canyoupwn.me Open in urlscan Pro
104.31.69.117 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
Submission: On January 22 via manual (January 22nd 2018, 2:06:19 pm UTC) from US

Summary HTTP 80 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 1 countries across 10 domains to perform 80 HTTP transactions. The main IP is 104.31.69.117, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is canyoupwn.me.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on October 31st 2017. Valid for: 6 months.

This is the only time canyoupwn.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 62	104.31.69.117 104.31.69.117	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	172.217.22.42 172.217.22.42	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.18.164 172.217.18.164	15169 (GOOGLE) (GOOGLE - Google LLC)
5	104.31.81.108 104.31.81.108	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	45.33.24.119 45.33.24.119	63949 (LINODE-AP...) (LINODE-AP Linode)
1 2	172.217.21.238 172.217.21.238	15169 (GOOGLE) (GOOGLE - Google LLC)
6	172.217.22.35 172.217.22.35	15169 (GOOGLE) (GOOGLE - Google LLC)
1	64.233.166.156 64.233.166.156	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.112.134 151.101.112.134	54113 (FASTLY) (FASTLY - Fastly)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
80	11

62 104.31.69.117 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

canyoupwn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.42 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.164 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.31.81.108 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

berkimran.com.tr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.33.24.119 (Dallas, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: f1.placeholder.com

placehold.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.21.238 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f238.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.22.35 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s16-in-f35.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.166.156 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: wm-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

canyoupwnme.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	canyoupwn.me 1 redirects canyoupwn.me	578 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	62 KB
5	berkimran.com.tr berkimran.com.tr	2 MB
2	google-analytics.com 1 redirects www.google-analytics.com	15 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	w.org s.w.org	1 KB
1	disqus.com canyoupwnme.disqus.com	2 KB
1	doubleclick.net stats.g.doubleclick.net	102 B
1	placehold.it placehold.it	526 B
1	google.com www.google.com	525 B
80	10

	Domain	Requested by
62	canyoupwn.me	1 redirects canyoupwn.me www.google-analytics.com
5	fonts.gstatic.com	www.google-analytics.com
5	berkimran.com.tr	canyoupwn.me
2	www.google-analytics.com	1 redirects canyoupwn.me
2	fonts.googleapis.com	canyoupwn.me
1	s.w.org	canyoupwn.me
1	canyoupwnme.disqus.com	canyoupwn.me
1	stats.g.doubleclick.net	canyoupwn.me
1	www.gstatic.com	www.google.com
1	placehold.it	canyoupwn.me
1	www.google.com	canyoupwn.me
80	11

This site contains no links.

Subject Issuer	Validity	Valid
sni67062.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2017-10-31` - `2018-05-09`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
Frame ID: (409DC15C2CD63DD3D9CF4C8F74938686)
Requests: 81 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/ Page URL
https://canyoupwn.me/cdn-cgi/l/chk_jschl?jschl_vc=c98d293da89280fbe152445f2d3da2ba&pass=151662997... HTTP 302
https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i

Page Statistics

80
Requests

76 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

11
IPs

1
Countries

3146 kB
Transfer

4087 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/ Page URL
https://canyoupwn.me/cdn-cgi/l/chk_jschl?jschl_vc=c98d293da89280fbe152445f2d3da2ba&pass=1516629972.372-Ly0%2FyeoOMZ&jschl_answer=-18 HTTP 302
https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 77

https://www.google-analytics.com/r/collect?v=1&_v=j66&a=1288467212&t=pageview&_s=1&dl=https%3A%2F%2Fcanyoupwn.me%2Fen-microsoft-authentication-bypass-vulnerability%2F&ul=en-us&de=UTF-8&dt=EN%20%7C%20Microsoft%20Authentication%20Bypass%20Vulnerability%20%E2%80%A2%20CanYouPwnMe!%20-%20For%20Cyber%20Security%20Researchers&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1722311572&gjid=774936168&cid=1472337952.1516629974&tid=UA-73109286-1&_gid=544090560.1516629974&_r=1&z=130185241 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73109286-1&cid=1472337952.1516629974&jid=1722311572&_gid=544090560.1516629974&gjid=774936168&_v=j66&z=130185241

80 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 503 / Show response
canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/ 4 KB
4 KB 12ms
12ms Document
text/html 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

af54ac0315cdfcf9a471e5f830cc87c848ac2a27fc5021f3884ee4b0a97701b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /en-microsoft-authentication-bypass-vulnerability/
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
:authority: canyoupwn.me
:scheme: https
:method: GET
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:08 GMT
x-content-type-options: nosniff
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: text/html; charset=UTF-8
status: 503
cache-control: no-cache
set-cookie: __cfduid=dacfc59d72bba1b9e3dc8d2ab81249d6a1516629968; expires=Tue, 22-Jan-19 14:06:08 GMT; path=/; domain=.canyoupwn.me; HttpOnly
cf-ray: 3e1312765eac64ab-FRA

GET
H2

200

Primary Request / Show response
canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
Redirect Chain

https://canyoupwn.me/cdn-cgi/l/chk_jschl?jschl_vc=c98d293da89280fbe152445f2d3da2ba&pass=1516629972.372-Ly0%2FyeoOMZ&jschl_answer=-18
https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

84 KB
84 KB

491ms
491ms

Document
text/html

104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c02cab0eac225f25b231af82063d89319ae3212b93a055cf35123d381350b66a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /en-microsoft-authentication-bypass-vulnerability/
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600
accept-encoding: gzip, deflate
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
set-cookie: PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1; path=/
cf-ray: 3e13128f8f2164ab-FRA
link: <https://canyoupwn.me/wp-json/>; rel="https://api.w.org/" <https://canyoupwn.me/?p=7369>; rel=shortlink
expires: Thu, 19 Nov 1981 08:52:00 GMT

