www.intruder.io Open in urlscan Pro
34.249.200.254 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Submission: On December 08 via api (December 8th 2023, 2:10:10 am UTC) from TR — Scanned from DE

Summary HTTP 73 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 42 IPs in 4 countries across 31 domains to perform 73 HTTP transactions. The main IP is 34.249.200.254, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.intruder.io.
TLS certificate: Issued by R3 on October 29th 2023. Valid for: 3 months.

This is the only time www.intruder.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	34.249.200.254 34.249.200.254	16509 (AMAZON-02) (AMAZON-02)
9	2600:9000:243... 2600:9000:243d:f400:12:9e5f:cac0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
6	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::201b	15169 (GOOGLE) (GOOGLE)
1	52.222.232.99 52.222.232.99	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:46e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:be59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	18.66.248.94 18.66.248.94	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:243... 2600:9000:243d:ba00:11:3b84:d200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:aa00:f:fd8f:b000:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:780... 2a02:26f0:780::210:a40a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:440... 2606:4700:4400::ac40:90e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:206... 2600:9000:206f:4200:15:a0d3:77c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700:10:... 2606:4700:10::6816:2c6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.32.27.19 13.32.27.19	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a02:26f0:780... 2a02:26f0:780::210:a469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.171.200.195 35.171.200.195	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700::68... 2606:4700::6811:579a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4dba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.157.4.103 108.157.4.103	16509 (AMAZON-02) (AMAZON-02)
2	18.66.147.43 18.66.147.43	16509 (AMAZON-02) (AMAZON-02)
2	18.210.132.136 18.210.132.136	14618 (AMAZON-AES) (AMAZON-AES)
1	3.33.152.127 3.33.152.127	16509 (AMAZON-02) (AMAZON-02)
73	42

1 34.249.200.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-200-254.eu-west-1.compute.amazonaws.com

www.intruder.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:243d:f400:12:9e5f:cac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets-global.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::201b (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.232.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-232-99.fra56.r.cloudfront.net

d3e54v103j8qbb.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:46e9 (United States)

ASN13335 (CLOUDFLARENET, US)

get.geojs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:7daf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:be59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-94.dus51.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:243d:ba00:11:3b84:d200:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.website-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:aa00:f:fd8f:b000:93a1 (United States)

ASN16509 (AMAZON-02, US)

d1l6p2sc9645hc.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:780::210:a40a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:4200:15:a0d3:77c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::6816:2c6e (United States)

ASN13335 (CLOUDFLARENET, US)

api-internal.intruder.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:780::210:a469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.171.200.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-200-195.compute-1.amazonaws.com

data.gosquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:579a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4dba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-103.dus51.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.210.132.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-132-136.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.152.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: a69d63ecdf0f33068.awsglobalaccelerator.com

downloads.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	website-files.com assets-global.website-files.com — Cisco Umbrella Rank: 6575 assets.website-files.com — Cisco Umbrella Rank: 12427	525 KB
7	typekit.net use.typekit.net — Cisco Umbrella Rank: 446 p.typekit.net — Cisco Umbrella Rank: 559	238 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 327 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	5 KB
4	intruder.io www.intruder.io api-internal.intruder.io	19 KB
3	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 2136 downloads.intercomcdn.com — Cisco Umbrella Rank: 12111	279 KB
3	intercom.io widget.intercom.io — Cisco Umbrella Rank: 1721 api-iam.intercom.io — Cisco Umbrella Rank: 2121	9 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 329	14 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	8 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	254 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 340 storage.googleapis.com — Cisco Umbrella Rank: 287 fonts.googleapis.com — Cisco Umbrella Rank: 29	26 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4726 forms.hscollectedforms.net — Cisco Umbrella Rank: 4810	26 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6765	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 75	405 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2693 www.google.com — Cisco Umbrella Rank: 2	662 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	gstatic.com fonts.gstatic.com	66 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	16 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 700 script.hotjar.com — Cisco Umbrella Rank: 933	59 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	90 KB
2	cloudfront.net d3e54v103j8qbb.cloudfront.net d1l6p2sc9645hc.cloudfront.net	36 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	9 KB
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2246	1 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2129	20 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2128	21 KB
1	gosquared.com data.gosquared.com — Cisco Umbrella Rank: 44357	75 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 11076	43 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8744	1 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2326	1 KB
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 857	5 KB
1	geojs.io get.geojs.io — Cisco Umbrella Rank: 15380	909 B
73	31

	Domain	Requested by
9	assets-global.website-files.com	www.intruder.io assets-global.website-files.com
6	use.typekit.net	www.intruder.io
4	px.ads.linkedin.com	3 redirects snap.licdn.com
3	api-internal.intruder.io	d3e54v103j8qbb.cloudfront.net unpkg.com
3	bat.bing.com	www.intruder.io bat.bing.com
3	cdnjs.cloudflare.com	www.intruder.io
3	www.googletagmanager.com	www.intruder.io www.googletagmanager.com
2	api-iam.intercom.io	js.intercomcdn.com
2	js.intercomcdn.com	widget.intercom.io
2	www.google.de	www.intruder.io
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	fonts.gstatic.com	fonts.googleapis.com
2	snap.licdn.com	www.intruder.io snap.licdn.com
2	connect.facebook.net	www.intruder.io connect.facebook.net
2	cdn.jsdelivr.net	www.intruder.io
1	downloads.intercomcdn.com
1	widget.intercom.io	www.intruder.io
1	track.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	www.google.com	www.intruder.io
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	data.gosquared.com	d1l6p2sc9645hc.cloudfront.net
1	p.typekit.net	www.intruder.io
1	www.facebook.com	www.intruder.io
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.intruder.io
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	www.clickcease.com	www.intruder.io
1	tracking.g2crowd.com	www.intruder.io
1	d1l6p2sc9645hc.cloudfront.net	www.intruder.io
1	assets.website-files.com	assets-global.website-files.com
1	static.hotjar.com	www.intruder.io
1	fonts.googleapis.com	ajax.googleapis.com
1	js.hs-scripts.com	www.intruder.io
1	unpkg.com	www.intruder.io
1	get.geojs.io	www.intruder.io
1	d3e54v103j8qbb.cloudfront.net	www.intruder.io
1	storage.googleapis.com	www.intruder.io
1	ajax.googleapis.com	www.intruder.io
1	www.intruder.io
73	44

This site contains links to these domains. Also see Links.

