urlscan.io logo urlscan.io
SecurityTrails logo

www.yassineaboukir.com Open in urlscan Pro
185.199.111.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Effective URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Submission: On January 10 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 23 HTTP transactions. The main IP is 185.199.111.153, located in United States and belongs to FASTLY, US. The main domain is www.yassineaboukir.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 15th 2020. Valid for: 3 months.
This is the only time www.yassineaboukir.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

6    185.199.110.153 (United States)

ASN54113 (FASTLY, US)
yassineaboukir.com
7    185.199.111.153 (United States)

ASN54113 (FASTLY, US)
www.yassineaboukir.com
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    199.232.196.134 (United States)

ASN54113 (FASTLY, US)
yassineaboukir.disqus.com
2    2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2606:4700::6812:a813 (United States)

ASN13335 (CLOUDFLARENET, US)
c.disquscdn.com
2    151.101.192.134 (United States)

ASN54113 (FASTLY, US)
disqus.com
2    143.204.93.72 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-93-72.fra50.r.cloudfront.net
cdn.viglink.com
4    151.101.12.64 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
links.services.disqus.com
Domain Requested by
7 www.yassineaboukir.com www.yassineaboukir.com
6 yassineaboukir.com 6 redirects
4 links.services.disqus.com c.disquscdn.com
4 c.disquscdn.com yassineaboukir.disqus.com
2 cdn.viglink.com
2 disqus.com yassineaboukir.disqus.com
2 www.google-analytics.com www.yassineaboukir.com
www.google-analytics.com
1 yassineaboukir.disqus.com www.yassineaboukir.com
1 fonts.googleapis.com www.yassineaboukir.com
23 9
Subject Issuer Validity Valid
www.yassineaboukir.com
Let's Encrypt Authority X3		 2020-11-15 -
2021-02-13		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2020-04-20 -
2022-05-09		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-15 -
2021-08-15		 a year crt.sh
viglink.com
Amazon		 2020-12-13 -
2022-01-11		 a year crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2		 2020-11-25 -
2021-12-27		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Frame ID: B0D4D059D69368C717A5224A9FD71700
Requests: 29 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=yassineaboukir&t_u=https%3A%2F%2Fwww.yassineaboukir.com%2Fblog%2Fneglected-dns-records-exploited-to-takeover-subdomains%2F&t_d=Neglected%20DNS%20records%20exploited%20to%20takeover%20subdomains%20%E2%80%93%20Yassine%20Aboukir%20%E2%80%93%20Hacker%20%26%20Application%20Security%20Consultant&t_t=Neglected%20DNS%20records%20exploited%20to%20takeover%20subdomains%20%E2%80%93%20Yassine%20Aboukir%20%E2%80%93%20Hacker%20%26%20Application%20Security%20Consultant&s_o=default
Frame ID: 41E33842C5086283A7C1AC07E92B76D9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/ HTTP 301
    https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<!-- Created with Jekyll Now -/i
Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i
Overall confidence: 100%
Detected patterns
  • html /<div[^>]+id="disqus_thread"/i
Overall confidence: 100%
Detected patterns
  • headers server /^GitHub\.com$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

23
Requests

100 %
HTTPS

33 %
IPv6

6
Domains

9
Subdomains

9
IPs

2
Countries

1729 kB
Transfer

1685 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/ HTTP 301
    https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png HTTP 301
  • https://www.yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png
Request Chain 3
  • https://yassineaboukir.com/wp-content/uploads/2015/02/1-1.png HTTP 301
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/1-1.png
Request Chain 4
  • https://yassineaboukir.com/wp-content/uploads/2015/02/2-2.png HTTP 301
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/2-2.png
Request Chain 5
  • https://yassineaboukir.com/wp-content/uploads/2015/02/3-3.png HTTP 301
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/3-3.png
Request Chain 6
  • https://yassineaboukir.com/wp-content/uploads/2015/02/4-4.png HTTP 301
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/4-4.png

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Redirect Chain
  • http://yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
  • https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
0e0f72027dd2ca5459218b881f572760e98890cf659a30944a27d75ab63f57f2

