urlscan.io logo urlscan.io
SecurityTrails logo

www.vpnmentor.com Open in urlscan Pro
2606:4700:20::6819:76d  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Submission: On December 14 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 14 domains to perform 42 HTTP transactions. The main IP is 2606:4700:20::6819:76d, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.vpnmentor.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on October 29th 2018. Valid for: 6 months.
This is the only time www.vpnmentor.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 143.204.101.50 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 172.217.16.130 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 204.79.197.200 8068 (MICROSOFT...)
1 5 2a02:6b8::1:119 13238 (YANDEX)
1 151.101.1.2 54113 (FASTLY)
1 52.5.245.95 14618 (AMAZON-AES)
42 16
17    2606:4700:20::6819:76d (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.vpnmentor.com
static1.vpnmentor.com
static2.vpnmentor.com
1    2a00:1450:4001:81b::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    2606:4700:30::681b:8213 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.hhtpp.com
1    2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
1    143.204.101.50 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-50.fra50.r.cloudfront.net
cdn.alooma.com
2    2a03:2880:f01c:20e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
2    2a00:1450:4001:817::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
2    172.217.16.130 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net
www.googleadservices.com
2    2a00:1450:4001:825::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
1    2a00:1450:400c:c08::9b (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
3    2a00:1450:4001:824::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
3    2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
2    204.79.197.200 (Redmond, United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
PTR: a-0001.a-msedge.net
bat.bing.com
5    2a02:6b8::1:119 (Russian Federation)

ASN13238 (YANDEX, RU)
mc.yandex.ru
1    151.101.1.2 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
a.quora.com
1    52.5.245.95 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-5-245-95.compute-1.amazonaws.com
q.quora.com
Domain Requested by
13 www.vpnmentor.com www.vpnmentor.com
cdn.alooma.com
5 mc.yandex.ru 1 redirects www.vpnmentor.com
3 www.google.de www.vpnmentor.com
3 www.google.com 1 redirects www.vpnmentor.com
2 bat.bing.com www.vpnmentor.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 www.googleadservices.com www.googletagmanager.com
www.vpnmentor.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 graph.facebook.com www.vpnmentor.com
2 static2.vpnmentor.com www.vpnmentor.com
2 static1.vpnmentor.com www.vpnmentor.com
2 api.hhtpp.com www.vpnmentor.com
1 q.quora.com
1 a.quora.com www.vpnmentor.com
1 stats.g.doubleclick.net 1 redirects
1 cdn.alooma.com www.vpnmentor.com
1 fonts.googleapis.com www.vpnmentor.com
1 www.googletagmanager.com www.vpnmentor.com
42 18
Subject Issuer Validity Valid
ssl375667.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-10-29 -
2019-05-07		 6 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
sni144882.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-11-24 -
2019-06-02		 6 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
*.alooma.com
Amazon		 2018-02-26 -
2019-03-26		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
www.googleadservices.com
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
www.google.de
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
www.google.com
Google Internet Authority G3		 2018-11-27 -
2019-02-19		 3 months crt.sh
www.bing.com
Microsoft IT TLS CA 5		 2017-07-20 -
2019-07-10		 2 years crt.sh
bs.yandex.ru
Yandex CA		 2018-10-03 -
2019-10-03		 a year crt.sh
*.quora.com
DigiCert SHA2 Secure Server CA		 2018-08-15 -
2019-11-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Frame ID: 55D8F051D20CB0CE00A771F8EA67CAC8
Requests: 48 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /mc\.yandex\.ru\/metrika\/watch\.js/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

42
Requests

100 %
HTTPS

69 %
IPv6

14
Domains

18
Subdomains

16
IPs

3
Countries

1135 kB
Transfer

1874 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=959151122&t=pageview&_s=1&dl=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&ul=en-us&de=UTF-8&dt=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=524609385&gjid=471981428&cid=738913341.1544780416&tid=UA-74495920-1&_gid=473301467.1544780416&_r=1&gtm=2oubc0&z=1779016360 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_gid=473301467.1544780416&gjid=471981428&_v=j72&z=1779016360 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360&slf_rd=1&random=2839776422
Request Chain 38
  • https://mc.yandex.ru/watch/44623393?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More HTTP 302
  • https://mc.yandex.ru/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/ 		393 KB
72 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dd6027b95f73338b92ece0f268c6d95bbc7c51d89b98d48128a3e83a8561a0b

Request headers

:method
GET
:authority
www.vpnmentor.com
:scheme
https
:path
/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Fri, 14 Dec 2018 09:40:15 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; expires=Sat, 14-Dec-19 09:40:15 GMT; path=/; domain=.vpnmentor.com; HttpOnly __cflb=248665401; path=/; expires=Sat, 15-Dec-18 08:40:15 GMT; HttpOnly
referrer-policy
no-referrer no-referrer
x-page-speed
1.13.35.2-0
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
488fb53def39c283-FRA
content-encoding
br
js
www.googletagmanager.com/gtag/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-74495920-1
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
be1c2c3bca1dfadafba3c41baeb7683da839e20b5418f37b33bd1c209b9822e5
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
content-encoding
gzip
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
32167
x-xss-protection
1; mode=block
expires
Fri, 14 Dec 2018 09:40:15 GMT
helper.js
api.hhtpp.com/ 		1 KB
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.hhtpp.com/helper.js
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:8213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
74aef74089a2e3fe0b33717abf5aaf7b103643406721eb6e9449410fcb6a6cb9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 24 Oct 2017 11:44:42 GMT
server
cloudflare
etag
W/"59ef27aa-6eb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
expires
Fri, 14 Dec 2018 13:40:15 GMT
cache-control
public, max-age=14400
cf-polished
origSize=1771
cf-ray
488fb53f6e95c2a6-FRA
cf-bgj
minify
icon
fonts.googleapis.com/ 		574 B
419 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
6ebdbdf01e78babe586c8cc981e09e38b3c080a54a8fdc16d5e4d757a866307b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 14 Dec 2018 09:40:15 GMT
server
ESF
access-control-allow-origin
*
date
Fri, 14 Dec 2018 09:40:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
1; mode=block
expires
Fri, 14 Dec 2018 09:40:15 GMT
alooma-latest.min.js
cdn.alooma.com/libs/ 		50 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.alooma.com/libs/alooma-latest.min.js
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.101.50 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-101-50.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
111d57bd5c836e78badcbd782d2c284701cbc21f302e223fd0c7001bd94c2f08