Redirect headers

date: Mon, 22 Jan 2018 14:06:12 GMT
server: cloudflare-nginx
status: 302
x-frame-options: SAMEORIGIN
content-type: text/html
location: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
set-cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; expires=Tue, 22-Jan-19 14:06:12 GMT; path=/; domain=.canyoupwn.me; HttpOnly cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; path=/; expires=Mon, 22-Jan-18 16:06:12 GMT; domain=.canyoupwn.me; HttpOnly
cf-ray: 3e13128f7f1a64ab-FRA
content-length: 165

GET
H2 200 TXe3ZxeuFA5E5UA_QvPqzIEMTi0.js Show response
canyoupwn.me/cdn-cgi/apps/head/ 99 KB
22 KB 747ms
745ms Script
application/javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/cdn-cgi/apps/head/TXe3ZxeuFA5E5UA_QvPqzIEMTi0.js

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1da4032d9c970aa6aa8f7d52f4b2793280b3716f21975cd8c2df57be40dc0482

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/head/TXe3ZxeuFA5E5UA_QvPqzIEMTi0.js
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: FDE934DF0341824C
cf-ray: 3e131292a92f64ab-FRA
status: 200
vary: Accept-Encoding
content-length: 22426
x-amz-id-2: LEQc2d40eO0oZzxiLAT9DbuFIXrXUepTjldaxbL47k1gZG0dIStizuT9BYzuylA4NT8nTYP5TYs=
last-modified: Thu, 27 Jul 2017 18:27:59 GMT
server: cloudflare
etag: "9619f0e8d3733e091e48113dccc141af"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: SAj4Yo9nexRr89CIvd2JEdyjLSUT2Ac3
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H2 200 crayon.min.css
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/min/ 20 KB
4 KB 22ms
19ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93064ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 sublime-text.css
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/themes/sublime-text/ 4 KB
606 B 29ms
26ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/themes/sublime-text/sublime-text.css?ver=_2.7.2_beta

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

425dd4c0afd626143f0d49bf9c429fc3459e9cee60da3f550e065d2bfebcac6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/themes/sublime-text/sublime-text.css?ver=_2.7.2_beta
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93164ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 monaco.css
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/ 440 B
282 B 25ms
22ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a848c4063214b7fe883632958485419b80e966cb4b03c0e47beb52e4c74849

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93264ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
S 200 css
fonts.googleapis.com/ 14 KB
2 KB 18ms
14ms Stylesheet
text/css 172.217.22.42
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

SPDY

Server

172.217.22.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f10.1e100.net

Software

ESF /

Resource Hash

8b4a15c89255502d876b772505b60972322836595358854e2f1e79db188bc9db

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
last-modified: Mon, 22 Jan 2018 14:06:12 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
x-xss-protection: 1; mode=block
expires: Mon, 22 Jan 2018 14:06:12 GMT

GET
S 200 droidarabickufi.css
fonts.googleapis.com/earlyaccess/ 1 KB
379 B 17ms
13ms Stylesheet
text/css 172.217.22.42
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/earlyaccess/droidarabickufi.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

SPDY

Server

172.217.22.42 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f10.1e100.net

Software

ESF /

Resource Hash

06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
x-xss-protection: 1; mode=block
expires: Mon, 22 Jan 2018 14:06:12 GMT

GET
H2 200 base.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 13 KB
3 KB 24ms
19ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/base.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

309e69348c4aadd92e7e76a7d68f1251278cf76963ca5bb9c2407d0c99538ab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/base.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 11 Feb 2017 23:29:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93364ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 lists.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 39 KB
5 KB 29ms
25ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/lists.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91c086d2e8748f79370d1e4d605e65c2c9d82bf93aa915172772b6673e4cf779

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/lists.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93464ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 bootstrap.min.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 24 KB
4 KB 24ms
20ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/bootstrap.min.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eada6774dd87c0e4c4704fbf1901c2da65071892cbf13aa57edeccf0f2e4d7f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/bootstrap.min.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93564ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 prettyPhoto.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 19 KB
3 KB 34ms
29ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/prettyPhoto.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

74651a65420aa2976d007ea2397c6a2acf4422dd2ea217e71451cd4688b5b9f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/prettyPhoto.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93764ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 font-awesome.min.css
canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome-old/css/ 19 KB
4 KB 27ms
22ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome-old/css/font-awesome.min.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d3930b546445d873e7a9a4b18b0460702b7b1bf744958ef26edbd44b2b95895

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/font-awesome-old/css/font-awesome.min.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93864ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 font-awesome.min.css
canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/css/ 30 KB
7 KB 21ms
17ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/css/font-awesome.min.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/font-awesome/css/font-awesome.min.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 03 Nov 2016 15:08:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93964ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 fontello.css
canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/css/ 5 KB
1 KB 25ms
20ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/css/fontello.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd82e0551e0d9ec4e0fbe2c87798fffe438c9b90bd468c183940da9b53cc73ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/fontello/css/fontello.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93a64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 enotype.css
canyoupwn.me/wp-content/themes/ask-me-last/woocommerce/enotype/ 13 KB
2 KB 22ms
18ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/woocommerce/enotype/enotype.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

55ea8fd16de29dbc7270c7ad507ede3805b5540b9090f9c186aaf7979e738fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/woocommerce/enotype/enotype.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93b64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 style.css
canyoupwn.me/wp-content/themes/ask-me-last/ 148 KB
26 KB 34ms
30ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/style.css

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d31fb62c7d9d90e62deca2be29f8d1c8281b99fd8a459f3868d29787a0368828

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/style.css
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 14 Sep 2017 16:04:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93c64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 responsive.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 27 KB
4 KB 32ms
28ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/responsive.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d5c60976b659e35baeeee63fad9854e2563fdd1fcc07fc6ea891ead45b3e4cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/responsive.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 09 Sep 2017 15:57:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93d64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 dark.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 10 KB
2 KB 21ms
17ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/dark.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d2a1242317a845fce91b7d71e66288b04298aba91b7eadaf3ad29600714ad02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/dark.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 21 Jul 2017 23:49:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93e64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 gray.css
canyoupwn.me/wp-content/themes/ask-me-last/css/skins/ 8 KB
2 KB 22ms
18ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/skins/gray.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40f5cb76fe4dabae71122cc959ed9dfb9a8587a25d9b07e77de01058ae03b0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/skins/gray.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 07 Aug 2017 08:56:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a93f64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 custom.css
canyoupwn.me/wp-content/themes/ask-me-last/css/ 0
100 B 22ms
18ms Stylesheet
text/css 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/custom.css?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/custom.css?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
etag: W/"5730e602-24"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94064ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.js Show response
canyoupwn.me/wp-includes/js/jquery/ 95 KB
33 KB 36ms
32ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/jquery.js?ver=1.12.4