Domain
www.cookiesandyou.com
developers.intruder.io
help.intruder.io
careers.intruder.io
accounts.intruder.io
portal.intruder.io
docs.aws.amazon.com
github.com
developer.mozilla.org
www.zaproxy.org
twitter.com
lock.cmpxchg8b.com
www.facebook.com
www.linkedin.com
status.intruder.io

Subject Issuer	Validity	Valid
www.intruder.io R3	`2023-10-29` - `2024-01-27`	3 months	crt.sh
*.website-files.com Amazon RSA 2048 M03	`2023-09-11` - `2024-10-08`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
storage.googleapis.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-16` - `2023-12-15`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
clickcease.com Amazon RSA 2048 M02	`2023-11-26` - `2024-12-24`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
intruder.io Cloudflare Inc ECC CA-3	`2023-10-29` - `2024-10-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
gosquared.com Amazon RSA 2048 M03	`2023-09-25` - `2024-10-23`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.intercom.com Amazon RSA 2048 M02	`2023-02-14` - `2024-03-14`	a year	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2023-12-01` - `2024-12-29`	a year	crt.sh
intercom-attachments-10.com Amazon RSA 2048 M01	`2023-07-09` - `2024-08-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Frame ID: 4CAC8E95D6287E8CDD6F0DD6624D8A49
Requests: 68 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.a7acf1a8.js
Frame ID: 797B5EED83AEF6505E0873F30771F97F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

We Hacked Ourselves With DNS Rebinding

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Ahoy (Analytics) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

73
Requests

99 %
HTTPS

76 %
IPv6

31
Domains

44
Subdomains

42
IPs

4
Countries

1788 kB
Transfer

4585 kB
Size

35
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiesandyou.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://developers.intruder.io/docs?_gl=1*9iuogt*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NjU0NDQ1MS4xOS4wLjE2ODY1NDQ0NTEuNjAuMC4w
Title: DEVELOPER HUB

Search URL Search Domain Scan URL

URL: https://help.intruder.io/en/?_gl=1*9iuogt*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NjU0NDQ1MS4xOS4wLjE2ODY1NDQ0NTEuNjAuMC4w
Title: HELP CENTRE

Search URL Search Domain Scan URL

URL: https://careers.intruder.io/?_gl=1*1nmt3bk*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NzI0OTQ3NS4yOC4xLjE2ODcyNDk0NzYuNTkuMC4w
Title: CAREERS

Search URL Search Domain Scan URL

URL: https://accounts.intruder.io/login
Title: Login

Search URL Search Domain Scan URL

URL: https://portal.intruder.io/free_trial
Title: Try for free

Search URL Search Domain Scan URL

URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
Title: IMDSv2

Search URL Search Domain Scan URL

URL: https://github.com/nccgroup/singularity
Title: presented by Gérald Doussot & Roger Meyer

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Glossary/Origin
Title: origin

Search URL Search Domain Scan URL

URL: https://www.zaproxy.org/docs/desktop/addons/ajax-spider/
Title: ZAP's AJAX spider

Search URL Search Domain Scan URL

URL: https://twitter.com/taviso
Title: Tavis Ormandy

Search URL Search Domain Scan URL

URL: https://lock.cmpxchg8b.com/rebinder.html
Title: rbdnr service

Search URL Search Domain Scan URL

URL: https://developers.intruder.io/docs?_gl=1*45xq2q*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NTg5MzY1Mi4xMS4xLjE2ODU4OTQyNTAuNTUuMC4w
Title: Developer Hub

Search URL Search Domain Scan URL

URL: https://help.intruder.io/en/?_gl=1*45xq2q*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NTg5MzY1Mi4xMS4xLjE2ODU4OTQyNTAuNTUuMC4w
Title: Help Centre

Search URL Search Domain Scan URL

URL: https://careers.intruder.io/?_gl=1*v6z0gl*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NTg5MzY1Mi4xMS4xLjE2ODU4OTQyNTAuNTUuMC4w
Title: Careers (We're hiring!)

Search URL Search Domain Scan URL

URL: https://help.intruder.io/en/articles/4086526-intruder-badges

Search URL Search Domain Scan URL

URL: https://twitter.com/intruder_io

Search URL Search Domain Scan URL

URL: https://www.facebook.com/intruder.io/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/intruder/

Search URL Search Domain Scan URL

URL: https://status.intruder.io/?_gl=1*v6z0gl*_ga*MTQwOTAxMDU5NC4xNjgyNTk3MDI0*_ga_ME4CJVYS32*MTY4NTg5MzY1Mi4xMS4xLjE2ODU4OTQyNTAuNTUuMC4w
Title: Status

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D365706%26time%3D1702001404989%26url%3Dhttps%253A%252F%252Fwww.intruder.io%252Fresearch%252Fwe-hacked-ourselves-with-dns-rebinding%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true&e_ipv6=AQKY9JW3_vBOmwAAAYxHMG3SJlZ6pa7YQIBKLNUu5Ik6_yy532GBoWpjbzpBGruVkU8ACq9ERn8o

73 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request we-hacked-ourselves-with-dns-rebinding Show response
www.intruder.io/research/ 55 KB
19 KB 2680ms
69ms Document
text/html 34.249.200.254
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.249.200.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-249-200-254.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d23fb46cde3d24a7f2c5ef5b750b118eed476a8c4fdc5c07b3927fd819accc83

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 58187
content-encoding: gzip
content-length: 18797
content-type: text/html
date: Fri, 08 Dec 2023 02:10:04 GMT
vary: Accept-Encoding,x-wf-forwarded-proto
x-cache: HIT, HIT
x-cache-hits: 15, 4
x-cluster-name: eu-west-1-prod-hosting-red
x-lambda-id: f875528d-7af2-40cc-b457-1abd7cc8d1ba
x-served-by: cache-iad-kjyo7100039-IAD, cache-dub4339-DUB
x-timer: S1702001405.651736,VS0,VE0

GET
H2 200 intruder-io.124cab8de.min.css
assets-global.website-files.com/61dd9339d05701b1440b323d/css/ 309 KB
54 KB 74ms
15ms Stylesheet
text/css 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/css/intruder-io.124cab8de.min.css
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0a9cf0033c7a056a1fc7c1bf678fee69bc5b99a88c20212dd00ed16a70b2f98f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: JimZutbjZi5veBhXBoKHsWgfWpUBr3Ln
content-encoding: gzip
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
date: Thu, 07 Dec 2023 09:22:31 GMT
age: 60454
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 54570
last-modified: Tue, 05 Dec 2023 10:19:18 GMT
server: AmazonS3
etag: "bb232f423166262ee4af5dfdb89b0d77"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: B3xF6Trj-cGj1E9KD512f97uzaxis1u1hbfA8j0ocDbrRnaKc1lLfA==

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 13 KB
6 KB 93ms
30ms Script
text/javascript 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:07:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 19:07:20 GMT

GET
H2 200 avo3fha.js Show response
use.typekit.net/ 18 KB
7 KB 60ms
14ms Script
text/javascript 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/avo3fha.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

41aee88d28d01eaf74f59c6f61511707c49d1f9e72a45a4b8ef1c962d3fdfcdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 6771

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 187 KB
68 KB 90ms
48ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-92208104-1

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

361f81a908802deaecefb24d8b3b0cefd527976f3258f9acb8f6ce3a9a22e6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69009
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Dec 2023 02:10:04 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 291 KB
93 KB 136ms
94ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ME4CJVYS32

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76c97ea57258e394f1dab0a6886ac17a8be277b485253469eaa2b5f0af42df80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94939
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 02:10:04 GMT