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 14 Dec 2018 09:40:17 GMT
Content-Encoding
gzip
Last-Modified
Sun, 22 Jan 2017 12:54:39 GMT
Server
AmazonS3
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/plain
Via
1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
Cache-Control
public, private, max-age=86400
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
d849kspPyNiJTXYbc0DeaqesBiASTJdOSSExXAMYXBGA8RYfwS1nFA==
xtinderbug-1.jpg.pagespeed.ic.hxJB2xaWm3.webp
static1.vpnmentor.com/wp-content/uploads/2018/10/ 		178 KB
178 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static1.vpnmentor.com/wp-content/uploads/2018/10/xtinderbug-1.jpg.pagespeed.ic.hxJB2xaWm3.webp
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd00b362ac43a0c588ae4a570fcddc75d3040c817a28ccb38c744c0bfc7ab974
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/wp-content/uploads/2018/10/xtinderbug-1.jpg.pagespeed.ic.hxJB2xaWm3.webp
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
static1.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
status
200
content-length
181760
x-page-speed
1.13.35.2-0
last-modified
Tue, 09 Oct 2018 08:11:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=1382400
set-cookie
__cflb=248665401; path=/; expires=Sat, 15-Dec-18 08:40:16 GMT; HttpOnly
accept-ranges
bytes
cf-ray
488fb53f7b54c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:16 GMT
xtinderbug-1-768x403.jpg.pagespeed.ic.ORbsMg0giu.webp
static2.vpnmentor.com/wp-content/uploads/2018/10/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.vpnmentor.com/wp-content/uploads/2018/10/xtinderbug-1-768x403.jpg.pagespeed.ic.ORbsMg0giu.webp
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
504730eb5d1ba357858a703f2d8bc5b2df7691cacd44ae49d529b1e41d270b3c

Request headers

:path
/wp-content/uploads/2018/10/xtinderbug-1-768x403.jpg.pagespeed.ic.ORbsMg0giu.webp
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
static2.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
cf-cache-status
MISS
x-original-content-length
55338
status
200
content-length
32976
x-page-speed
1.13.35.2-0
last-modified
Fri, 14 Dec 2018 05:58:45 GMT
server
cloudflare
etag
W/"0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31522709
set-cookie
__cflb=248665401; path=/; expires=Sat, 15-Dec-18 08:40:16 GMT; HttpOnly
accept-ranges
bytes
cf-ray
488fb53fbc2bc283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 14 Dec 2019 05:58:45 GMT
function.min.js
www.vpnmentor.com/wp-content/themes/vpnmentor/js/ 		226 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/js/function.min.js?code=34
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
563ba4a35cbc7bc2d9e7cd24b77cf871b6461c9d80dc53749ed0ead5619fba96

Request headers

:path
/wp-content/themes/vpnmentor/js/function.min.js?code=34
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 03 Dec 2018 14:02:50 GMT
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1382400
cf-ray
488fb53f7b58c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
modal.png
www.vpnmentor.com/wp-content/themes/vpnmentor/images/ 		129 B
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/images/modal.png?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb04bff679e54712e6a2c2879df3b0f69d6553c9cd458b04cd9272ef00b3e989

Request headers

:path
/wp-content/themes/vpnmentor/images/modal.png?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
cf-cache-status
HIT
x-original-content-length
529
status
200
content-length
129
server
cloudflare
etag
W/"PSA-aj-Ij2hRHr6mV"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb53fbc21c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
common_spritesheet.png
www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/ 		83 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/common_spritesheet.png?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b892483e78e4666726b97e4aa91d9e7b72f436e9f3b88e501658c395652d1012

Request headers

:path
/wp-content/themes/vpnmentor/css/img/common_spritesheet.png?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
cf-cache-status
HIT
x-original-content-length
99995
status
200
content-length
85304
server
cloudflare
etag
W/"PSA-aj-2hjzwzQI1T"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb53fbc23c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
bg-bredcrumbs.jpg
www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/bg-bredcrumbs.jpg?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
35b12e21853fe31ed89d1e6ba519308cdb9c33157e8123be6d3f3059354453c7

Request headers

:path
/wp-content/themes/vpnmentor/css/img/bg-bredcrumbs.jpg?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
cf-cache-status
HIT
x-original-content-length
13050
status
200
content-length
4437
server
cloudflare
etag
W/"PSA-aj-b19PhtVA1X"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb53fbc25c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
category_spritesheet.png
www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/ 		79 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/category_spritesheet.png?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
828269337de89b32af85941de5af40e25f2f27bf467c7aab811c00eac98b4cbf

Request headers

:path
/wp-content/themes/vpnmentor/css/img/category_spritesheet.png?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
cf-cache-status
HIT
x-original-content-length
87257
status
200
content-length
80455
server
cloudflare
etag
W/"PSA-aj-bu1SteH6xs"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb53fbc28c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
fontawesome-webfont.woff2
www.vpnmentor.com/wp-content/themes/vpnmentor/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path
/wp-content/themes/vpnmentor/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma
no-cache
origin
https://www.vpnmentor.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.vpnmentor.com

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
content-encoding
br
cf-cache-status
HIT
status
200
x-page-speed
1.13.35.2-0
referrer-policy
no-referrer
server
cloudflare
etag
W/"5af4a226-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1382400
cf-ray
488fb53fbc1ec283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
glyphicons-halflings-regular.woff2
www.vpnmentor.com/wp-content/themes/vpnmentor/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

:path
/wp-content/themes/vpnmentor/fonts/glyphicons-halflings-regular.woff2
pragma
no-cache
origin
https://www.vpnmentor.com
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.vpnmentor.com