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c561e040160f503c6f608ff0584496cac1e0b3a5858ee628e007a14ac4d310f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 21 Jun 2016 11:20:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94164ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery-migrate.min.js Show response
canyoupwn.me/wp-includes/js/jquery/ 10 KB
4 KB 30ms
26ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 21 Jun 2016 11:20:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94264ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 crayon.min.js Show response
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/js/min/ 22 KB
7 KB 35ms
32ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=_2.7.2_beta
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94364ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.easing.1.3.min.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 7 KB
2 KB 23ms
19ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.easing.1.3.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ff2526f12596cbd79addfeff938f2dd883800cc6751782a9ef49b23e216835e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.easing.1.3.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94464ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 html5.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 2 KB
1 KB 23ms
19ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/html5.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

68d621e9baf05efb663ce4f1d3bd3c5104662d7be40234376fa837abdf0dd2b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/html5.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94564ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jflickrfeed.min.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 1 KB
759 B 24ms
20ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jflickrfeed.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a59e668012801aad5590147eaf1a08821d9677ae7cbb24a1b70cb4bad2383769

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jflickrfeed.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 30 May 2017 16:16:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94664ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.inview.min.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 1 KB
759 B 30ms
27ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.inview.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

423e09ae1666148e2718bd7aacfb05d17888e0554eb51fc343ef4317ef7d3b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.inview.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94764ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.tipsy.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 5 KB
2 KB 23ms
19ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.tipsy.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

96579a6fcfc44082a36bde44a6e5a4c0c4e16806f9e2b802ce221496d35592ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.tipsy.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94864ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 tabs.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 3 KB
1 KB 23ms
19ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/tabs.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae783c2484a64950c9542548f51696708e86585b252e465b32c446d0eaaaa105

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/tabs.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94a64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.flexslider.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 16 KB
5 KB 24ms
20ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.flexslider.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aff339f27cd2e3a92c04eaa093afbf8b59d2c36f549d665816ca53d127bc586

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.flexslider.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94b64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.prettyPhoto.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 21 KB
6 KB 29ms
26ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.prettyPhoto.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54bba5a0bb1ffc834ac191e1aa55de7a69620b723df22bd867ec48745908e51c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.prettyPhoto.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 30 May 2017 16:17:26 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94c64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.carouFredSel-6.2.1-packed.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 53 KB
13 KB 28ms
25ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.carouFredSel-6.2.1-packed.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dbb9137dc87d30a6a4b6cefa2aeef6071d5bf8e94909624ef64dad351f35be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.carouFredSel-6.2.1-packed.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94d64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.scrollTo.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 2 KB
1 KB 23ms
20ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.scrollTo.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

43798b9aec7baa55ee3811f47401893a1acf026afd7d4a502404405f1066171e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.scrollTo.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94e64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.nav.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 2 KB
1 KB 24ms
21ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.nav.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60b39c27ebed41bd9df44f3eca00bace65cb99c9171d1df88b5b8559e3f8c62d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.nav.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a94f64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 tags.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 4 KB
1 KB 24ms
21ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/tags.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccbd7f2c0daf96a3e53a11136cbc6c63b2981535bd228c25aba78302b15f13a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/tags.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95064ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 theia.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 6 KB
2 KB 25ms
22ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/theia.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

feee9857d18eca700f3d890494f9898b1158eae5e9e77408e809bb0d1376df27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/theia.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 18 Nov 2016 03:59:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95164ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 mCustomScrollbar.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 44 KB
13 KB 26ms
23ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/mCustomScrollbar.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

29a1730501b8021d2737c4e9ec781dc042a1dbb48b90a0542797c3c2c19a3503

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/mCustomScrollbar.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2017 05:05:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95264ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.nicescroll.min.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 57 KB
16 KB 25ms
22ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.nicescroll.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0a970f4b90610051a6b2eb606e1fc581e846fecd7fe747dff8f4497951fb070

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.nicescroll.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 30 May 2017 16:17:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95364ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 jquery.bxslider.min.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 19 KB
5 KB 30ms
28ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/jquery.bxslider.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3e062826fb7417287ce357fb18076ecc205a2fb0ea48405a1940b2684f5a53b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/jquery.bxslider.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95464ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 core.min.js Show response
canyoupwn.me/wp-includes/js/jquery/ui/ 4 KB
2 KB 29ms
27ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2016 19:16:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95564ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 widget.min.js Show response
canyoupwn.me/wp-includes/js/jquery/ui/ 7 KB
3 KB 30ms
28ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

38a448e9e03a9f64e7611b19af4bb8ec97fde2c708dc57ebbc7701be7ae3af08

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2016 19:16:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95764ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 mouse.min.js Show response
canyoupwn.me/wp-includes/js/jquery/ui/ 3 KB
1 KB 39ms
37ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

88b0379349a4dda6ebcc43c5bd12084d230c6105a6fd3c2f651c4e771b3eabef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2016 19:16:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95864ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 sortable.min.js Show response
canyoupwn.me/wp-includes/js/jquery/ui/ 24 KB
6 KB 26ms
24ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9023e3275b6d897b202ddb9848872a661fea055c96c2973a02e1cf5e39f04afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2016 19:16:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95964ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 custom.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 72 KB
12 KB 31ms
29ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/custom.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fe7efcbeb9ea0069ea2dc4f5b26835ae940846759e6899ae79f5fedbeac5b7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/custom.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 24 Aug 2017 10:25:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131292a95a64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
S 200 api.js Show response
www.google.com/recaptcha/ 817 B
525 B 23ms
20ms Script
text/javascript 172.217.18.164
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=tr&onload=onLoadIcwpRecaptchaCallback&render=explicit&ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