Request headers

:method
GET
:authority
www.yassineaboukir.com
:scheme
https
:path
/blog/neglected-dns-records-exploited-to-takeover-subdomains/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
server
GitHub.com
last-modified
Mon, 30 Nov 2020 15:02:06 GMT
access-control-allow-origin
*
etag
W/"5fc5096e-26b1"
expires
Sun, 10 Jan 2021 06:22:49 GMT
cache-control
max-age=600
content-encoding
gzip
x-proxy-cache
MISS
x-github-request-id
6B40:1525:46A61A:4B4357:5FFA9AE0
accept-ranges
bytes
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-served-by
cache-hhn4046-HHN
x-cache
MISS
x-cache-hits
0
x-timer
S1610259169.109992,VS0,VE89
vary
Accept-Encoding
x-fastly-request-id
e8f06e665381a8407eba04d33c2dbb068c871d0d
content-length
3408

Redirect headers

Content-Type
text/html
Server
GitHub.com
Location
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
X-GitHub-Request-Id
BD50:10A99:7FEE9D:87FA0B:5FFA9AE0
Content-Length
162
Accept-Ranges
bytes
Date
Sun, 10 Jan 2021 06:12:49 GMT
Via
1.1 varnish
Age
0
Connection
keep-alive
X-Served-By
cache-hhn4078-HHN
X-Cache
MISS
X-Cache-Hits
0
X-Timer
S1610259169.929985,VS0,VE84
Vary
Accept-Encoding
X-Fastly-Request-ID
044c3e42351f0a209d6c6cd39bf0a0e241f35964
style.css
www.yassineaboukir.com/ 		62 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.yassineaboukir.com/style.css
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
5516b1bc058a46487bf05cfd2a492750c2b6f1351a77ab89352dd726b68914ad

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
f36d20298cafbc932ea81f7757ae9cfaf269f1f4
date
Sun, 10 Jan 2021 06:12:49 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
22957
x-served-by
cache-hhn4046-HHN
access-control-allow-origin
*
last-modified
Mon, 30 Nov 2020 15:02:06 GMT
server
GitHub.com
x-github-request-id
8DEE:1A95:93A175:9CC2C9:5FFA9AE1
x-timer
S1610259169.229418,VS0,VE91
etag
W/"5fc5096e-f615"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Sun, 10 Jan 2021 06:22:49 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
css
fonts.googleapis.com/ 		6 KB
893 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Mono|Roboto+Slab:300|Roboto:500
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2394c62f91026edbfb49954e81d09c5f7629c4c139ad63052abb9c9992f97a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 10 Jan 2021 06:12:49 GMT
server
ESF
date
Sun, 10 Jan 2021 06:12:49 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 10 Jan 2021 06:12:49 GMT
Screenshot-2018-10-28-at-01.42.55.png
www.yassineaboukir.com/wp-content/uploads/2012/04/
Redirect Chain
  • https://yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png
  • https://www.yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png
1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
b2210258d5b72042906644b1f441cd0b0bd074ad188b20be28cade1843ab89e9

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
4a504ddd6f24a63ee7b3c2651ef7107cb8350992
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-cache
MISS
x-cache-hits
0
content-length
1338786
x-served-by
cache-hhn4046-HHN
last-modified
Mon, 30 Nov 2020 15:02:00 GMT
server
GitHub.com
x-github-request-id
F59C:A871:865193:8EA346:5FFA9AE0
x-timer
S1610259169.415310,VS0,VE491
etag
"5fc50968-146da2"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
expires
Sun, 10 Jan 2021 06:22:49 GMT

Redirect headers

x-fastly-request-id
a46923953a28e559a6726b24a708eb20c644149d
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
server
GitHub.com
x-github-request-id
6FA0:CFCB:94A5FC:9DCC38:5FFA9AD4
age
0
x-served-by
cache-hhn4039-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
text/html
location
https://www.yassineaboukir.com/wp-content/uploads/2012/04/Screenshot-2018-10-28-at-01.42.55.png
accept-ranges
bytes
x-timer
S1610259169.283669,VS0,VE84
content-length
162
x-cache-hits
0
1-1.png
www.yassineaboukir.com/wp-content/uploads/2015/02/
Redirect Chain
  • https://yassineaboukir.com/wp-content/uploads/2015/02/1-1.png
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/1-1.png
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.yassineaboukir.com/wp-content/uploads/2015/02/1-1.png
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
f912ae31977ea6ea67f4666718e966f10a9efa06f48700900e2f7e6d53b5d8d5