Response headers

date
Fri, 14 Dec 2018 09:40:15 GMT
content-encoding
br
cf-cache-status
HIT
status
200
x-page-speed
1.13.35.2-0
referrer-policy
no-referrer
server
cloudflare
etag
W/"5af4a226-466c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1382400
cf-ray
488fb53fbc1fc283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:15 GMT
/
www.vpnmentor.com/track/ 		32 B
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiTWFjIE9TIFgiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkY3VycmVudF91cmwiOiAiaHR0cHM6Ly93d3cudnBubWVudG9yLmNvbS9ibG9nL2RvbS14c3MtYnVnLWFmZmVjdGluZy10aW5kZXItc2hvcGlmeS15ZWxwLyIsIiRicm93c2VyX3ZlcnNpb24iOiA2NywiJHNjcmVlbl9oZWlnaHQiOiAxMjAwLCIkc2NyZWVuX3dpZHRoIjogMTYwMCwibXBfbGliIjogIndlYiIsIiRsaWJfdmVyc2lvbiI6ICIxLjAuMCIsImRpc3RpbmN0X2lkIjogIjE2N2FjMTY4NGI1ODU3LTA5NzEzZWQ0Y2EyOTFmLTE3MzY2OTUyLTFkNGMwMC0xNjdhYzE2ODRiNjNjYyIsIiRpbml0aWFsX3JlZmVycmVyIjogIiRkaXJlY3QiLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogIiRkaXJlY3QiLCJtcF9wYWdlIjogImh0dHBzOi8vd3d3LnZwbm1lbnRvci5jb20vYmxvZy9kb20teHNzLWJ1Zy1hZmZlY3RpbmctdGluZGVyLXNob3BpZnkteWVscC8iLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIk1hYyBPUyBYIiwidG9rZW4iOiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmpiR2xsYm5ST1lXMWxJam9pYVd0dWIzZHNiMmQ1TFhkbFluTmxiR1Z1WlhObExURWlMQ0pwYm5CMWRFeGhZbVZzSWpvaVpYWmxiblJ6SWl3aWFXNXdkWFJVZVhCbElqb2lTbE5UUkVzaWZRLnEtVHFLbVFuUWkxYWZENml5YXZsRnhQR0NZSHJzMEFKNUhzUTcydjZMLVEifX0%3D&verbose=1&ip=1&_=1544780416197
Requested by
Host: cdn.alooma.com
URL: https://cdn.alooma.com/libs/alooma-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bad859eedfcb16c7692471154b4720205c48cee1871722386f5fea3e3291bb06

Request headers

:path
/track/?data=eyJldmVudCI6ICJtcF9wYWdlX3ZpZXciLCJwcm9wZXJ0aWVzIjogeyIkb3MiOiAiTWFjIE9TIFgiLCIkYnJvd3NlciI6ICJDaHJvbWUiLCIkY3VycmVudF91cmwiOiAiaHR0cHM6Ly93d3cudnBubWVudG9yLmNvbS9ibG9nL2RvbS14c3MtYnVnLWFmZmVjdGluZy10aW5kZXItc2hvcGlmeS15ZWxwLyIsIiRicm93c2VyX3ZlcnNpb24iOiA2NywiJHNjcmVlbl9oZWlnaHQiOiAxMjAwLCIkc2NyZWVuX3dpZHRoIjogMTYwMCwibXBfbGliIjogIndlYiIsIiRsaWJfdmVyc2lvbiI6ICIxLjAuMCIsImRpc3RpbmN0X2lkIjogIjE2N2FjMTY4NGI1ODU3LTA5NzEzZWQ0Y2EyOTFmLTE3MzY2OTUyLTFkNGMwMC0xNjdhYzE2ODRiNjNjYyIsIiRpbml0aWFsX3JlZmVycmVyIjogIiRkaXJlY3QiLCIkaW5pdGlhbF9yZWZlcnJpbmdfZG9tYWluIjogIiRkaXJlY3QiLCJtcF9wYWdlIjogImh0dHBzOi8vd3d3LnZwbm1lbnRvci5jb20vYmxvZy9kb20teHNzLWJ1Zy1hZmZlY3RpbmctdGluZGVyLXNob3BpZnkteWVscC8iLCJtcF9icm93c2VyIjogIkNocm9tZSIsIm1wX3BsYXRmb3JtIjogIk1hYyBPUyBYIiwidG9rZW4iOiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmpiR2xsYm5ST1lXMWxJam9pYVd0dWIzZHNiMmQ1TFhkbFluTmxiR1Z1WlhObExURWlMQ0pwYm5CMWRFeGhZbVZzSWpvaVpYWmxiblJ6SWl3aWFXNXdkWFJVZVhCbElqb2lTbE5UUkVzaWZRLnEtVHFLbVFuUWkxYWZENml5YXZsRnhQR0NZSHJzMEFKNUhzUTcydjZMLVEifX0%3D&verbose=1&ip=1&_=1544780416197
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401; mp_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnROYW1lIjoiaWtub3dsb2d5LXdlYnNlbGVuZXNlLTEiLCJpbnB1dExhYmVsIjoiZXZlbnRzIiwiaW5wdXRUeXBlIjoiSlNTREsifQ.q-TqKmQnQi1afD6iyavlFxPGCYHrs0AJ5HsQ72v6L-Q_alooma=%7B%22distinct_id%22%3A%20%22167ac1684b5857-09713ed4ca291f-17366952-1d4c00-167ac1684b63cc%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
br
server
cloudflare
cf-ray
488fb5414884c283-FRA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html; charset=UTF-8
social-02.png
www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/social-ico/ 		574 B
663 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/social-ico/social-02.png?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
41dc5c7ee9d37347a4837539e804cb980e5a9ab2f2fb7a6c84ee41ef3ccb17d7

Request headers

:path
/wp-content/themes/vpnmentor/css/img/social-ico/social-02.png?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401; mp_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnROYW1lIjoiaWtub3dsb2d5LXdlYnNlbGVuZXNlLTEiLCJpbnB1dExhYmVsIjoiZXZlbnRzIiwiaW5wdXRUeXBlIjoiSlNTREsifQ.q-TqKmQnQi1afD6iyavlFxPGCYHrs0AJ5HsQ72v6L-Q_alooma=%7B%22distinct_id%22%3A%20%22167ac1684b5857-09713ed4ca291f-17366952-1d4c00-167ac1684b63cc%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
cf-cache-status
HIT
x-original-content-length
1230
status
200
content-length
574
server
cloudflare
etag
W/"PSA-aj-5NtZmS4lAW"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb5418935c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:16 GMT
social-04.png
www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/social-ico/ 		336 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/css/img/social-ico/social-04.png?ver=604
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d1ac79ae401c5613bfc78da7ba4ca45da09d530207cc28ef143f177b717867