SPDY

Server

172.217.18.164 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f4.1e100.net

Software

GSE /

Resource Hash

2ed754b9dd2529df10d9ab5bdcfb1d1daab02a180395fd2efaa99b5bb58db9d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 436
x-xss-protection: 1; mode=block
expires: Mon, 22 Jan 2018 14:06:12 GMT

GET
H2 200 Logo-2-1.png
canyoupwn.me/wp-content/uploads/2017/09/ 39 KB
39 KB 29ms
27ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2017/09/Logo-2-1.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6adcaefaaab616fbbfb1b84f7226b554c94278e89b7375733135aeb6f426bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2017/09/Logo-2-1.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 39789
last-modified: Thu, 14 Sep 2017 20:08:39 GMT
server: cloudflare
etag: "59bae1c7-9b6d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131292a95c64ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H/1.1 200
OK ezgif-2-be4a9f6710.gif
berkimran.com.tr/wp-content/uploads/2018/01/ 2 MB
2 MB 16ms
10ms Image
image/gif 104.31.81.108
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://berkimran.com.tr/wp-content/uploads/2018/01/ezgif-2-be4a9f6710.gif

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

HTTP/1.1

Server

104.31.81.108 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0804fdb982baef56493ae845028ee5748a5023d79e29aa030f96ad938dc7dbfd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:12 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Last-Modified: Sun, 07 Jan 2018 04:09:11 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: public, max-age=31536000
X-Turbo-Charged-By: LiteSpeed
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3e131292f46496b2-FRA
Content-Length: 2421981
Expires: Tue, 22 Jan 2019 14:06:12 GMT

GET
H/1.1 200
OK Ekran-Resmi-2018-01-07-07.43.16.png
berkimran.com.tr/wp-content/uploads/2018/01/ 15 KB
16 KB 9ms
9ms Image
image/png 104.31.81.108
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://berkimran.com.tr/wp-content/uploads/2018/01/Ekran-Resmi-2018-01-07-07.43.16.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

HTTP/1.1

Server

104.31.81.108 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0b29537b4e57428444766be4ad0fc23b43af7974a13fce60697f3dcd8426cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Last-Modified: Sun, 07 Jan 2018 04:43:34 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-Turbo-Charged-By: LiteSpeed
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3e131293a4cb96b2-FRA
Content-Length: 15762
Expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H/1.1 200
OK index.png
berkimran.com.tr/wp-content/uploads/2018/01/ 33 KB
34 KB 9ms
8ms Image
image/png 104.31.81.108
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://berkimran.com.tr/wp-content/uploads/2018/01/index.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

HTTP/1.1

Server

104.31.81.108 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf93c44193e1c50b505c269a4b24e80a0ca3dcfbf9cc5ad8129b197510c96bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Last-Modified: Sun, 07 Jan 2018 04:47:07 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-Turbo-Charged-By: LiteSpeed
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3e131293b4d196b2-FRA
Content-Length: 34189
Expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H/1.1 200
OK Ekran-Resmi-2018-01-07-08.05.33.png
berkimran.com.tr/wp-content/uploads/2018/01/ 28 KB
28 KB 8ms
8ms Image
image/png 104.31.81.108
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://berkimran.com.tr/wp-content/uploads/2018/01/Ekran-Resmi-2018-01-07-08.05.33.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

HTTP/1.1

Server

104.31.81.108 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bdf5d34c823ffd1c7af911bf9787e3924b950e19cf1b7a7a4c0155821f429010

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Last-Modified: Sun, 07 Jan 2018 05:05:53 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-Turbo-Charged-By: LiteSpeed
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3e131293c4d996b2-FRA
Content-Length: 28727
Expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H/1.1 200
OK Ekran-Resmi-2018-01-07-08.07.47.png
berkimran.com.tr/wp-content/uploads/2018/01/ 42 KB
42 KB 10ms
9ms Image
image/png 104.31.81.108
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://berkimran.com.tr/wp-content/uploads/2018/01/Ekran-Resmi-2018-01-07-08.07.47.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

HTTP/1.1

Server

104.31.81.108 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b914e8725c423a8ea1c39c9de4fd59fc6cfb072fd936a5b0f407c49e757c8d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
Last-Modified: Sun, 07 Jan 2018 05:08:02 GMT
Server: cloudflare
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-Turbo-Charged-By: LiteSpeed
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 3e131293d4e996b2-FRA
Content-Length: 42554
Expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H/1.1 200
OK 65x65
placehold.it/ 206 B
526 B 420ms
140ms Image
image/png 45.33.24.119
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://placehold.it/65x65
Requested by: Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
Protocol: HTTP/1.1
Server: 45.33.24.119 Dallas, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: f1.placeholder.com
Software: nginx/1.6.2 /
Resource Hash: 0e4a1bd774b107bd93432883f70fdcac57f12f836daf13fd01bcfc232b0c3095

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
Last-Modified: Thu, 11 Jan 2018 16:00:07 GMT
Server: nginx/1.6.2
ETag: "5a578a07-ce"
X-Cache: L1
Content-Type: image/png
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 206
Expires: Mon, 29 Jan 2018 14:06:13 GMT

GET
H2 200 logo.png
canyoupwn.me/wp-content/uploads/2016/12/ 25 KB
25 KB 14ms
13ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2016/12/logo.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

00cd1dd11553c0d594b2aaf874355c96647d953ee5b9099fe9f115f54e1dda34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2016/12/logo.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 25600
last-modified: Tue, 28 Feb 2017 13:47:52 GMT
server: cloudflare
etag: "58b57f88-6400"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098564ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 hacktrick.png
canyoupwn.me/wp-content/uploads/2017/05/ 24 KB
24 KB 12ms
11ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2017/05/hacktrick.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

463f2ae38b445079a3970962d08be3bd1c1ea986b2d8d6d24819e40edf83a777

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2017/05/hacktrick.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 24204
last-modified: Sun, 07 May 2017 14:39:03 GMT
server: cloudflare
etag: "590f3187-5e8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098664ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 innovera-1.png
canyoupwn.me/wp-content/uploads/2016/12/ 3 KB
3 KB 13ms
12ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2016/12/innovera-1.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c45b9cf8f42103554927061f4159e12b73a88ea5e873f6dc9ce15cfdcad1bd59