GET
H2 200 cookieconsent.min.css
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 5 KB
2 KB 57ms
18ms Stylesheet
text/css 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 41752
x-jsd-version: 3.1.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230028-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=apMIKd%2BSGLmc6KfTRAFsRMLXxYZyoAo5K2Crrn2lqn6d0SixJva4XihB42xDmJmaPBnsVpjvC4%2FPQu%2BhKMj983OqcNcf8tuO%2FQ67F6RVvdsJC2JTingObthrVxsOGy1ATUQp188yCDX7gMIEO1s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8321784baee63a52-FRA

GET
H2 200 prism-tomorrow.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/themes/ 1 KB
1 KB 56ms
17ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/themes/prism-tomorrow.min.css

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3280508
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 472
last-modified: Thu, 16 Sep 2021 16:38:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6143730b-1d8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aj5TGdJ9mA56MaMivRvTxybFjCQKJcJBrJ2WXQZFgZ9D9n0wmFRyxjw%2BwJ4NRAGtaUmM8VAQdKxezmNfhlpR90fYV6lazxtbqJEtv7w%2BmMUFhI4poC1v84E%2BHGlAv0vOAkgT%2FE9hWbbAW0VhtChzcScg"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8321784baeaa9136-FRA
expires: Wed, 27 Nov 2024 02:10:04 GMT

GET
H2 200 61dd9339d057019e130b32f5_Arrow%20Left%20Outline.svg
assets-global.website-files.com/61dd9339d05701b1440b323d/ 2 KB
1 KB 86ms
28ms Image
image/svg+xml 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/61dd9339d057019e130b32f5_Arrow%20Left%20Outline.svg
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cd9b5f36c64db80af8025f635d95105f07fc83edc2ba61e1500b406a7fa2be05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 09:49:49 GMT
x-amz-version-id: nK6DVapOT65mI21keVz1bQUeXxz4Sysk
content-encoding: br
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 9735616
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 11 Jan 2022 14:24:59 GMT
server: AmazonS3
etag: W/"c4e2b054b79bc40ca8963dccf761e17e"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: 8M1RDElL5qiLAvQGMC0ja_ty1P1zAi742JbX8fX-jct4jlYXvFdqhw==

GET
H2 200 64abcb4ce853dab985a75024_XOsgWN54lC0esSvNmutQr1g_g56n6G-n9NrVf55QqeJFuTMmYUrFJeSvqruImuHWVCSw90BhOErI0oHxXBDKHGLWr9v8JYvd9u6QlXa2Uwj7UPnpTsmuC1fFFlf1gdmr15VOHOJI1gGZyiGlc1G1f88.png
assets-global.website-files.com/61dd9339d05701829d0b3241/ 26 KB
27 KB 88ms
29ms Image
image/png 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701829d0b3241/64abcb4ce853dab985a75024_XOsgWN54lC0esSvNmutQr1g_g56n6G-n9NrVf55QqeJFuTMmYUrFJeSvqruImuHWVCSw90BhOErI0oHxXBDKHGLWr9v8JYvd9u6QlXa2Uwj7UPnpTsmuC1fFFlf1gdmr15VOHOJI1gGZyiGlc1G1f88.png
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: be222a2f26519a90d2451ef326e2f1df7552aa5c86230d1d04d5f861d97c8267

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: KyOH.opQIdbUWZdDr6RyRYhJSw4Cyreg
date: Thu, 07 Dec 2023 08:52:45 GMT
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 62240
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 26638
last-modified: Mon, 10 Jul 2023 09:13:04 GMT
server: AmazonS3
etag: "7f09050ae7818976142f94b90a97b5a5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: 1BiFD0DSUQsBzjiYmvzB9nF53ToVdd9MXLVaPebcI1ZWJNQPg8l0OA==

GET
H2 200 65674f8a6919b47d5e300eff_a0D_1HliLzfz-992LEZOM2t35-j_btMl9hHkkOfoy_MBKrl6YlSaF_bhIsi2ZrOWOscLrG8cwaxxS1yofx7E-ivs08rwTS0IetrmkogIlBo7FiipbrexrLYVoZ_Sq6BdHHzCfBGSMVrU9d4uvNo44As.png
assets-global.website-files.com/61dd9339d05701829d0b3241/ 142 KB
143 KB 21ms
21ms Image
image/png 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701829d0b3241/65674f8a6919b47d5e300eff_a0D_1HliLzfz-992LEZOM2t35-j_btMl9hHkkOfoy_MBKrl6YlSaF_bhIsi2ZrOWOscLrG8cwaxxS1yofx7E-ivs08rwTS0IetrmkogIlBo7FiipbrexrLYVoZ_Sq6BdHHzCfBGSMVrU9d4uvNo44As.png
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9568f121a5388589a304e2553cb0fd327ea643270634bbbe7dfa97b05d4c27da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: StFGLkgaKUZpib8bQBar.K46YfsdyVKm
date: Thu, 07 Dec 2023 08:52:45 GMT
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 62240
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 145699
last-modified: Wed, 29 Nov 2023 14:49:47 GMT
server: AmazonS3
etag: "f2dd64eac1f71d2271d8677f647db624"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: -GysJuyg7dPDFZu2odRYevoOyvB8R3EIHWO-HVDX97oXBMbFU0HPlA==

GET
H2 200 intruder-badge.svg
storage.googleapis.com/intruder-assets/20230609/ 19 KB
19 KB 77ms
15ms Image
image/svg+xml 2a00:1450:4001:802::201b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/intruder-assets/20230609/intruder-badge.svg
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::201b Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 77b716612c82a972a2619f66c6c0b6270ac4e20ef4afed45e4c114413f9c5c50

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 01:50:23 GMT
age: 1181
x-guploader-uploadid: ABPtcPpCSCvMVx4baLOQsG5taY1CAZbt4_cAsrf2AFqxBNi8wT3UA32GJ2OexdJWQzxXsW9YC4I
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19025
last-modified: Fri, 09 Jun 2023 12:22:38 GMT
server: UploadServer
etag: "e37342fe448eadf08781611fb0814b48"
x-goog-generation: 1686313358803576
x-goog-hash: crc32c=3ShVRA==, md5=43NC/kSOrfCHgWEfsIFLSA==
content-type: image/svg+xml
cache-control: public, max-age=3600
x-goog-stored-content-length: 19025
accept-ranges: bytes
expires: Fri, 08 Dec 2023 02:50:23 GMT

GET
H2 200 jquery-3.5.1.min.dc5e7f18c8.js Show response
d3e54v103j8qbb.cloudfront.net/js/ 87 KB
31 KB 62ms
19ms Script
application/javascript 52.222.232.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=61dd9339d05701b1440b323d
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.232.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-232-99.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 06:27:24 GMT
content-encoding: gzip
via: 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront)
age: 70961
x-amz-cf-pop: FRA56-P4
x-cache: Hit from cloudfront
last-modified: Mon, 20 Jul 2020 17:53:02 GMT
server: AmazonS3
etag: W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: WtJq1cSEn2Kw7C3wMpMgFon6qWMGjjOOTrs774S4tJ1auiarquLF-A==