Request headers

:path
/wp-content/themes/vpnmentor/css/img/social-ico/social-04.png?ver=604
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401; mp_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnROYW1lIjoiaWtub3dsb2d5LXdlYnNlbGVuZXNlLTEiLCJpbnB1dExhYmVsIjoiZXZlbnRzIiwiaW5wdXRUeXBlIjoiSlNTREsifQ.q-TqKmQnQi1afD6iyavlFxPGCYHrs0AJ5HsQ72v6L-Q_alooma=%7B%22distinct_id%22%3A%20%22167ac1684b5857-09713ed4ca291f-17366952-1d4c00-167ac1684b63cc%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
cf-cache-status
HIT
x-original-content-length
1094
status
200
content-length
336
server
cloudflare
etag
W/"PSA-aj-R8lpi4NlJQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1382400
accept-ranges
bytes
cf-ray
488fb5418937c283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sun, 30 Dec 2018 09:40:16 GMT
/
www.vpnmentor.com/track/ 		32 B
89 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.vpnmentor.com/track/?data=eyJldmVudCI6ICJwYWdldmlldyIsInByb3BlcnRpZXMiOiB7IiRvcyI6ICJNYWMgT1MgWCIsIiRicm93c2VyIjogIkNocm9tZSIsIiRjdXJyZW50X3VybCI6ICJodHRwczovL3d3dy52cG5tZW50b3IuY29tL2Jsb2cvZG9tLXhzcy1idWctYWZmZWN0aW5nLXRpbmRlci1zaG9waWZ5LXllbHAvIiwiJGJyb3dzZXJfdmVyc2lvbiI6IDY3LCIkc2NyZWVuX2hlaWdodCI6IDEyMDAsIiRzY3JlZW5fd2lkdGgiOiAxNjAwLCJtcF9saWIiOiAid2ViIiwiJGxpYl92ZXJzaW9uIjogIjEuMC4wIiwiZGlzdGluY3RfaWQiOiAiMTY3YWMxNjg0YjU4NTctMDk3MTNlZDRjYTI5MWYtMTczNjY5NTItMWQ0YzAwLTE2N2FjMTY4NGI2M2NjIiwiJGluaXRpYWxfcmVmZXJyZXIiOiAiJGRpcmVjdCIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiJGRpcmVjdCIsImlkIjogMTE2NTUxLCJ0eXBlIjogIkJsb2cgUG9zdCIsInJlZmVyZXIiOiAiIiwidGl0bGUiOiAiRE9NLVhTUyBCdWcgQWZmZWN0aW5nIFRpbmRlciwgU2hvcGlmeSwgWWVscCwgYW5kIE1vcmUiLCJsYW5nIjogImVuIiwicGFnZXZpZXdfaWQiOiAiSlBOVURIUjlEUkxNUSIsInNwbGl0Q3VycmVudFVybCI6IHsiaG9zdCI6ICJodHRwczovL3d3dy52cG5tZW50b3IuY29tL2Jsb2cvZG9tLXhzcy1idWctYWZmZWN0aW5nLXRpbmRlci1zaG9waWZ5LXllbHAvIiwicGFyYW1zIjogeyIiOiAidW5kZWZpbmVkIn19LCJ2ZXJib3NlIjogdHJ1ZSwidG9rZW4iOiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmpiR2xsYm5ST1lXMWxJam9pYVd0dWIzZHNiMmQ1TFhkbFluTmxiR1Z1WlhObExURWlMQ0pwYm5CMWRFeGhZbVZzSWpvaVpYWmxiblJ6SWl3aWFXNXdkWFJVZVhCbElqb2lTbE5UUkVzaWZRLnEtVHFLbVFuUWkxYWZENml5YXZsRnhQR0NZSHJzMEFKNUhzUTcydjZMLVEifX0%3D&verbose=1&ip=1&_=1544780416295
Requested by
Host: cdn.alooma.com
URL: https://cdn.alooma.com/libs/alooma-latest.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bad859eedfcb16c7692471154b4720205c48cee1871722386f5fea3e3291bb06

Request headers

:path
/track/?data=eyJldmVudCI6ICJwYWdldmlldyIsInByb3BlcnRpZXMiOiB7IiRvcyI6ICJNYWMgT1MgWCIsIiRicm93c2VyIjogIkNocm9tZSIsIiRjdXJyZW50X3VybCI6ICJodHRwczovL3d3dy52cG5tZW50b3IuY29tL2Jsb2cvZG9tLXhzcy1idWctYWZmZWN0aW5nLXRpbmRlci1zaG9waWZ5LXllbHAvIiwiJGJyb3dzZXJfdmVyc2lvbiI6IDY3LCIkc2NyZWVuX2hlaWdodCI6IDEyMDAsIiRzY3JlZW5fd2lkdGgiOiAxNjAwLCJtcF9saWIiOiAid2ViIiwiJGxpYl92ZXJzaW9uIjogIjEuMC4wIiwiZGlzdGluY3RfaWQiOiAiMTY3YWMxNjg0YjU4NTctMDk3MTNlZDRjYTI5MWYtMTczNjY5NTItMWQ0YzAwLTE2N2FjMTY4NGI2M2NjIiwiJGluaXRpYWxfcmVmZXJyZXIiOiAiJGRpcmVjdCIsIiRpbml0aWFsX3JlZmVycmluZ19kb21haW4iOiAiJGRpcmVjdCIsImlkIjogMTE2NTUxLCJ0eXBlIjogIkJsb2cgUG9zdCIsInJlZmVyZXIiOiAiIiwidGl0bGUiOiAiRE9NLVhTUyBCdWcgQWZmZWN0aW5nIFRpbmRlciwgU2hvcGlmeSwgWWVscCwgYW5kIE1vcmUiLCJsYW5nIjogImVuIiwicGFnZXZpZXdfaWQiOiAiSlBOVURIUjlEUkxNUSIsInNwbGl0Q3VycmVudFVybCI6IHsiaG9zdCI6ICJodHRwczovL3d3dy52cG5tZW50b3IuY29tL2Jsb2cvZG9tLXhzcy1idWctYWZmZWN0aW5nLXRpbmRlci1zaG9waWZ5LXllbHAvIiwicGFyYW1zIjogeyIiOiAidW5kZWZpbmVkIn19LCJ2ZXJib3NlIjogdHJ1ZSwidG9rZW4iOiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmpiR2xsYm5ST1lXMWxJam9pYVd0dWIzZHNiMmQ1TFhkbFluTmxiR1Z1WlhObExURWlMQ0pwYm5CMWRFeGhZbVZzSWpvaVpYWmxiblJ6SWl3aWFXNXdkWFJVZVhCbElqb2lTbE5UUkVzaWZRLnEtVHFLbVFuUWkxYWZENml5YXZsRnhQR0NZSHJzMEFKNUhzUTcydjZMLVEifX0%3D&verbose=1&ip=1&_=1544780416295
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401; mp_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnROYW1lIjoiaWtub3dsb2d5LXdlYnNlbGVuZXNlLTEiLCJpbnB1dExhYmVsIjoiZXZlbnRzIiwiaW5wdXRUeXBlIjoiSlNTREsifQ.q-TqKmQnQi1afD6iyavlFxPGCYHrs0AJ5HsQ72v6L-Q_alooma=%7B%22distinct_id%22%3A%20%22167ac1684b5857-09713ed4ca291f-17366952-1d4c00-167ac1684b63cc%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
br
server
cloudflare
cf-ray
488fb541da4bc283-FRA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/html; charset=UTF-8
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a423479ba4e4f8be1c79ddcad81fd354499bc7fc537d41edf07e6c9bc8f29f8