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2016/12/innovera-1.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 2881
last-modified: Sat, 10 Dec 2016 16:55:26 GMT
server: cloudflare
etag: "584c337e-b41"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098764ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 netsparker.png
canyoupwn.me/wp-content/uploads/2016/12/ 3 KB
3 KB 12ms
11ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2016/12/netsparker.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0d09c94682a9a562bc37ca99d63c1127975272c1aa4d32a5ea9eadf824f0c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2016/12/netsparker.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 3055
last-modified: Tue, 28 Feb 2017 12:49:52 GMT
server: cloudflare
etag: "58b571f0-bef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098864ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 octosec.png
canyoupwn.me/wp-content/uploads/2016/12/ 4 KB
4 KB 15ms
14ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2016/12/octosec.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2eb61c2058668c5da0bb49950e95b73fc95561201e0be1442f3cba9256fe61c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2016/12/octosec.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 4285
last-modified: Sat, 10 Dec 2016 16:57:22 GMT
server: cloudflare
etag: "584c33f2-10bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098964ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 plusclouds-logo-1.png
canyoupwn.me/wp-content/uploads/2017/03/ 9 KB
10 KB 14ms
13ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/uploads/2017/03/plusclouds-logo-1.png

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a720e87abd6815e573ea39551c6c253ec09aeac911da26ba3b2f212633b64d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/uploads/2017/03/plusclouds-logo-1.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 9600
last-modified: Fri, 17 Mar 2017 20:48:18 GMT
server: cloudflare
etag: "58cc4b92-2580"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131293098a64ab-FRA
expires: Thu, 20 Jan 2028 14:06:12 GMT

GET
H2 200 email-decode.min.js Show response
canyoupwn.me/cdn-cgi/scripts/af2821b0/cloudflare-static/ 878 B
697 B 16ms
16ms Script
application/javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/cdn-cgi/scripts/af2821b0/cloudflare-static/email-decode.min.js

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

6b7e633fbafa358db332434b8c2924acd19bff3ec6d65f9615bbee668423d44a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /cdn-cgi/scripts/af2821b0/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 18 Jan 2018 15:49:47 GMT
server: cloudflare-nginx
etag: W/"5a60c21b-36e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800 public
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131293098b64ab-FRA
expires: Wed, 24 Jan 2018 14:06:12 GMT

GET
H2 200 modernizr.js Show response
canyoupwn.me/wp-content/themes/ask-me-last/js/ 16 KB
5 KB 20ms
19ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/js/modernizr.js?ver=1.0.0

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

487c60fb05dcb2276fc778dbeb6afda91874074190d1ab7ac6e9f5ab4a446020

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/js/modernizr.js?ver=1.0.0
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131293098c64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 wp-embed.min.js Show response
canyoupwn.me/wp-includes/js/ 1 KB
842 B 25ms
24ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/wp-embed.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 06 Dec 2016 12:31:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131293098d64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
H2 200 count.js Show response
canyoupwn.me/wp-content/plugins/disqus-comment-system/media/js/ 703 B
490 B 12ms
12ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/disqus-comment-system/media/js/count.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d36c045b22d6da0b15fc356fe9309e24ac61f20768d2f216f890d042111136f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/disqus-comment-system/media/js/count.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 17 Apr 2017 18:50:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e131293098f64ab-FRA
expires: Fri, 26 Jan 2018 14:06:12 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 35 KB
14 KB 6ms
5ms Script
text/javascript 172.217.21.238
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/cdn-cgi/apps/head/TXe3ZxeuFA5E5UA_QvPqzIEMTi0.js

Protocol

SPDY

Server

172.217.21.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f238.1e100.net

Software

Golfe2 /

Resource Hash

f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 13 Nov 2017 20:19:12 GMT
server: Golfe2
age: 658
date: Mon, 22 Jan 2018 13:55:15 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 14597
expires: Mon, 22 Jan 2018 15:55:15 GMT

GET
DATA 200
OK truncated
/ 22 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: feac804692ca482e163ff782fde029f15613c2b04efe2b166eb59a75f6f06535

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: text/css;charset=utf-8

GET
H2 200 1boAzfrk5cr2AGLs8aO0DZjXu6I.js Show response
canyoupwn.me/cdn-cgi/apps/body/ 18 KB
8 KB 10ms
9ms Script
application/javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/cdn-cgi/apps/body/1boAzfrk5cr2AGLs8aO0DZjXu6I.js

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/cdn-cgi/apps/head/TXe3ZxeuFA5E5UA_QvPqzIEMTi0.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce53d4f22cb33ca5024117646dc9698947e2361041ea04fc61e8d2f2812eb337

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/body/1boAzfrk5cr2AGLs8aO0DZjXu6I.js
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: D84AFC25317B148A
cf-ray: 3e1312976bf864ab-FRA
status: 200
vary: Accept-Encoding
content-length: 7770
x-amz-id-2: /JJnxGk3hL8rLbbhDuUOnf+PsQYjSQpynvUvKXt6+gYzDXVFuJWE7WZr5dIRTtTAovpj3Q4IruA=
last-modified: Thu, 27 Jul 2017 18:27:58 GMT
server: cloudflare
etag: "750df898e3d58c1e86258b77de832d8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-version-id: NkVsIGaxAv1PS61gc4rB.TylwW5eEnjP
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
expires: Tue, 22 Jan 2019 14:06:13 GMT

GET
H2 200 wp-emoji-release.min.js Show response
canyoupwn.me/wp-includes/js/ 12 KB
4 KB 10ms
9ms Script
application/x-javascript 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-includes/js/wp-emoji-release.min.js?ver=s3cr3t

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dba6b80aceb1267fd1ed564e08a983730d272813e9b3aff85dc365c65333dd66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=s3cr3t
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
:scheme: https
:method: GET
Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 20 Sep 2017 08:01:45 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=345600
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-ray: 3e1312976c0464ab-FRA
expires: Fri, 26 Jan 2018 14:06:13 GMT