GET
H2 200 intruder-io.38ee9f0d9.js Show response
assets-global.website-files.com/61dd9339d05701b1440b323d/js/ 476 KB
90 KB 21ms
19ms Script
text/javascript 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/js/intruder-io.38ee9f0d9.js
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e43bf523b4b03cf656074fee4e78f659036f45e8e343b01ef9b260339758ace

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: 0WhpuSPfyTJoTkgkO7xBGf88COJPAYcN
content-encoding: gzip
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
date: Thu, 07 Dec 2023 06:12:09 GMT
age: 71876
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 91200
last-modified: Mon, 04 Dec 2023 15:01:24 GMT
server: AmazonS3
etag: "eb92046d80507f3075461e0b9affd41a"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=84600, must-revalidate
accept-ranges: bytes
x-amz-cf-id: T65Fs12WmKeHxWIbCEgeNP4MpimRipLLxipJ1NE-JXN2XYnHU2RUfw==

GET
H2 200 cookieconsent.min.js Show response
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 20 KB
7 KB 21ms
19ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 345
x-jsd-version: 3.1.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230069-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txur9wjKTnR3ZQkjTl53JQNy9EJdSez7mfV1dDsehEdY%2BjG800E%2B9K04XPjHzcFQ8BM7kF6Bhg43yn1tmPZ0A8sjKnvf0tPXXTsBaET5QbC8T%2BHGdil1gS%2BUFfkJciJMccWy6Iih9yF3FKWhSBg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 8321784c1f323a52-FRA

GET
H2 200 geo.js Show response
get.geojs.io/v1/ip/ 388 B
909 B 71ms
37ms Script
application/javascript 2606:4700:20::ac43:46e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://get.geojs.io/v1/ip/geo.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:46e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9fc05f497293b4b20afb0f492156cfa41072bd6c9b8a7409bdbf32c0e93d0b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-request-id: d41886e0c6b2ef41995411671fbe3f09-AMS
x-geojs-location: AMS
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jFeS6QQi6dTOXC4%2BY22UKE9Ur9rtIOQxIuLeeYiDOE320LTBaktHRpDKc%2FoyGPNwOF7ijhnUQTQkpdxtz2yrYwV2IMIJST9okmH0RJmveuUV%2BetF6fTXjS3%2B8SXvzyShaMnSxwXPtQaSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate, private, max-age=0
cf-ray: 8321784c4f8e9b80-FRA

GET
H2 200 ahoy.js Show response
unpkg.com/ahoy.js@0.3.8/dist/ 15 KB
5 KB 54ms
20ms Script
application/javascript 2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/ahoy.js@0.3.8/dist/ahoy.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f4de154a4a94c4d9d3a112aaa48fdbf9156ddff739c4bb83f479443f738ae58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2406712
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HEVVSS71WHRQCYVRJ1H8NH6D-fra
server: cloudflare
etag: W/"3d84-W2TCrH2gWpD3LD0iCkVT5A8W55c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8321784c4cb73647-FRA

GET
H2 200 20176333.js Show response
js.hs-scripts.com/ 1 KB
1 KB 325ms
295ms Script
application/javascript 2606:4700::6810:be59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/20176333.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:be59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2eefa82fcc4ef9caf67ab77f3f488c4828d10fdb57d624e3b79ca41d34425b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 68d3c51c-861f-46ce-ab76-c29a8b1d2f56
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 68d3c51c-861f-46ce-ab76-c29a8b1d2f56
last-modified: Fri, 08 Dec 2023 01:50:24 GMT
server: cloudflare
x-trace: 2B78C14E157905AF2EC873260E9DFAF57D136359CF000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.intruder.io
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6ffdd984b9-qsms9
cf-ray: 8321784c49bc37f6-FRA
expires: Fri, 08 Dec 2023 02:11:05 GMT

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/ 17 KB
6 KB 18ms
17ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/prism.min.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb38beea12a3a708c8dd789701ec714cf96cafb77c0385c20fb7b46ac1ca069a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1982089
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6003
last-modified: Thu, 16 Sep 2021 16:38:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6143730b-1773"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9WrKkf%2FQcqCGJZpBUJVH9j%2F5DMzYb500%2BIkpalxogVhGLr1%2BrMZFrcnz0wC9LJU6zvECF2XIFOWd6UBovbW1E7I0JxxyjoJaaavGolxdtvhcTqt2T5XsZx6xgMxqvuYZZEH0j5FZZU02Nfn6BfSqFYdy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8321784c1ee99136-FRA
expires: Wed, 27 Nov 2024 02:10:04 GMT

GET
H2 200 prism-unescaped-markup.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/plugins/unescaped-markup/ 1 KB
755 B 17ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.25.0/plugins/unescaped-markup/prism-unescaped-markup.min.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1420e47d5334162b0593a626c8d3159cc7f78bd01241a26f535ab5e1fb378f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2504441
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 411
last-modified: Thu, 16 Sep 2021 16:38:35 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6143730b-19b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Yzm6VlN%2FimqBhQXflW%2FcrmPUJHMpSb5PLDpllUbkXz2YwdEqxVJlnWlBG2IrVQnZ3kwAMkQTlTfYNARjq%2B6Ib%2FV25aD4mfiLuXBQXO0WB5ZZwWFtoN0V9uajt7vGwB4dj15tFME9oPidu5uEdEYd1ds"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8321784c1eea9136-FRA
expires: Wed, 27 Nov 2024 02:10:04 GMT

GET
H2 200 css
fonts.googleapis.com/ 30 KB
1 KB 83ms
38ms Stylesheet
text/css 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00f0ca5978af7f577f3bb245b52f5b98546fca77cbf7b2b42838fddc2b53cd59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 01:26:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 02:10:04 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
55 KB 41ms
10ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 08 Dec 2023 02:10:04 GMT
document-policy: force-load-at-top
content-security-policy-report-only: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: PJEdPskqsfqWe7klQd1iezN29OwMewds02E+wUoa7nAFRYHpKQcluYKZL8ZJTsXUFCnuZnhx9qktrgR07+5PkA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 hotjar-884686.js Show response
static.hotjar.com/c/ 9 KB
4 KB 90ms
47ms Script
application/javascript 18.66.248.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-884686.js?sv=6

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.248.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-248-94.dus51.r.cloudfront.net

Software

Resource Hash

460f61872cbcc858ab380a59c2c0617838f09ff05ff5f4880c94241d2af5ebcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c31ad517510d586c0f2aa3c5dbc40b06.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P1
etag: W/d09410265d41f6df6bb98c46bbcdf20b
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=60
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: xd1qMrSNsdzv4TAKxUW19hix3qBMBPNxVplmdTowmX4_SeqzMEg4RA==