Request headers

Response headers

Content-Type
image/webp
truncated
/ 		486 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dac6843aca12b80af209e36cc5aa1c6f3b5a8a8830308fb364e501d062f46cdc

Request headers

Response headers

Content-Type
image/webp
truncated
/ 		768 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6b0085013629b6082bccd0971c22bb14fba19b7ee53787eab7759e201fb7142

Request headers

Response headers

Content-Type
image/webp
truncated
/ 		990 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b4c286e191b9f7586c24b9c2d6b38c4db1b92bd8afb32aea9cd329643038b0e2

Request headers

Response headers

Content-Type
image/webp
truncated
/ 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1857ba89a75ec1e15ced85e1931584a6f7df942ef847fdd5d33edec6c0836032

Request headers

Response headers

Content-Type
image/webp
truncated
/ 		640 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4864dbd0aab409111432e91714b73405a2b36e3ea51e9967deec11134e08f75f

Request headers

Response headers

Content-Type
image/webp
xcode-1024x898.png.pagespeed.ic.F1pDCFtQb_.webp
static1.vpnmentor.com/wp-content/uploads/2018/10/ 		283 KB
283 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static1.vpnmentor.com/wp-content/uploads/2018/10/xcode-1024x898.png.pagespeed.ic.F1pDCFtQb_.webp
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
005fc23152822c5e20dd226d345d03eedcb804b9d661b5c03c6e1b3b872b1fb8

Request headers

:path
/wp-content/uploads/2018/10/xcode-1024x898.png.pagespeed.ic.F1pDCFtQb_.webp
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
static1.vpnmentor.com
cookie
__cfduid=d15cb7b065ce8ab8b355c1b66fb75e61f1544780415; __cflb=248665401; mp_eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjbGllbnROYW1lIjoiaWtub3dsb2d5LXdlYnNlbGVuZXNlLTEiLCJpbnB1dExhYmVsIjoiZXZlbnRzIiwiaW5wdXRUeXBlIjoiSlNTREsifQ.q-TqKmQnQi1afD6iyavlFxPGCYHrs0AJ5HsQ72v6L-Q_alooma=%7B%22distinct_id%22%3A%20%22167ac1684b5857-09713ed4ca291f-17366952-1d4c00-167ac1684b63cc%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
cf-cache-status
MISS
x-original-content-length
446307
status
200
content-length
289478
x-page-speed
1.13.35.2-0
last-modified
Fri, 14 Dec 2018 05:58:36 GMT
server
cloudflare
etag
W/"0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31522700
accept-ranges
bytes
cf-ray
488fb541fa9bc283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 14 Dec 2019 05:58:36 GMT
ajax.php
api.hhtpp.com/ 		10 B
291 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hhtpp.com/ajax.php?appName=vpnmentor&subdomain=www.vpnmentor.com&token=2deef8184e236c8bbbe7ad721cd2b005B7BT3AeDqiSVhhAoNvocVM%2B3Cu%2Bj8cJU6wl8mu6Oqii5MHo%2BHj1p2l2b5zajGBJkjYfk%2FPRalpTBrPPfQpyHwwrX6CEiT60weG6pAv%2BWY%2Fjx7PIRwS%2Byc31VdoK6YOSsfv4WrUbl8UrhqDQ%2BVEE9aqwRdOwzzo4m%2FV046Dbj41hGDBFKfIbltA%3D%3D&domain=vpnmentor.com&vendor=-&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&referral=&page_data%5Bid%5D=116551&page_data%5Btype%5D=Blog+Post&page_data%5Breferer%5D=&page_data%5Btitle%5D=DOM-XSS+Bug+Affecting+Tinder%2C+Shopify%2C+Yelp%2C+and+More&page_data%5Blang%5D=en&params%5B%5D=undefined
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/wp-content/themes/vpnmentor/js/function.min.js?code=34
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681b:8213 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeeb19f419cea5c11c8944098a80be7cf3b69d45c18ef8214dc0460c0b82f73b