GET
S 200 recaptcha__tr.js
www.gstatic.com/recaptcha/api2/v1515997865826/ 128 KB
0 8ms
7ms Script
text/javascript 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/api2/v1515997865826/recaptcha__tr.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=tr&onload=onLoadIcwpRecaptchaCallback&render=explicit&ver=s3cr3t

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Thu, 18 Jan 2018 23:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jan 2018 19:15:00 GMT
server: sffe
age: 311675
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 73459
x-xss-protection: 1; mode=block
expires: Fri, 18 Jan 2019 23:31:38 GMT

GET
S 200 MTP_ySUJH_bn48VBG8sNShampu5_7CjHW5spxoeN3Vs.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNShampu5_7CjHW5spxoeN3Vs.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Mon, 11 Dec 2017 23:45:14 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:47 GMT
server: sffe
age: 3594059
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 8916
x-xss-protection: 1; mode=block
expires: Tue, 11 Dec 2018 23:45:14 GMT

GET
H2 200 fontawesome-webfont.woff2
canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/fonts/ 75 KB
76 KB 9ms
9ms Font
application/octet-stream 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
origin: https://canyoupwn.me
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/css/font-awesome.min.css?ver=s3cr3t
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://canyoupwn.me/wp-content/themes/ask-me-last/css/font-awesome/css/font-awesome.min.css?ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 77160
last-modified: Thu, 03 Nov 2016 15:08:04 GMT
server: cloudflare
etag: "581b52d4-12d68"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/octet-stream
cache-control: public, max-age=345600
accept-ranges: bytes
cf-ray: 3e131297fc4264ab-FRA
expires: Fri, 26 Jan 2018 14:06:13 GMT

GET
S 200 cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 6ms
6ms Font
font/woff2 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/cJZKeOuBrn4kERxqtaUH3ZBw1xU1rKptJj_0jans920.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Wed, 17 Jan 2018 22:49:54 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 400579
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 8892
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 22:49:54 GMT

GET
H2 200 ajax-loader.gif
canyoupwn.me/wp-content/themes/ask-me-last/images/ 2 KB
3 KB 14ms
14ms Image
image/gif 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/images/ajax-loader.gif

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f66e180662735db6c6f77da100b1adafad3810d2534b73006b44aea0758048de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/images/ajax-loader.gif
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/wp-content/themes/ask-me-last/style.css
:scheme: https
:method: GET
Referer: https://canyoupwn.me/wp-content/themes/ask-me-last/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 2545
last-modified: Sat, 22 Jul 2017 17:37:52 GMT
server: cloudflare
etag: "59738d70-9f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/gif
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e131297fc4464ab-FRA
expires: Thu, 20 Jan 2028 14:06:13 GMT

GET
H2 200 fontello.woff
canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/font/ 31 KB
31 KB 11ms
11ms Font
application/octet-stream 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/font/fontello.woff?70993252

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6aa395c128304e9786e92e5828b03512287d1debb398f10ac1fc7c947bb8e22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/themes/ask-me-last/css/fontello/font/fontello.woff?70993252
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
origin: https://canyoupwn.me
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/css/fontello.css?ver=s3cr3t
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://canyoupwn.me/wp-content/themes/ask-me-last/css/fontello/css/fontello.css?ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 31908
last-modified: Mon, 09 May 2016 19:33:22 GMT
server: cloudflare
etag: "5730e602-7ca4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/octet-stream
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e1312980c4b64ab-FRA
expires: Thu, 20 Jan 2028 14:06:13 GMT

GET
H2 200 buttons.png
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/ 2 KB
2 KB 9ms
8ms Image
image/png 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/buttons.png

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/css/images/toolbar/buttons.png
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
:scheme: https
:method: GET
Referer: https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css?ver=_2.7.2_beta
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 2236
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
etag: "579a918a-8bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e1312980c5564ab-FRA
expires: Thu, 20 Jan 2028 14:06:13 GMT

GET
S 200 u-WUoqrET9fUeobQW7jkRYX0hVgzZQUfRDuZrPvH3D8.woff2
fonts.gstatic.com/s/opensans/v15/ 7 KB
7 KB 6ms
6ms Font
font/woff2 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/u-WUoqrET9fUeobQW7jkRYX0hVgzZQUfRDuZrPvH3D8.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

676fb70994eb3dc2e6aad2e42e8a027c57c069238a606f7e6bf08099f7d3e0f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Wed, 17 Jan 2018 22:39:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:44 GMT
server: sffe
age: 401190
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 7176
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 22:39:43 GMT

GET
S 200 DroidKufi-Regular.woff2
fonts.gstatic.com/ea/droidarabickufi/v6/ 31 KB
31 KB 6ms
6ms Font
font/woff2 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Regular.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

a7b09bb9c8e8e2fb189204e08ed94bd8096c118780b5e926847cf2748ca7c5c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/earlyaccess/droidarabickufi.css?ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Tue, 12 Dec 2017 05:07:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3574700
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 31147
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
server: sffe
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Dec 2018 05:07:53 GMT

GET
H2 200 monaco-webfont.woff
canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/ 21 KB
21 KB 8ms
8ms Font
application/octet-stream 104.31.69.117
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/monaco-webfont.woff

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.31.69.117 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:path: /wp-content/plugins/crayon-syntax-highlighter/fonts/monaco/monaco-webfont.woff
pragma: no-cache
cookie: __cfduid=d4340c40f8656880a87b23caba3c331741516629972; cf_clearance=b0098e5a4791375e081a8340bf758f9fc12baa0b-1516629972-3600; PHPSESSID=clbf6b4fjmcg0c1uts5eh5gvm1
origin: https://canyoupwn.me
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept: */*
cache-control: no-cache
:authority: canyoupwn.me
referer: https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
:scheme: https
:method: GET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://canyoupwn.me/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css?ver=_2.7.2_beta
Origin: https://canyoupwn.me