GET
H2 200 61dd9339d0570101260b32bf_Free%20Trial%20Promo%20Background.svg
assets-global.website-files.com/61dd9339d05701b1440b323d/ 5 KB
1 KB 26ms
26ms Image
image/svg+xml 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/61dd9339d0570101260b32bf_Free%20Trial%20Promo%20Background.svg
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/css/intruder-io.124cab8de.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 978711dfe9482705eee076dc906877ba3a8b43c095c65c468237aa612c892cdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets-global.website-files.com/61dd9339d05701b1440b323d/css/intruder-io.124cab8de.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 09:42:51 GMT
x-amz-version-id: .8C.Ha5Xpc2Fssc1wwzkzVp52a2NWjpU
content-encoding: br
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 9736034
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 11 Jan 2022 14:24:59 GMT
server: AmazonS3
etag: W/"d13de7782ff19baefeeb92cca38fd1d8"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: riayL5IXfz_7vO0KPRFQuRRu6Cv5yF90CK-4fjsom9BpwqCqVcmqpg==

GET
H2 200 l
use.typekit.net/af/05093b/00000000000000003b9b133d/27/ 46 KB
46 KB 52ms
14ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/05093b/00000000000000003b9b133d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 026e0334e803cf2aadc379101e61937153ab27c1a77039f842dd75a8d2acab34

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
etag: "0e6c40366088b6d49ea4ba34773b8260135be0b6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 46600

GET
H2 200 l
use.typekit.net/af/2d988a/00000000000000003b9b1338/27/ 44 KB
45 KB 59ms
21ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2d988a/00000000000000003b9b1338/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9c4ea932ba4feba08c8486917f79710309a44e497e81b4a2214fab3f3de5aaf4

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
etag: "ed37942c006659286cd1ca26caf00a8babc192be"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45452

GET
H2 200 649160ce843009bf004bc195_Outfit-VariableFont.ttf
assets.website-files.com/61dd9339d05701b1440b323d/ 97 KB
47 KB 61ms
21ms Font
application/x-font-ttf 2600:9000:243d:ba00:11:3b84:d200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.website-files.com/61dd9339d05701b1440b323d/649160ce843009bf004bc195_Outfit-VariableFont.ttf
Requested by: Host: assets-global.website-files.com
URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/css/intruder-io.124cab8de.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:ba00:11:3b84:d200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: db53e2912b77469c64a3f0ba2b09e5fa90fe1d2b16bb50820a4f18d2d0cf3fb6

Request headers

Referer: https://assets-global.website-files.com/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 09:57:29 GMT
x-amz-version-id: FyQm18iRhLC5K5iFKJ_Nva8kM57MhFec
content-encoding: br
via: 1.1 c6112c76017165ab7d9ba7566718afea.cloudfront.net (CloudFront)
age: 14746356
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 20 Jun 2023 08:18:24 GMT
server: AmazonS3
etag: W/"ebceb212c3fdfa36520051f0de0eac99"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/x-font-ttf
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
vary: Accept-Encoding
x-amz-cf-id: C7nHSKFAKJiRRN_IP4vwgOFbQI0QRqtBPoX1k2UR7sHG3EhMjv3sVw==

GET
H2 200 l
use.typekit.net/af/da10e7/00000000000000003b9b1337/27/ 47 KB
47 KB 65ms
26ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/da10e7/00000000000000003b9b1337/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 676661a4cd041701a55233d2cc1358cd874d1fd5d85256eaa35ef98e5615b28e

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
etag: "81284a8fefb838febe765b3895655b91b6f06f3a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 48360

GET
H2 200 64931cbdee18510b47f41730_Logo.svg
assets-global.website-files.com/61dd9339d05701b1440b323d/ 5 KB
2 KB 16ms
15ms Image
image/svg+xml 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701b1440b323d/64931cbdee18510b47f41730_Logo.svg
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e945d20f8e921a9d0ebed1c9cb68ee80becc63cdd939b3965256fcec5adb7f6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 17 Aug 2023 09:42:51 GMT
x-amz-version-id: 1kLhPy4lGwwXCDoZ.ky6IQS9FEug2j0I
content-encoding: br
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 9736034
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 21 Jun 2023 15:52:30 GMT
server: AmazonS3
etag: W/"5221e7508ac281da00ff4eb3e7505e60"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
x-amz-cf-id: fSNew25SPt9xD0FwDa-skOgdRdVSwVlkkplpOMhMWYH9gJTIqADhiQ==

GET
H2 200 656ef90db535ad68279414f7_hack_ourselves_pt1-p-1600.png
assets-global.website-files.com/61dd9339d05701829d0b3241/ 149 KB
150 KB 23ms
22ms Image
image/png 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701829d0b3241/656ef90db535ad68279414f7_hack_ourselves_pt1-p-1600.png
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c6981bb75dbbcf57742ebad456e947cef155e160cad40197e0bca398317c466a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 10:20:13 GMT
x-amz-version-id: TMFHe3seN7pQ6VwTBq235mj0HSKRt_JF
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 229792
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 152827
last-modified: Tue, 05 Dec 2023 10:18:56 GMT
server: AmazonS3
etag: "1a850c073b51624aef581f318121b733"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: X1Yf4TdkEOL_N37WZFyhDiGCV9fCr23AnBHQZy3HAYYHrNSoOGaJdA==

GET
H2 200 6569d36ffc2f9ec21b3f563c_Dan.T.png
assets-global.website-files.com/61dd9339d05701829d0b3241/ 10 KB
10 KB 17ms
16ms Image
image/png 2600:9000:243d:f400:12:9e5f:cac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets-global.website-files.com/61dd9339d05701829d0b3241/6569d36ffc2f9ec21b3f563c_Dan.T.png
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:f400:12:9e5f:cac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 254309f1954bb42ce3d8741a1ff65e62ac4d67501fb6f03962cad2a26171a407

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 13:50:26 GMT
x-amz-version-id: lI1aL1GwUS1iWITqQ49TRb2D.6U4IzRI
via: 1.1 77007e8fa31c6833ee40a227e9348a6a.cloudfront.net (CloudFront)
age: 562779
x-amz-cf-pop: DUS51-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 9881
last-modified: Fri, 01 Dec 2023 12:37:04 GMT
server: AmazonS3
etag: "3d611d3eee4962f40a6832ba350ba4f9"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
x-amz-cf-id: UfEOFgAZMlgUnwfrXn58yac0wShKrZ8JU9IAdEEwf9pYsHY2Z27kbQ==

GET
H2 200 201980603867321 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 72ms
72ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/201980603867321?v=2.9.138&r=stable&domain=www.intruder.io