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
e8bc70a0a4db1361a0c2687efbbe2f69cd830cb7
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-cache
MISS
content-length
14196
x-served-by
cache-hhn4046-HHN
last-modified
Mon, 30 Nov 2020 15:02:00 GMT
server
GitHub.com
x-github-request-id
2A34:A81B:1E069A:203F6F:5FFA9AE1
x-timer
S1610259169.415630,VS0,VE89
etag
"5fc50968-3774"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Sun, 10 Jan 2021 06:22:49 GMT
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0

Redirect headers

x-fastly-request-id
952a3ceb1fbe7af6b535a970cbf57534d7f62306
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
server
GitHub.com
x-github-request-id
A540:66E2:8D63B7:963591:5FFA9ADF
age
0
x-served-by
cache-hhn4039-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
text/html
location
https://www.yassineaboukir.com/wp-content/uploads/2015/02/1-1.png
accept-ranges
bytes
x-timer
S1610259169.283655,VS0,VE85
content-length
162
x-cache-hits
0
2-2.png
www.yassineaboukir.com/wp-content/uploads/2015/02/
Redirect Chain
  • https://yassineaboukir.com/wp-content/uploads/2015/02/2-2.png
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/2-2.png
28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.yassineaboukir.com/wp-content/uploads/2015/02/2-2.png
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
3ed1295002f7594871c6e8cb42599dc61156ecd948d596ec18983ba1b223fbfc

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
1b03ed7c8da7f6340dc727b65269c810fedd2f26
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-cache
MISS
x-cache-hits
0
content-length
28576
x-served-by
cache-hhn4046-HHN
last-modified
Mon, 30 Nov 2020 15:02:00 GMT
server
GitHub.com
x-github-request-id
FD50:4DB0:80830B:888435:5FFA9AE1
x-timer
S1610259169.415846,VS0,VE90
etag
"5fc50968-6fa0"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
expires
Sun, 10 Jan 2021 06:22:49 GMT

Redirect headers

x-fastly-request-id
c776448e469c60d4e6c47ca96f7a250fdde326ff
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
server
GitHub.com
x-github-request-id
2092:10A99:7FEEA7:87FA32:5FFA9AE1
age
0
x-served-by
cache-hhn4039-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
text/html
location
https://www.yassineaboukir.com/wp-content/uploads/2015/02/2-2.png
accept-ranges
bytes
x-timer
S1610259169.283641,VS0,VE86
content-length
162
x-cache-hits
0
3-3.png
www.yassineaboukir.com/wp-content/uploads/2015/02/
Redirect Chain
  • https://yassineaboukir.com/wp-content/uploads/2015/02/3-3.png
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/3-3.png
10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.yassineaboukir.com/wp-content/uploads/2015/02/3-3.png
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
138ad0cd7a094c46d564c9762d3a861c925dcf15740374931745db55ed31b83e

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
28930181dcb52ab67086f275ae733e1220c873b9
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-cache
MISS
x-cache-hits
0
content-length
10444
x-served-by
cache-hhn4046-HHN
last-modified
Mon, 30 Nov 2020 15:02:00 GMT
server
GitHub.com
x-github-request-id
4EBE:10A99:7FEEAB:87FA15:5FFA9AE0
x-timer
S1610259169.415857,VS0,VE88
etag
"5fc50968-28cc"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
expires
Sun, 10 Jan 2021 06:22:49 GMT

Redirect headers

x-fastly-request-id
10d0380b9a99859f917e08cacb0acf61159e72e3
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
server
GitHub.com
x-github-request-id
5CEE:11F49:4DE80D:52DFBA:5FFA9AE0
age
0
x-served-by
cache-hhn4039-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
text/html
location
https://www.yassineaboukir.com/wp-content/uploads/2015/02/3-3.png
accept-ranges
bytes
x-timer
S1610259169.283605,VS0,VE85
content-length
162
x-cache-hits
0
4-4.png
www.yassineaboukir.com/wp-content/uploads/2015/02/
Redirect Chain
  • https://yassineaboukir.com/wp-content/uploads/2015/02/4-4.png
  • https://www.yassineaboukir.com/wp-content/uploads/2015/02/4-4.png
30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.yassineaboukir.com/wp-content/uploads/2015/02/4-4.png
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.199.111.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
5c7e4ae9bf675c45b87c53f199bbf8cb9ae8d6a6747b303e304bee211969624f