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Origin
https://www.vpnmentor.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
br
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.vpnmentor.com
access-control-max-age
86400
cache-control
no-cache, private
access-control-allow-credentials
true
x-ratelimit-limit
40
cf-ray
488fb5421e1ec2a6-FRA
x-ratelimit-remaining
39
/
graph.facebook.com/ 		591 B
532 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/&callback=jQuery22405059502395193802_1544780416280&_=1544780416281
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/wp-content/themes/vpnmentor/js/function.min.js?code=34
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
43ee53935a26b7552d5f51bc176aa4c499855e354833746c9e9510784986dc83
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Fri, 14 Dec 2018 09:40:16 GMT
x-fb-rev
4636530
content-length
343
pragma
no-cache
x-fb-debug
aWflcZIdprV+INZCS6Ut9ZdKi0/HzfXyjIZBVYSNNEy6CCVJy7AZVAg7KaViYvMAvB2mGOJAxfio5PU4zuWuTA==
x-fb-trace-id
DtIX/fccQxX
etag
"fc309026bde5cea23dd877244f39657e332cd457"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.8
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
graph.facebook.com/ 		591 B
507 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/&callback=jQuery22405059502395193802_1544780416282&_=1544780416283
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/wp-content/themes/vpnmentor/js/function.min.js?code=34
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:20e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0f2b2f0b70f180b03efa64d65dd4b95b08ef975814218fcc520b384252026950
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
date
Fri, 14 Dec 2018 09:40:16 GMT
x-fb-rev
4636530
content-length
343
pragma
no-cache
x-fb-debug
my14kc2lD265k+eJr51UtWczKMt0aEr3Ls/PZycGboh21NntJhM8Qz8Z6YvANblqzOi1kqHpN32jOzk3Z8nMww==
x-fb-trace-id
CkzzmAy7xrF
etag
"5e8a557a2f33142e3a9b7e429151ef550cef4f08"
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.8
expires
Sat, 01 Jan 2000 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74495920-1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:817::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
5813
date
Fri, 14 Dec 2018 08:03:23 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17404
expires
Fri, 14 Dec 2018 10:03:23 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74495920-1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.16.130 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
ec1d204bb143ea00f1b484abc6a35e2546018895e1866169d0bbfbf4299d59a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
8755
x-xss-protection
1; mode=block
server
cafe
etag
11007303081150696961
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 14 Dec 2018 09:40:16 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/947186489/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/947186489/?random=1544780416398&cv=9&fst=1544780416398&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2oubc0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
fdddabf7426b024c91f97116b85548854469de56a66f1edccd3a2508f2d7e831
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
1038
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j72&a=959151122&t=pageview&_s=1&dl=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&ul=en-us&de=UTF-8&dt=DOM-X...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_gid=473301467.1544780416&gjid=471981428&_v=j72&z=1779016360
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360&slf_rd=1&random=2839776422
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360&slf_rd=1&random=2839776422
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-74495920-1&cid=738913341.1544780416&jid=524609385&_v=j72&z=1779016360&slf_rd=1&random=2839776422
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/947186489/ 		42 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/947186489/?random=1544780416398&cv=9&fst=1544778000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2oubc0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2662521134&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/947186489/ 		42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/947186489/?random=1544780416398&cv=9&fst=1544778000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2oubc0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2662521134&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
bat.js
bat.bing.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:16 GMT
content-encoding
gzip
last-modified
Tue, 16 Oct 2018 07:55:46 GMT
x-msedge-ref
Ref A: 207F9C4D451A4F06B02880B2F2E40571 Ref B: FRAEDGE0217 Ref C: 2018-12-14T09:40:17Z
access-control-allow-origin
*
etag
"06d2da52565d41:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7033
watch.js
mc.yandex.ru/metrika/ 		129 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/watch.js
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
5e05710be111198575acf3cade9d480673a693fe05cd76067cb186d7614907a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 14 Dec 2018 09:40:17 GMT
Content-Encoding
gzip
Last-Modified
Thu, 13 Dec 2018 15:38:18 GMT
Server
nginx/1.12.2
ETag
"5c127cea-ade1"
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
44513
Expires
Fri, 14 Dec 2018 10:40:17 GMT
qevents.js
a.quora.com/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.quora.com/qevents.js
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.2 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3f37d74095d27ff0f96a5db6eb5136c477109a18e09d9dc6b94bd9cb5f45fba2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
YCV7VuLi1FWNdCoW3lEJrFWrz1GWe8vX
content-encoding
gzip
age
1712
x-cache
HIT
status
200
date
Fri, 14 Dec 2018 09:40:17 GMT
content-length
5544
x-amz-id-2
tKBXvR9LifgsCH/3JG3WNwDvSxvlgDWtbGdRIdpE8rKNbh8ATJukpgUo7oI0mSWlDQsAJsJefuI=
x-served-by
cache-fra19138-FRA
last-modified
Thu, 17 May 2018 01:54:45 GMT
server
AmazonS3
x-timer
S1544780417.057309,VS0,VE0
etag
"ff1694b5052cad982a64fab43387cf6d"
vary
Accept-Encoding
x-amz-request-id
C142A22B058D89E8
via
1.1 varnish
cache-control
max-age=7200
accept-ranges
bytes
content-type
text/plain; charset=us-ascii
x-cache-hits
1454
conversion.js
www.googleadservices.com/pagead/ 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js?_=1544780416284
Requested by
Host: www.vpnmentor.com
URL: https://www.vpnmentor.com/wp-content/themes/vpnmentor/js/function.min.js?code=34
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.16.130 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
b16d641cf8d360ba9259774a45d8354bb6548bbede4c1a28f4638eb785bc16de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
9196
x-xss-protection
1; mode=block
server
cafe
etag
9684077855623877457
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 14 Dec 2018 09:40:17 GMT
0
bat.bing.com/action/ 		0
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5667861&Ver=2&mid=c8973355-0609-d0e6-5986-e27dee66684d&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=DOM-XSS%20Bug%20Affecting%20Tinder,%20Shopify,%20Yelp,%20and%20More&p=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&r=&lt=1444&evt=pageLoad&msclkid=N&rn=909247
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.79.197.200 Redmond, United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
a-0001.a-msedge.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 14 Dec 2018 09:40:16 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: F98F008FF99945B3BE7F6C1CA3C2E87E Ref B: FRAEDGE0217 Ref C: 2018-12-14T09:40:17Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
1
mc.yandex.ru/watch/44623393/
Redirect Chain
  • https://mc.yandex.ru/watch/44623393?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3A...
  • https://mc.yandex.ru/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%...
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 14 Dec 2018 09:40:17 GMT
Last-Modified
Fri, 14-Dec-2018 09:40:17 GMT
Server
nginx/1.12.2
Location
/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Origin
https://www.vpnmentor.com
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Fri, 14-Dec-2018 09:40:17 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 14 Dec 2018 09:40:17 GMT
Last-Modified
Fri, 14-Dec-2018 09:40:17 GMT
Server
nginx/1.12.2
Access-Control-Allow-Origin
https://www.vpnmentor.com
Strict-Transport-Security
max-age=31536000
Location
/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Expires
Fri, 14-Dec-2018 09:40:17 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/947186489/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/947186489/?random=1544780417140&cv=9&fst=1544780417140&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635470%2C659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js?_=1544780416284
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
2316e86c54539bd1e202cd02196622b7fb768da133a69ee24aafb396e401e9a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length
1005
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
q.quora.com/_/ad/728aac1f607a43afb9f7989c85d59f9b/ 		43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://q.quora.com/_/ad/728aac1f607a43afb9f7989c85d59f9b/pixel?j=1&u=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tag=ViewContent&ts=1544780417187
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.5.245.95 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-5-245-95.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 14 Dec 2018 09:40:17 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
advert.gif
mc.yandex.ru/metrika/ 		43 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 14 Dec 2018 09:40:17 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Oct 2015 13:09:09 GMT
Server
nginx/1.12.2
ETag
"561bb0f5-3d"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Connection
keep-alive
Content-Length
61
Expires
Fri, 14 Dec 2018 10:40:17 GMT
1
mc.yandex.ru/watch/44623393/ 		152 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/44623393/1?wmode=7&page-url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&charset=utf-8&browser-info=ti%3A10%3Ans%3A1544780415563%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1585x1200%3Ai%3A20181214094017%3Aet%3A1544780417%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A640909623%3Ahid%3A83330232%3Ads%3A9%2C48%2C162%2C81%2C2%2C0%2C0%2C478%2C12%2C1399%2C1399%2C45%2C736%3Afp%3A757%3Awn%3A35432%3Ahl%3A2%3Agdpr%3A14%3Av%3A1367%3Ast%3A1544780417%3Au%3A1544780417883483471%3At%3ADOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
a34cdfbf96d925ef0c1e1d9f2d0879e13a4c22ac4b86538bb74027aba0e0300b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Origin
https://www.vpnmentor.com
Content-Type
application/x-www-form-urlencoded