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5028aa8921f4cac5eb7e209aec12e26a206abe49d147a446fdcf19bae0ee6ea4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 08 Dec 2023 02:10:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 1uasFRPjFhqG1JtObyShzz5lykNbZ+9SA0lCGZRkJs1lpv+EEeAGYcbrDj56IB2PwIPE1SdJfwjSmrYkEt4ntA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracker.js Show response
d1l6p2sc9645hc.cloudfront.net/ 10 KB
5 KB 86ms
19ms Script
text/javascript 2600:9000:2315:aa00:f:fd8f:b000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1l6p2sc9645hc.cloudfront.net/tracker.js
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:aa00:f:fd8f:b000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2f9b39d4685187f53d059fa79097782292ba1954f9e29d518adee023e86d90c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 17:12:25 GMT
content-encoding: br
via: 1.1 7dc1e6ca5d933ea10694c61d8475b502.cloudfront.net (CloudFront)
last-modified: Tue, 28 Nov 2023 23:22:39 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
age: 32270
x-amz-server-side-encryption: AES256
etag: W/"4c428f6e61b7c494241fc820f580f70e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=UTF-8
cache-control: max-age=43200, public
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 0QYZmZ-owNmkD-6fTduQKhZAX0ga79IWPv-R0WGK9RdbxYgmOq4t1g==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
805 B 39ms
18ms Script
application/javascript 2a02:26f0:780::210:a40a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 07 Dec 2023 10:28:06 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=29902
accept-ranges: bytes
content-length: 595

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 75ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 08 Dec 2023 02:10:04 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5ABD210673844EBDAD6C371D190BF7A5 Ref B: FRAEDGE1211 Ref C: 2023-12-08T02:10:04Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 2328.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 170ms
127ms Script
text/javascript 2606:4700:4400::ac40:90e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/2328.js?p=https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding&e=

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 174fc3b9-ae7b-4417-a57f-8e53d5194aef
x-runtime: 0.003617
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 8321784d08364daa-FRA

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 142 KB
43 KB 85ms
18ms Script
application/javascript 2600:9000:206f:4200:15:a0d3:77c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:4200:15:a0d3:77c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

889794fd02992011c4b843a05190531656d4c6148e6d4375be6bab3432b580d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: Cf02rYNryv9UIBzoGOQeQJTZ2QU2vf2Y
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 02:09:58 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
x-amz-cf-pop: FRA56-C1
age: 8
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 12 Sep 2023 09:05:15 GMT
server: AmazonS3
etag: W/"e112b8bf96f23bc2970347a3c98e37fc"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: Ip5D6IKdESMtWauemkJrn-OYqXCFk3O1zv3eJv7TkE4UfksaR1bXcA==

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
33 KB 66ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 07:18:49 GMT
x-content-type-options: nosniff
age: 499875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33092
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Dec 2024 07:18:49 GMT

OPTIONS
H2 200 visits
api-internal.intruder.io/app/ahoy/ Frame 0
0 120ms
66ms Preflight 2606:4700:10::6816:2c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-internal.intruder.io/app/ahoy/visits
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.intruder.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET, POST, PATCH, DELETE, OPTIONS
access-control-allow-origin: https://www.intruder.io
access-control-expose-headers: Content-Disposition
access-control-max-age: 7200
cf-cache-status: DYNAMIC
cf-ray: 8321784d39a04d44-FRA
content-length: 0
date: Fri, 08 Dec 2023 02:10:05 GMT
server: cloudflare
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 l
use.typekit.net/af/752019/00000000000000003b9b1336/27/ 44 KB
45 KB 9ms
9ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/752019/00000000000000003b9b1336/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n3&v=3
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4f068e941a0410d1899c858c9b1ce0c97b7877b78bf53fee3337949e2c8825da

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
etag: "5bfe475ef1d23d56aabb34e95a6a30a28541fe15"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 45432

GET
H2 200 JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2
fonts.gstatic.com/s/montserrat/v26/ 33 KB
34 KB 78ms
41ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUQjIg1_i6t8kCHKm459WxRyS7m.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:26:44 GMT
x-content-type-options: nosniff
age: 9800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34288
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:52:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 23:26:44 GMT

GET
H2 200 l
use.typekit.net/af/1bab1a/00000000000000003b9b133e/27/ 48 KB
49 KB 11ms
11ms Font
application/font-woff2 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/1bab1a/00000000000000003b9b133e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i7&v=3
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 2b517e93a68cb99952b049a002a5fb713d2c817e06a70dfb8d78067eaa86afd7

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
server: nginx
etag: "253ac109a1abf04e8864aa7474d29d385d847cca"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 49540

POST
H2 200 visits Show response
api-internal.intruder.io/app/ahoy/ 211 B
615 B 105ms
105ms XHR
application/json 2606:4700:10::6816:2c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-internal.intruder.io/app/ahoy/visits

Requested by

Host: d3e54v103j8qbb.cloudfront.net
URL: https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=61dd9339d05701b1440b323d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:2c6e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8640f1b21ee5bfab780371f6e6680c20a79505832d555d88ad9bd37921d375e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-request-id: 32e9c508334d4d7e6fc9f23a35c6647e
x-runtime: 0.026335
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"8640f1b21ee5bfab780371f6e6680c20"
x-download-options: noopen
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, POST, PATCH, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.intruder.io
access-control-expose-headers: Content-Disposition
cache-control: max-age=0, private, must-revalidate
access-control-max-age: 7200
cf-ray: 8321784da9d64d44-FRA
x-frame-options: SAMEORIGIN

GET
H2 200 modules.0ef46a83101151841364.js Show response
script.hotjar.com/ 218 KB
55 KB 53ms
10ms Script
application/javascript 13.32.27.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0ef46a83101151841364.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-884686.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.19 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-19.fra56.r.cloudfront.net

Software

Resource Hash

72d0e968a2bc13b2b3af3a39d1aa6f240e37b3054feaf1ca31b18399974111fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 15:44:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 f891d17fa862cc74a05434e03fa58dca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 37557
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55456
last-modified: Thu, 07 Dec 2023 15:44:01 GMT
etag: "4f152a0a4d20e1d992c5c15c49e98463"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: Gdo_mCOWm4MXwRw9S7J0aiqKtUUzPsyeBpbQtNeSxvUlZlKKh76UVw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 291 KB
93 KB 56ms
55ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ME4CJVYS32&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92208104-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

12f8ac3fc64ae3115833e285d66b58636d6c8c954eca2832e1cd4432bd24b744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94978
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 02:10:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
22ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92208104-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 08 Dec 2023 01:41:49 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1696
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 08 Dec 2023 03:41:49 GMT

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 41 KB
15 KB 9ms
9ms Script
application/javascript 2a02:26f0:780::210:a40a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:780::210:a40a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

089436f8415aeeeb9a8f6c175cf3d9aff818662af1ff73aef4b0906575460df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 07 Dec 2023 10:28:07 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=29919
accept-ranges: bytes
content-length: 15202

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D365706%26time%3D1702001404989%26url%3Dhttps%253A%252F%252Fwww.intruder.io%252Fres...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true&e_ip...