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fastly-request-id
01621cf0ed9cbea28154bf165993435b402045b3
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
age
0
x-cache
MISS
x-cache-hits
0
content-length
30267
x-served-by
cache-hhn4046-HHN
last-modified
Mon, 30 Nov 2020 15:02:00 GMT
server
GitHub.com
x-github-request-id
9190:1524:217322:23EAA5:5FFA9AE0
x-timer
S1610259169.415636,VS0,VE170
etag
"5fc50968-763b"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
expires
Sun, 10 Jan 2021 06:22:49 GMT

Redirect headers

x-fastly-request-id
c332e16cd17930612b43f3586cb875b499eba96c
date
Sun, 10 Jan 2021 06:12:49 GMT
via
1.1 varnish
server
GitHub.com
x-github-request-id
591A:CFCB:94A5FC:9DCD92:5FFA9ADD
age
0
x-served-by
cache-hhn4039-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
text/html
location
https://www.yassineaboukir.com/wp-content/uploads/2015/02/4-4.png
accept-ranges
bytes
x-timer
S1610259169.283630,VS0,VE85
content-length
162
x-cache-hits
0
embed.js
yassineaboukir.disqus.com/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yassineaboukir.disqus.com/embed.js
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
8b916b2be54df63321aacdebfbcbe7d23e4d42ae060190ad54e4d612d3c18e0e
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 10 Jan 2021 06:12:49 GMT
Content-Encoding
gzip
Server
openresty
Age
0
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
23955
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.yassineaboukir.com
URL: https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2468
date
Sun, 10 Jan 2021 05:31:41 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sun, 10 Jan 2021 07:31:41 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb0d57dd34ef7aeaca8e216978f08a98133497e9b9c27b5f430eff87d51cb934

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c556d31a4e68362f14119ab3f99def3ae1fbcf3f43fd1deba622511758242e7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ce087f1d38e538eee6a5084654d66a9c7b70025f2fb04a6885aab962250ea6fb

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b69e7a21552fc6b14d0faf4c60d5c9799ba8477426eb1533d76a6c6d5dca83dd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3960b7858957eeade28addd3ae652d325d1e55f0339a501914ec6c0fd622a034

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be659f0e130aafc1fd04b1da193ff4a89da8aa0c7486238bea79f33343cbc4cb

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea07848b95b996e50ef887e2df00c6b827bf709d73b78a3700df799e43d638de

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
collect
www.google-analytics.com/j/ 		2 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=838965253&t=pageview&_s=1&dl=https%3A%2F%2Fwww.yassineaboukir.com%2Fblog%2Fneglected-dns-records-exploited-to-takeover-subdomains%2F&dp=%2Fblog%2Fneglected-dns-records-exploited-to-takeover-subdomains%2F&ul=en-us&de=UTF-8&dt=Neglected%20DNS%20records%20exploited%20to%20takeover%20subdomains&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1234162424&gjid=856138641&cid=963857725.1610259169&tid=UA-146028141-1&_gid=160837300.1610259169&_r=1&_slc=1&z=617524210
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 10 Jan 2021 06:12:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.yassineaboukir.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
lounge.93b42de3124a0dd0533f88d602ff11e8.css
c.disquscdn.com/next/embed/styles/ 		0
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.93b42de3124a0dd0533f88d602ff11e8.css
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
296668
strict-transport-security
max-age=300; includeSubdomains
content-length
22661
cf-request-id
078c861afc00001f2569239000000001
timing-allow-origin
*
last-modified
Thu, 17 Dec 2020 22:41:59 GMT
server
cloudflare
etag
"5fdbdeb7-5885"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
DFW55-C3
accept-ranges
bytes
cf-ray
60f43fa4cf8e1f25-FRA
x-amz-cf-id
FoLAKKYeyCVOQCHjxkf648euNl2eE6RaXpXOfpVsO0oF_J48wSAC-w==
expires
Thu, 06 Jan 2022 19:48:21 GMT
common.bundle.de93b98d666f8e6c7505f802a907a867.js
c.disquscdn.com/next/embed/ 		0
93 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.de93b98d666f8e6c7505f802a907a867.js
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
296669
strict-transport-security
max-age=300; includeSubdomains
content-length
94780
cf-request-id
078c861afd00001f252aaa6000000001
timing-allow-origin
*
last-modified
Thu, 17 Dec 2020 22:41:59 GMT
server
cloudflare
etag
"5fdbdeb7-1723c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
DFW55-C3
accept-ranges
bytes
cf-ray
60f43fa4cf921f25-FRA
x-amz-cf-id
Qu4oNWqpLJ8y9PXfL-VGAE9V9ADfjzDcz1G_P1sBId44bHg1MBhBvA==
expires
Thu, 06 Jan 2022 19:48:21 GMT
lounge.bundle.b00141b8e7a9878087e2d84485476038.js
c.disquscdn.com/next/embed/ 		0
114 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.b00141b8e7a9878087e2d84485476038.js
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
296668
strict-transport-security
max-age=300; includeSubdomains
content-length
116447
cf-request-id
078c861afd00001f2547200000000001
timing-allow-origin
*
last-modified
Thu, 17 Dec 2020 22:41:59 GMT
server
cloudflare
etag
"5fdbdeb7-1c6df"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
DFW55-C3
accept-ranges
bytes
cf-ray
60f43fa4cf951f25-FRA
x-amz-cf-id
Yc_MGoCjsBblRoSjmjt3J9uZx4r3PRNlMryaeVdCaHO4-zgHDDy4oQ==
expires
Thu, 06 Jan 2022 19:48:21 GMT
config.js
disqus.com/next/ 		0
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 10 Jan 2021 06:12:50 GMT
X-Content-Type-Options
nosniff
Content-Type
application/javascript; charset=UTF-8
Server
nginx
Age
2
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
9280
X-XSS-Protection
1; mode=block
/
disqus.com/embed/comments/ Frame 41E3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=yassineaboukir&t_u=https%3A%2F%2Fwww.yassineaboukir.com%2Fblog%2Fneglected-dns-records-exploited-to-takeover-subdomains%2F&t_d=Neglected%20DNS%20records%20exploited%20to%20takeover%20subdomains%20%E2%80%93%20Yassine%20Aboukir%20%E2%80%93%20Hacker%20%26%20Application%20Security%20Consultant&t_t=Neglected%20DNS%20records%20exploited%20to%20takeover%20subdomains%20%E2%80%93%20Yassine%20Aboukir%20%E2%80%93%20Hacker%20%26%20Application%20Security%20Consultant&s_o=default
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/

