734b7a1b76e65a6aff767898e4dd763725c46ee56d340a5fd116e6a3
61779c74768b5eb298860ceb7d7cf06f2b228fdc53df72b530490a792a5b8a59
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
71768b54872ed6c50ba9939bf74c4780c8c91ea53df76ba6a4d623e97a0e933d
7a421bb42bfbe4db5583d302d106d6249448998407ca50ee806fb9c2babc4a5e
7b40e23130f7a851146ce7da0584d5c18606aec83c6ad2534f7c796c58fbe64c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8505d8233b3c79b966130e48a46181cc2c26a8a82c2ffc92be25c37360cfe6f4
856377fde78e4bdc57703db6457f6e243db704c135a4829e1951185173cec9b7
8bd3068a31f037d3d198e40d59ae6acf610e3550c11ebff7b6c66bdf8e8b2e3f
8ec44a4b321f5115d8760f193298585d8b28a26dd3190d0a3690b9e09a489a94
9521629b75431599b69d208c8de1e08c4fc023401b118973cbb4abbc8189b182
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
a657bedd3bc0c106f7cfa5fe6556a0b7e175870d33bd7da9ef67ffcffbafda69
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad59b3c437a380375b4205e22d9bf50856690b094d2fa425ae90971f5b58758e
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
d0d97e64c24e22ac6827d43208e8e15a9411bb8a598c2ab3d22b2452cf92b643
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
eaa188308e12fad99cbfc13ebb2c1501e2ce2bd812689686448a5d51d107487e
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f5fbb0cd6131601c4b5fdcf621ff87702a44b0aebd7e53d4706c76f66661a9d1
fbb613590ab06b8838cad9193caa3797b2fb582dd88a444a1afe2424754d97ca
ff615e0555532d90883c0d3b64510249db528fd65a201d5345ca3ccfaf21c264