0
266 B

166ms
116ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true&e_ipv6=AQKY9JW3_vBOmwAAAYxHMG3SJlZ6pa7YQIBKLNUu5Ik6_yy532GBoWpjbzpBGruVkU8ACq9ERn8o
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 08BE81CD51804FFC9101CBE2CE18063C Ref B: AMS04EDGE1310 Ref C: 2023-12-08T02:10:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYL9hUvQeYN0DsKmG0RJw==

Redirect headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2566B343D4124CA9BDF78A8C289DC7D1 Ref B: FRAEDGE1808 Ref C: 2023-12-08T02:10:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=365706&time=1702001404989&url=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&cookiesTest=true&liSync=true&e_ipv6=AQKY9JW3_vBOmwAAAYxHMG3SJlZ6pa7YQIBKLNUu5Ik6_yy532GBoWpjbzpBGruVkU8ACq9ERn8o
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYL9hUs4WQLXnsjKfmA/g==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 49ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-ME4CJVYS32&gtm=45je3bt0v893553745&_p=1702001404803&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=549845604.1702001405&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1702001405&sct=1&seg=0&dl=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&dt=We%20Hacked%20Ourselves%20With%20DNS%20Rebinding&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=3000
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ME4CJVYS32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.intruder.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 70ms
22ms Ping
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ME4CJVYS32&cid=549845604.1702001405&gtm=45je3bt0v893553745&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ME4CJVYS32
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.intruder.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 69ms
30ms Image
image/gif 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ME4CJVYS32&cid=549845604.1702001405&gtm=45je3bt0v893553745&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1646188486

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 36ms
9ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=201980603867321&ev=PageView&dl=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&rl=&if=false&ts=1702001405021&sw=1600&sh=1200&v=2.9.138&r=stable&a=plwebflow&ec=0&o=4126&fbp=fb.1.1702001405021.290179751&ler=empty&it=1702001404911&coo=false&rqm=GET

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 08 Dec 2023 02:10:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 p.gif
p.typekit.net/ 35 B
205 B 77ms
8ms Image
image/gif 2a02:26f0:780::210:a469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=avo3fha&ht=tk&h=www.intruder.io&f=16353.37460.37461.37466.37467&a=92760395&js=1.21.0&app=typekit&e=js&_=1702001405035
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:780::210:a469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
last-modified: Sat, 09 Oct 2021 02:10:03 GMT
server: nginx
etag: "6160f9fb-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 204 25041911.js Show response
bat.bing.com/p/action/ 0
117 B 93ms
93ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25041911.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Fri, 08 Dec 2023 02:10:04 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F11058CECDE4CB78BEEDA2F58EB7D20 Ref B: FRAEDGE1211 Ref C: 2023-12-08T02:10:05Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 37ms
37ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25041911&Ver=2&mid=96b88e71-b8e3-4f87-8f7a-c60e2d025744&sid=e70ceb90956e11ee96c42bea4389b396&vid=e70ccf80956e11eebbcfb3b89496f614&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=We%20Hacked%20Ourselves%20With%20DNS%20Rebinding&p=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&r=&lt=2924&evt=pageLoad&sv=1&rn=536882

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 08 Dec 2023 02:10:04 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6D5AB34DFEFE4466B12DD4275266B9F2 Ref B: FRAEDGE1211 Ref C: 2023-12-08T02:10:05Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pv Show response
data.gosquared.com/ 6 B
75 B 348ms
119ms Script
text/javascript 35.171.200.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://data.gosquared.com/pv?cs=UTF-8&cd=24&la=en-US&sw=1600&sh=1200&dp=1&tp=0&pu=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&pt=We%20Hacked%20Ourselves%20With%20DNS%20Rebinding&ri=0&ru=-&re=0&vi=1&pv=1&lv=0&vw=1600&vh=1200&dw=1600&dh=11339&st=0&sl=0&tz=-60&rc=1&cb=0&a=GSN-590103-H&id=648f1ba4473d2dcfd2d5832b14b24261&tv=6.7.1940
Requested by: Host: d1l6p2sc9645hc.cloudfront.net
URL: https://d1l6p2sc9645hc.cloudfront.net/tracker.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.200.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-200-195.compute-1.amazonaws.com
Software: /
Resource Hash: 2516ffceaee624e95516f2caa7b8f25100993d94230e624c8ee7858a8552bcc9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
content-length: 6
content-type: text/javascript

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 27ms
27ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1100895389&t=pageview&_s=1&dl=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&ul=en-us&de=UTF-8&dt=We%20Hacked%20Ourselves%20With%20DNS%20Rebinding&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=2007418029&gjid=1553025237&cid=549845604.1702001405&tid=UA-92208104-1&_gid=1846006681.1702001405&_r=1&gtm=457e3bt0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&jsscut=1&z=1063007553

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.intruder.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 163ms
121ms Script
application/javascript 2606:4700::6811:579a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/20176333.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intruder.io/
Origin: https://www.intruder.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-amz-version-id: qOShuUL.zI.RMIWwukZE0taADNX_1wuf
via: 1.1 3203c4b5504fa019a752072f0419ef6a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: e7fe1b79-2211-4a32-bdfd-9fd827ce52d7
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.444/bundles/project.js&cfRay=8321784e6e6830e8-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e7fe1b79-2211-4a32-bdfd-9fd827ce52d7
last-modified: Mon, 04 Dec 2023 12:10:50 UTC
server: cloudflare
etag: W/"109b7665e389a0b17fbf732bf7a02089"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-59k59
cf-ray: 8321784e6e6830e8-FRA
x-amz-cf-id: YuEzhAtst0-mj_Jv3DfwD0iLcbeoP8b_wGfIFO6ys2Zumbp-PItS7Q==
x-hs-target-asset: collected-forms-embed-js/static-1.444/bundles/project.js

GET
H2 200 20176333.js Show response
js.hs-analytics.net/analytics/1702001400000/ 66 KB
21 KB 218ms
177ms Script
text/javascript 2606:4700::6810:4dba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1702001400000/20176333.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/20176333.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4dba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d4e470997ef87da35e1b0aa220a4ebaa62a8ca661291385aef94b80b89b8472

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: KA5P71C4JNGT5HBR
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: fabc7cb8-72c6-40e8-864a-c8d6d40aa195
x-envoy-upstream-service-time: 58
x-amz-id-2: H4k/87+p9rB4BiWPj/35L2OJVSvTSjWjdMZPYGdXRP6efDNgNGcprb1VOtPuKGg4IArKC1/L0n0=
x-evy-trace-listener: listener_https
x-request-id: fabc7cb8-72c6-40e8-864a-c8d6d40aa195
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 15 Nov 2023 17:49:54 GMT
server: cloudflare
etag: W/"fd0827c474dbc3e264fe0e1ff31f1cfb"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fd6fb8679-vfzwq
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8321784e69771d88-FRA
expires: Fri, 08 Dec 2023 02:15:05 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/20176333/ 66 KB
20 KB 350ms
309ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/20176333/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/20176333.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 762ae9c57b00b6079e218991907a7377b05bd3ebec5e16abe34e25bae814996c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-amz-version-id: .sv.FsgFcqnAwq1V8YxW8YfDdB622j4q
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: AQ0P44QXCZ05JY40
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 1107fe75-5be6-4359-b1d7-32686e2cd1e8
x-envoy-upstream-service-time: 52
x-amz-id-2: 5t3kF3oem3dAocD/AMOMxsOeaxKtEAEwrXzxd7wcoPTrgl6O9TxRowfEETw6/jhqPcK9aJs2/Fjs3cJvVt9yHw==
x-evy-trace-listener: listener_https
x-request-id: 1107fe75-5be6-4359-b1d7-32686e2cd1e8
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 18 Oct 2023 18:31:15 GMT
server: cloudflare
etag: W/"2a18c9b83bf4dddf4c4b796aa2a05651"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.intruder.io
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6849bc8697-4hwl9
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8321784e682c4dbb-FRA
expires: Fri, 08 Dec 2023 02:15:05 GMT