Response headers

Pragma
no-cache
Date
Fri, 14 Dec 2018 09:40:17 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 14-Dec-2018 09:40:17 GMT
Server
nginx/1.12.2
Strict-Transport-Security
max-age=31536000
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.vpnmentor.com
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
152
X-XSS-Protection
1; mode=block
Expires
Fri, 14-Dec-2018 09:40:17 GMT
/
www.google.com/pagead/1p-user-list/947186489/ 		42 B
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/947186489/?random=1544780417140&cv=9&fst=1544778000000&num=1&guid=ON&eid=376635470%2C659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3702870499&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:824::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:17 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/947186489/ 		42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/947186489/?random=1544780417140&cv=9&fst=1544778000000&num=1&guid=ON&eid=376635470%2C659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.vpnmentor.com%2Fblog%2Fdom-xss-bug-affecting-tinder-shopify-yelp%2F&tiba=DOM-XSS%20Bug%20Affecting%20Tinder%2C%20Shopify%2C%20Yelp%2C%20and%20More&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=3702870499&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 14 Dec 2018 09:40:17 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
process.gif.pagespeed.ce.82jfvWDcdR.gif
www.vpnmentor.com/wp-content/themes/vpnmentor/images/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.vpnmentor.com/wp-content/themes/vpnmentor/images/process.gif.pagespeed.ce.82jfvWDcdR.gif
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
691fbd722132049b54f2a1cf720be03092b57b8b4a606e4f5890f3ddb52e9279

Request headers

:path
/wp-content/themes/vpnmentor/images/process.gif.pagespeed.ce.82jfvWDcdR.gif
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.vpnmentor.com
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:21 GMT
cf-cache-status
HIT
x-original-content-length
14435
status
200
content-length
14435
x-page-speed
1.13.35.2-0
last-modified
Thu, 10 May 2018 19:48:54 GMT
server
cloudflare
etag
W/"0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=25930854
set-cookie
__cfduid=d392c4feafdfbcf739c353deb723566be1544780421; expires=Sat, 14-Dec-19 09:40:21 GMT; path=/; domain=.vpnmentor.com; HttpOnly __cflb=248665401; path=/; expires=Sat, 15-Dec-18 08:40:21 GMT; HttpOnly
accept-ranges
bytes
cf-ray
488fb5613ceac283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Thu, 10 Oct 2019 12:41:15 GMT
xwarning.png.pagespeed.ic.ArqC2eBsKi.webp
static2.vpnmentor.com/wp-content/themes/vpnmentor/images/ 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static2.vpnmentor.com/wp-content/themes/vpnmentor/images/xwarning.png.pagespeed.ic.ArqC2eBsKi.webp
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:20::6819:76d , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3317fcb34c7468408e2b418fef88fd3764d99b785546cc11f225eba0f43a6c29

Request headers

:path
/wp-content/themes/vpnmentor/images/xwarning.png.pagespeed.ic.ArqC2eBsKi.webp
pragma
no-cache
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
static2.vpnmentor.com
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 14 Dec 2018 09:40:21 GMT
cf-cache-status
HIT
x-original-content-length
634975
status
200
content-length
81176
x-page-speed
1.13.35.2-0
last-modified
Fri, 28 Sep 2018 09:27:14 GMT
server
cloudflare
etag
W/"0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=24882413
set-cookie
__cfduid=d392c4feafdfbcf739c353deb723566be1544780421; expires=Sat, 14-Dec-19 09:40:21 GMT; path=/; domain=.vpnmentor.com; HttpOnly __cflb=248665401; path=/; expires=Sat, 15-Dec-18 08:40:21 GMT; HttpOnly
accept-ranges
bytes
cf-ray
488fb5613cecc283-FRA
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires
Sat, 28 Sep 2019 09:27:14 GMT