Response headers

Connection
keep-alive
Content-Length
4714
Server
nginx
Content-Type
text/html; charset=utf-8
Content-Security-Policy
script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified
Wed, 14 Aug 2019 09:01:39 GMT
ETag
W/"lounge:view:7389455772.912799bf6cd546c580a2284217f1d0e8.2"
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Encoding
gzip
Date
Sun, 10 Jan 2021 06:12:50 GMT
Age
0
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
c.disquscdn.com/next/embed/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Requested by
Host: yassineaboukir.disqus.com
URL: https://yassineaboukir.disqus.com/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
1326606
strict-transport-security
max-age=300; includeSubdomains
content-length
26578
cf-request-id
078c861d9700001f25623e0000000001
timing-allow-origin
*
last-modified
Mon, 23 Nov 2020 17:22:41 GMT
server
cloudflare
etag
"5fbbefe1-67d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
max-age=31536000, public, immutable, no-transform
x-amz-cf-pop
DFW55-C3
accept-ranges
bytes
cf-ray
60f43fa8fc311f25-FRA
x-amz-cf-id
iwXvkWWneYUzTgpoGXrolZxBkoZQ2bfC3Qst_9vVPBWLaqb-vIiHXg==
expires
Mon, 29 Nov 2021 02:25:38 GMT
pixel.gif
cdn.viglink.com/images/ 		43 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=1&rn=8.273527193123968
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.93.72 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-93-72.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:41 GMT
via
1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
AmazonS3
age
9
etag
"221d8352905f2c38b3cb2bd191d630b0"
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
max-age=15, must-revalidate
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
43
x-amz-cf-id
Lcq_jFG27E_HpD1UiEhEbmIW6Bg_WaXI_Mu23P6k-tSDQVLGwTSu-Q==
pixel.gif
cdn.viglink.com/images/ 		43 B
386 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.viglink.com/images/pixel.gif?ch=2&rn=8.273527193123968
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.93.72 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-93-72.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 10 Jan 2021 06:12:41 GMT
via
1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
last-modified
Tue, 10 Feb 2015 03:29:39 GMT
server
AmazonS3
age
9
etag
"221d8352905f2c38b3cb2bd191d630b0"
x-cache
Hit from cloudfront
content-type
image/gif
cache-control
max-age=15, must-revalidate
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
43
x-amz-cf-id
b0FacCx39ekcu8FbAxiix0h1XRS8dAemXmllGRal-TnWE5Tl3TQJwA==
ping
links.services.disqus.com/api/ 		300 B
930 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/ping
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
edbd320c479153b7d5c7f3c68b9f3de486ce5a799551a4d279879beea52f48ca