Response headers

date: Mon, 22 Jan 2018 14:06:13 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
vary: Accept-Encoding
content-length: 21372
last-modified: Thu, 28 Jul 2016 23:13:14 GMT
server: cloudflare
etag: "579a918a-537c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/octet-stream
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 3e1312982c7c64ab-FRA
expires: Thu, 20 Jan 2028 14:06:13 GMT

GET
S 200 MTP_ySUJH_bn48VBG8sNSojoYw3YTyktCCer_ilOlhE.woff2
fonts.gstatic.com/s/opensans/v15/ 7 KB
7 KB 6ms
6ms Font
font/woff2 172.217.22.35
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/MTP_ySUJH_bn48VBG8sNSojoYw3YTyktCCer_ilOlhE.woff2

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

SPDY

Server

172.217.22.35 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s16-in-f35.1e100.net

Software

sffe /

Resource Hash

2fb940b87ed9001f6562d79e7121997ea213f0fb27073348dcf30c51285d7c3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=s3cr3t
Origin: https://canyoupwn.me

Response headers

date: Wed, 17 Jan 2018 19:45:22 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:52 GMT
server: sffe
age: 411651
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 7240
x-xss-protection: 1; mode=block
expires: Thu, 17 Jan 2019 19:45:22 GMT

GET
S

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j66&a=1288467212&t=pageview&_s=1&dl=https%3A%2F%2Fcanyoupwn.me%2Fen-microsoft-authentication-bypass-vulnerability%2F&ul=en-us&de=UTF-8&dt=EN%20%7C%...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73109286-1&cid=1472337952.1516629974&jid=1722311572&_gid=544090560.1516629974&gjid=774936168&_v=j66&z=130185241

35 B
102 B

13ms
13ms

Image
image/gif

64.233.166.156
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73109286-1&cid=1472337952.1516629974&jid=1722311572&_gid=544090560.1516629974&gjid=774936168&_v=j66&z=130185241

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

SPDY

Server

64.233.166.156 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

wm-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 22 Jan 2018 14:06:13 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 22 Jan 2018 14:06:13 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-73109286-1&cid=1472337952.1516629974&jid=1722311572&_gid=544090560.1516629974&gjid=774936168&_v=j66&z=130185241
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: hq=":443"; ma=2592000; quic=51303431; quic=51303339; quic=51303338; quic=51303337; quic=51303335,quic=":443"; ma=2592000; v="41,39,38,37,35"
content-length: 417
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK count.js
canyoupwnme.disqus.com/ 1 KB
2 KB 76ms
75ms Script
application/javascript 151.101.112.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://canyoupwnme.disqus.com/count.js

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/wp-content/plugins/disqus-comment-system/media/js/count.js?ver=s3cr3t

Protocol

HTTP/1.1

Server

151.101.112.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Mon, 22 Jan 2018 14:06:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 109353
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 29 Nov 2017 21:05:31 GMT
Server: nginx
ETag: "5a1f211b-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Fastly-Debug-Digest: b6f975ecd04a5ce489da7a841091c3fab14aef5410aa4ba7ad8fdad8e7244bef
Cache-Control: public, max-age=86400
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
S 200 1f642.svg
s.w.org/images/core/emoji/2.3/svg/ 2 KB
1 KB 6ms
5ms Image
image/svg+xml 192.0.77.48
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/2.3/svg/1f642.svg

Requested by

Host: canyoupwn.me
URL: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/

Protocol

SPDY

Server

192.0.77.48 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://canyoupwn.me/en-microsoft-authentication-bypass-vulnerability/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

x-nc: HIT fra 48
date: Mon, 22 Jan 2018 14:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 25 May 2017 05:59:04 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.canyoupwn.me/	1970-01-18 22:02:45	Name: __cfduid Value: dacfc59d72bba1b9e3dc8d2ab81249d6a1516629968

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://canyoupwn.me/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