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| alooma object| pagespeed function| sl_share_fb_5c12f9583ef2d function| sl_share_fb_5c12f959ae689 boolean| open_modalbg object| commentFormId object| xhr function| validatorStringWordCount function| validatorStringLength boolean| recaptcahFlag function| callRecaptcha function| findAncestor function| clickedLinkExternal function| sendYandexGoal function| fillLinks function| clickedLinkInternal function| clickedLinkProxy function| clickedLinkChina function| clickedComment function| lazy_load_image_div_background function| addParamsToExternalLink function| couponCounter function| lazy_load_image_custom object| _self object| Prism function| $ function| get_count function| sl_share_fb function| sl_share_gp function| sl_share_rd function| sl_share_li function| sl_share_vk function| get_total function| jQuery object| bioEp object| ShareTLDR object| respond object| Share function| gtag object| dataLayer function| closeAllModal object| comment string| url string| testString function| runExitIntent boolean| isNotOnBlogPage boolean| isNotOnCouponsPage undefined| hash_url string| page string| getLangCode number| saveUtmx function| runAds object| advData function| QueryStringParse function| aloomaTrackPageview function| aloomaCallbackError object| TrackingQueryString object| aloomaPageData string| rndPage object| google_conversion_id object| google_custom_params object| google_remarketing_only string| search_params string| customer_id object| trigger object| dTrigger object| xhrs boolean| exitIntentFired function| selectvendor function| mobileselectvendor function| keyupdown function| mobilekeyupdown function| mobileSearchclick function| searchclick function| searchvendro function| mobilesearchvendro object| QueryString function| setCookie function| getCookie function| addAdwords function| addYandex function| addAddParams undefined| campaign undefined| adgroup undefined| keyword undefined| query function| loadJSExternals object| voteXHR number| post_id boolean| voted undefined| cookie boolean| onGoing function| voteClickHandler function| textareaChangeHandler function| undoClickHandler function| submitFeedbackClickHandler function| upVote function| downVote function| updateDisplay function| clearForm function| updateVote function| validateEmail function| validateMessage object| footer object| google_tag_manager function| sendClickOut function| getUtmx string| GoogleAnalyticsObject function| ga function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| ajaxInProgress object| uetq function| qp function| UET object| Ya object| yaCounter44623393 object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_remarketing_for_search object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_evaluemrc object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_disable_merchant_reported_conversions

2 Cookies

Domain/Path Name / Value
.vpnmentor.com/ Name: _ym_d
Value: 1544780417
.vpnmentor.com/ Name: _ym_uid
Value: 1544780417883483471

2 Console Messages

Source Level URL
Text
console-api log URL: https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/(Line 914)
Message:
[object Object]
console-api log URL: https://api.hhtpp.com/helper.js(Line 2)
Message:
getUtmx ....

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.quora.com
api.hhtpp.com
bat.bing.com
cdn.alooma.com
fonts.googleapis.com
googleads.g.doubleclick.net
graph.facebook.com
mc.yandex.ru
q.quora.com
static1.vpnmentor.com
static2.vpnmentor.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.vpnmentor.com
143.204.101.50
151.101.1.2
172.217.16.130
204.79.197.200
2606:4700:20::6819:76d
2606:4700:30::681b:8213
2a00:1450:4001:817::200e
2a00:1450:4001:81b::2008
2a00:1450:4001:820::2003
2a00:1450:4001:820::200a
2a00:1450:4001:824::2004
2a00:1450:4001:825::2002
2a00:1450:400c:c08::9b
2a02:6b8::1:119
2a03:2880:f01c:20e:face:b00c:0:2
52.5.245.95
005fc23152822c5e20dd226d345d03eedcb804b9d661b5c03c6e1b3b872b1fb8
0f2b2f0b70f180b03efa64d65dd4b95b08ef975814218fcc520b384252026950
111d57bd5c836e78badcbd782d2c284701cbc21f302e223fd0c7001bd94c2f08
1857ba89a75ec1e15ced85e1931584a6f7df942ef847fdd5d33edec6c0836032
2316e86c54539bd1e202cd02196622b7fb768da133a69ee24aafb396e401e9a1
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3317fcb34c7468408e2b418fef88fd3764d99b785546cc11f225eba0f43a6c29
35b12e21853fe31ed89d1e6ba519308cdb9c33157e8123be6d3f3059354453c7
3f37d74095d27ff0f96a5db6eb5136c477109a18e09d9dc6b94bd9cb5f45fba2
41dc5c7ee9d37347a4837539e804cb980e5a9ab2f2fb7a6c84ee41ef3ccb17d7
43ee53935a26b7552d5f51bc176aa4c499855e354833746c9e9510784986dc83
4864dbd0aab409111432e91714b73405a2b36e3ea51e9967deec11134e08f75f
4dd6027b95f73338b92ece0f268c6d95bbc7c51d89b98d48128a3e83a8561a0b
504730eb5d1ba357858a703f2d8bc5b2df7691cacd44ae49d529b1e41d270b3c
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
563ba4a35cbc7bc2d9e7cd24b77cf871b6461c9d80dc53749ed0ead5619fba96
5e05710be111198575acf3cade9d480673a693fe05cd76067cb186d7614907a0
6226202c1ea75ec89c213d14f9d1b6944e6ba6beec3eac721232a8e66e6d3a95
691fbd722132049b54f2a1cf720be03092b57b8b4a606e4f5890f3ddb52e9279
6ebdbdf01e78babe586c8cc981e09e38b3c080a54a8fdc16d5e4d757a866307b
74aef74089a2e3fe0b33717abf5aaf7b103643406721eb6e9449410fcb6a6cb9
76d1ac79ae401c5613bfc78da7ba4ca45da09d530207cc28ef143f177b717867
828269337de89b32af85941de5af40e25f2f27bf467c7aab811c00eac98b4cbf
9a423479ba4e4f8be1c79ddcad81fd354499bc7fc537d41edf07e6c9bc8f29f8
a34cdfbf96d925ef0c1e1d9f2d0879e13a4c22ac4b86538bb74027aba0e0300b
b16d641cf8d360ba9259774a45d8354bb6548bbede4c1a28f4638eb785bc16de
b4c286e191b9f7586c24b9c2d6b38c4db1b92bd8afb32aea9cd329643038b0e2
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
b892483e78e4666726b97e4aa91d9e7b72f436e9f3b88e501658c395652d1012
bad859eedfcb16c7692471154b4720205c48cee1871722386f5fea3e3291bb06
bb04bff679e54712e6a2c2879df3b0f69d6553c9cd458b04cd9272ef00b3e989
bd00b362ac43a0c588ae4a570fcddc75d3040c817a28ccb38c744c0bfc7ab974
be1c2c3bca1dfadafba3c41baeb7683da839e20b5418f37b33bd1c209b9822e5
d6b0085013629b6082bccd0971c22bb14fba19b7ee53787eab7759e201fb7142
dac6843aca12b80af209e36cc5aa1c6f3b5a8a8830308fb364e501d062f46cdc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec1d204bb143ea00f1b484abc6a35e2546018895e1866169d0bbfbf4299d59a7
eeeb19f419cea5c11c8944098a80be7cf3b69d45c18ef8214dc0460c0b82f73b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fdddabf7426b024c91f97116b85548854469de56a66f1edccd3a2508f2d7e831
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c