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 10 Jan 2021 06:12:51 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.yassineaboukir.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
300
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync.gif
links.services.disqus.com/api/ 		43 B
565 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 10 Jan 2021 06:12:51 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Type
image/gif;charset=UTF-8
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
domains
links.services.disqus.com/api/ 		76 B
705 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/domains
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
41ff1ab054cff580b7e1e3a61adb5629be6533c38649956bcc59772091d1d52e

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 10 Jan 2021 06:12:51 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.yassineaboukir.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
76
Expires
Thu, 01 Jan 1970 00:00:00 GMT
domains
links.services.disqus.com/api/ 		42 B
671 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/domains
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
d791660338c0410819e26966db5eec8e89b6d06cdf356a9126607a0519b0cdc5

Request headers

Referer
https://www.yassineaboukir.com/blog/neglected-dns-records-exploited-to-takeover-subdomains/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Sun, 10 Jan 2021 06:12:51 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.yassineaboukir.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| disqus_shortname string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| disqus_config object| DISQUS boolean| __v5k function| vl_cB function| vl_disable function| vglnk_16102591707406 object| vglnk undefined| vglnk_16102591712417 undefined| vglnk_16102591713719 undefined| vglnk_161025917139110

3 Cookies

Domain/Path Name / Value
.yassineaboukir.com/ Name: _gat
Value: 1
.yassineaboukir.com/ Name: _gid
Value: GA1.2.160837300.1610259169
.yassineaboukir.com/ Name: _ga
Value: GA1.2.963857725.1610259169

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.disquscdn.com
cdn.viglink.com
disqus.com
fonts.googleapis.com
links.services.disqus.com
www.google-analytics.com
www.yassineaboukir.com
yassineaboukir.com
yassineaboukir.disqus.com
143.204.93.72
151.101.12.64
151.101.192.134
185.199.110.153
185.199.111.153
199.232.196.134
2606:4700::6812:a813
2a00:1450:4001:803::200a
2a00:1450:4001:816::200e
0e0f72027dd2ca5459218b881f572760e98890cf659a30944a27d75ab63f57f2
138ad0cd7a094c46d564c9762d3a861c925dcf15740374931745db55ed31b83e
2394c62f91026edbfb49954e81d09c5f7629c4c139ad63052abb9c9992f97a68
2c556d31a4e68362f14119ab3f99def3ae1fbcf3f43fd1deba622511758242e7
3960b7858957eeade28addd3ae652d325d1e55f0339a501914ec6c0fd622a034
3ed1295002f7594871c6e8cb42599dc61156ecd948d596ec18983ba1b223fbfc
41ff1ab054cff580b7e1e3a61adb5629be6533c38649956bcc59772091d1d52e
5516b1bc058a46487bf05cfd2a492750c2b6f1351a77ab89352dd726b68914ad
5c7e4ae9bf675c45b87c53f199bbf8cb9ae8d6a6747b303e304bee211969624f
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b916b2be54df63321aacdebfbcbe7d23e4d42ae060190ad54e4d612d3c18e0e
9efb3d5e1b082a66bd94908b42afb4cf6fe0e8eb8f50b8d2a18f6a5da03e6a18
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
b2210258d5b72042906644b1f441cd0b0bd074ad188b20be28cade1843ab89e9
b69e7a21552fc6b14d0faf4c60d5c9799ba8477426eb1533d76a6c6d5dca83dd
be659f0e130aafc1fd04b1da193ff4a89da8aa0c7486238bea79f33343cbc4cb
ce087f1d38e538eee6a5084654d66a9c7b70025f2fb04a6885aab962250ea6fb
d791660338c0410819e26966db5eec8e89b6d06cdf356a9126607a0519b0cdc5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ea07848b95b996e50ef887e2df00c6b827bf709d73b78a3700df799e43d638de
eb0d57dd34ef7aeaca8e216978f08a98133497e9b9c27b5f430eff87d51cb934
edbd320c479153b7d5c7f3c68b9f3de486ce5a799551a4d279879beea52f48ca
f912ae31977ea6ea67f4666718e966f10a9efa06f48700900e2f7e6d53b5d8d5