berkimran.com.tr
canyoupwn.me
canyoupwnme.disqus.com
fonts.googleapis.com
fonts.gstatic.com
placehold.it
s.w.org
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.gstatic.com
104.31.69.117
104.31.81.108
151.101.112.134
172.217.18.164
172.217.21.238
172.217.22.35
172.217.22.42
192.0.77.48
45.33.24.119
64.233.166.156
00cd1dd11553c0d594b2aaf874355c96647d953ee5b9099fe9f115f54e1dda34
06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be
0804fdb982baef56493ae845028ee5748a5023d79e29aa030f96ad938dc7dbfd
0e4a1bd774b107bd93432883f70fdcac57f12f836daf13fd01bcfc232b0c3095
193fbb968733b8a7049da19274546e6b80b76e9a8f1b837fee9a5fdeb8f97c7b
1d2a1242317a845fce91b7d71e66288b04298aba91b7eadaf3ad29600714ad02
1da4032d9c970aa6aa8f7d52f4b2793280b3716f21975cd8c2df57be40dc0482
29a1730501b8021d2737c4e9ec781dc042a1dbb48b90a0542797c3c2c19a3503
2d6adcaefaaab616fbbfb1b84f7226b554c94278e89b7375733135aeb6f426bf
2eb61c2058668c5da0bb49950e95b73fc95561201e0be1442f3cba9256fe61c2
2ed754b9dd2529df10d9ab5bdcfb1d1daab02a180395fd2efaa99b5bb58db9d4
2fb940b87ed9001f6562d79e7121997ea213f0fb27073348dcf30c51285d7c3a
309e69348c4aadd92e7e76a7d68f1251278cf76963ca5bb9c2407d0c99538ab7
38a448e9e03a9f64e7611b19af4bb8ec97fde2c708dc57ebbc7701be7ae3af08
3d3930b546445d873e7a9a4b18b0460702b7b1bf744958ef26edbd44b2b95895
423e09ae1666148e2718bd7aacfb05d17888e0554eb51fc343ef4317ef7d3b62
425dd4c0afd626143f0d49bf9c429fc3459e9cee60da3f550e065d2bfebcac6b
43798b9aec7baa55ee3811f47401893a1acf026afd7d4a502404405f1066171e
463f2ae38b445079a3970962d08be3bd1c1ea986b2d8d6d24819e40edf83a777
487c60fb05dcb2276fc778dbeb6afda91874074190d1ab7ac6e9f5ab4a446020
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
50dda9aac0fcea362bdda27ae7833240485ad5a20ccc105c1cd13ea26802a8bd
54bba5a0bb1ffc834ac191e1aa55de7a69620b723df22bd867ec48745908e51c
55ea8fd16de29dbc7270c7ad507ede3805b5540b9090f9c186aaf7979e738fcf
5aff339f27cd2e3a92c04eaa093afbf8b59d2c36f549d665816ca53d127bc586
5dbb9137dc87d30a6a4b6cefa2aeef6071d5bf8e94909624ef64dad351f35be6
5fe7efcbeb9ea0069ea2dc4f5b26835ae940846759e6899ae79f5fedbeac5b7e
60b39c27ebed41bd9df44f3eca00bace65cb99c9171d1df88b5b8559e3f8c62d
630d0a3cc8f4c4aa7bf49b40ae6f59f3a137707e0d7bba46ba44e2e5f2c53aab
676fb70994eb3dc2e6aad2e42e8a027c57c069238a606f7e6bf08099f7d3e0f8
68d621e9baf05efb663ce4f1d3bd3c5104662d7be40234376fa837abdf0dd2b5
6b7e633fbafa358db332434b8c2924acd19bff3ec6d65f9615bbee668423d44a
6c561e040160f503c6f608ff0584496cac1e0b3a5858ee628e007a14ac4d310f
6ff2526f12596cbd79addfeff938f2dd883800cc6751782a9ef49b23e216835e
74651a65420aa2976d007ea2397c6a2acf4422dd2ea217e71451cd4688b5b9f3
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b0b29537b4e57428444766be4ad0fc23b43af7974a13fce60697f3dcd8426cc
7d36c045b22d6da0b15fc356fe9309e24ac61f20768d2f216f890d042111136f
7d5c60976b659e35baeeee63fad9854e2563fdd1fcc07fc6ea891ead45b3e4cc
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
88b0379349a4dda6ebcc43c5bd12084d230c6105a6fd3c2f651c4e771b3eabef
8b4a15c89255502d876b772505b60972322836595358854e2f1e79db188bc9db
9023e3275b6d897b202ddb9848872a661fea055c96c2973a02e1cf5e39f04afd
91c086d2e8748f79370d1e4d605e65c2c9d82bf93aa915172772b6673e4cf779
936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960
94a848c4063214b7fe883632958485419b80e966cb4b03c0e47beb52e4c74849
96579a6fcfc44082a36bde44a6e5a4c0c4e16806f9e2b802ce221496d35592ef
9b914e8725c423a8ea1c39c9de4fd59fc6cfb072fd936a5b0f407c49e757c8d2
9c2e1d2864f53c224d6542bed9a1ab1de620dae21a2146eb4ff982dd8fcd4567
a59e668012801aad5590147eaf1a08821d9677ae7cbb24a1b70cb4bad2383769
a720e87abd6815e573ea39551c6c253ec09aeac911da26ba3b2f212633b64d0e
a7b09bb9c8e8e2fb189204e08ed94bd8096c118780b5e926847cf2748ca7c5c2
ae783c2484a64950c9542548f51696708e86585b252e465b32c446d0eaaaa105
af54ac0315cdfcf9a471e5f830cc87c848ac2a27fc5021f3884ee4b0a97701b6
b40f5cb76fe4dabae71122cc959ed9dfb9a8587a25d9b07e77de01058ae03b0f
bdf5d34c823ffd1c7af911bf9787e3924b950e19cf1b7a7a4c0155821f429010
bf93c44193e1c50b505c269a4b24e80a0ca3dcfbf9cc5ad8129b197510c96bfb
c02cab0eac225f25b231af82063d89319ae3212b93a055cf35123d381350b66a
c45b9cf8f42103554927061f4159e12b73a88ea5e873f6dc9ce15cfdcad1bd59
ccbd7f2c0daf96a3e53a11136cbc6c63b2981535bd228c25aba78302b15f13a2
ce53d4f22cb33ca5024117646dc9698947e2361041ea04fc61e8d2f2812eb337
d31fb62c7d9d90e62deca2be29f8d1c8281b99fd8a459f3868d29787a0368828
db0d09c94682a9a562bc37ca99d63c1127975272c1aa4d32a5ea9eadf824f0c8
dba6b80aceb1267fd1ed564e08a983730d272813e9b3aff85dc365c65333dd66
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
dd82e0551e0d9ec4e0fbe2c87798fffe438c9b90bd468c183940da9b53cc73ee
e0a970f4b90610051a6b2eb606e1fc581e846fecd7fe747dff8f4497951fb070
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d961493e244e06bf91a9857442891e2e2ad8d49cf8e0a7781c53f0707443d7
e3e062826fb7417287ce357fb18076ecc205a2fb0ea48405a1940b2684f5a53b
eada6774dd87c0e4c4704fbf1901c2da65071892cbf13aa57edeccf0f2e4d7f4
f66e180662735db6c6f77da100b1adafad3810d2534b73006b44aea0758048de
f6aa395c128304e9786e92e5828b03512287d1debb398f10ac1fc7c947bb8e22
f8ef655ef916e39713ede9c6db56d7ca5618bd82cf5ac991dcd013f05e0fdfc7
feac804692ca482e163ff782fde029f15613c2b04efe2b166eb59a75f6f06535
feee9857d18eca700f3d890494f9898b1158eae5e9e77408e809bb0d1376df27

canyoupwn.me Open in urlscan Pro 104.31.69.117 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

76 %HTTPS

0 %IPv6

10 Domains

11 Subdomains

11 IPs

1 Countries

3146 kBTransfer

4087 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

canyoupwn.me Open in urlscan Pro
104.31.69.117 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

76 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

11
IPs

1
Countries

3146 kB
Transfer

4087 kB
Size

1
Cookies

80 HTTP transactions
1 data transactions