POST
H2 200 events
api-internal.intruder.io/app/ahoy/ 0
0 101ms
77ms Ping
application/json 2606:4700:10::6816:2c6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-internal.intruder.io/app/ahoy/events
Requested by: Host: unpkg.com
URL: https://unpkg.com/ahoy.js@0.3.8/dist/ahoy.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:2c6e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrA40Hiyzgtg4hAGp

Response headers

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 21ms
21ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-92208104-1&cid=549845604.1702001405&jid=2007418029&gjid=1553025237&_gid=1846006681.1702001405&_u=YADAAUAAAAAAACAAI~&z=824830004

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 08 Dec 2023 02:10:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.intruder.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 107ms
45ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-92208104-1&cid=549845604.1702001405&jid=2007418029&_u=YADAAUAAAAAAACAAI~&z=1239709000

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 25ms
24ms Image
image/gif 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-92208104-1&cid=549845604.1702001405&jid=2007418029&_u=YADAAUAAAAAAACAAI~&z=1239709000

Requested by

Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 02:10:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
433 B 118ms
117ms XHR
application/json 2606:4700::6811:579a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=20176333&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:579a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31000c90d9c42f5e6578a0e002440da3e77484eaa72965835ce8867294db2af3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a8840fb2-fd9e-4971-98b9-9150bba4cdfd
x-envoy-upstream-service-time: 7
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a8840fb2-fd9e-4971-98b9-9150bba4cdfd
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.intruder.io
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-d59vm
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8321784f4ece30e8-FRA

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
194 B 106ms
106ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.intruder.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B53136D9BA59453586BA846D31E02359 Ref B: FRAEDGE1808 Ref C: 2023-12-08T02:10:05Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.intruder.io
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYL9hUxF2vdmkItYjkg2A==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 153ms
130ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=813894649&v=1.1&a=20176333&rcu=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&pu=https%3A%2F%2Fwww.intruder.io%2Fresearch%2Fwe-hacked-ourselves-with-dns-rebinding&t=We+Hacked+Ourselves+With+DNS+Rebinding&cts=1702001405619&vi=fe2ce55db29acf93f90bf0593115d4fd&nc=true&u=68294094.fe2ce55db29acf93f90bf0593115d4fd.1702001405616.1702001405616.1702001405616.1&b=68294094.1.1702001405617&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 414cae7d-3db7-414c-b053-74e3085677d4
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 414cae7d-3db7-414c-b053-74e3085677d4
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6cVK9Z4%2FeoF9rdtm00hLOcbDvF%2B1PzLVxubwSuZ8pT%2FnJdw0zRjMzJNdMl00D8TXPD9YIEvCK6eubQlfm%2B5Gna7J25p93Tc2SgtFlanILpQAAhlYCVSclj6V3RLtrwW4KF5tbTZss%2BxV0YLssiH"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7556df69f8-mkvzt
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8321785148d95d7c-FRA
x-robots-tag: none

GET
H2 200 yez6ce5n Show response
widget.intercom.io/widget/ 7 KB
3 KB 67ms
27ms Script
application/javascript 108.157.4.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/yez6ce5n
Requested by: Host: www.intruder.io
URL: https://www.intruder.io/research/we-hacked-ourselves-with-dns-rebinding
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-103.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 34b3a205f8a3de9af4531da302777f7dd48a79a5ae3d57061dcf3743a9d1a56d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: xUR8tOTn9CRHRLYlPfpOzgtAjBN0Jpew
content-encoding: gzip
via: 1.1 0247123ccdc6a2a86167d7f4de30885a.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 02:09:26 GMT
x-amz-cf-pop: DUS51-P2
age: 48
x-amz-server-side-encryption: AES256
x-cache: Error from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2705
last-modified: Thu, 07 Dec 2023 15:06:42 GMT
server: AmazonS3
etag: "a78e4babfd572539de1c91083e72a6ca"
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: max-age=300, s-maxage=300, public
accept-ranges: bytes
x-amz-cf-id: V9r8xxz2ZneeBetAg81nhyX8FkBrKLqgRUCPsYiTFR7YUxeoeswLMw==

GET
H2 200 frame-modern.a7acf1a8.js Show response
js.intercomcdn.com/ Frame 797B 514 KB
143 KB 72ms
26ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame-modern.a7acf1a8.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yez6ce5n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.43 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-43.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

22d80f937d6d702fab693fba52ca8c9e75cc6c4bf6d71e040c65c602278b22ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: T8FD3HBLgzxzSpiJZMBNT2EAE4Pd3Ho6
content-encoding: gzip
via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 01:06:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P4
age: 3800
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 145303
last-modified: Thu, 07 Dec 2023 15:04:21 GMT
server: AmazonS3
etag: "d8635cc2e9b7318602134fde6d031000"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: Equ72XUCxcQy0qWwRrFOogyoxJm--JRj0jDXuPKDkg4MGwFJkSZyrQ==

GET
H2 200 vendor-modern.689650c5.js Show response
js.intercomcdn.com/ Frame 797B 426 KB
131 KB 54ms
8ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor-modern.689650c5.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/yez6ce5n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.43 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-43.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a98b0d22fb50853a6fbb1a665e510a9595d2dae5f86a5774f8f0c2f701955532

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: LXw7580Y9Ji4U_Zmf5hu8yWz4DIryQDO
content-encoding: gzip
via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 01:24:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P4
age: 2744
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 133792
last-modified: Tue, 05 Dec 2023 08:10:22 GMT
server: AmazonS3
etag: "d0a2ac2a870e5d8e688aada7a9b12be6"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000, s-maxage=7200, public
accept-ranges: bytes
x-amz-cf-id: P3AWfyWrQIlpzCF1sNLwqnF1wqr8bQ8fMRPvw_oouvyrrDXeMD7iYw==

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 797B 5 KB
3 KB 666ms
453ms XHR
application/json 18.210.132.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.a7acf1a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.210.132.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-210-132-136.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6fa152503e57142b822556d4ffc3ddd86417c7af18e3591d0812a19a6ca86e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 08 Dec 2023 02:10:06 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-0fb0b20986efabbf0
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 000831flp09lp4o3mtrg
x-runtime: 0.318276
server: nginx
etag: W/"6fa152503e57142b822556d4ffc3ddd8"
x-request-queueing: 0
vary: Accept,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.intruder.io
x-intercom-version: 8809d519bd8b4b78f69caa94a6645837060e87f0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

GET
H2 200 fea06f1f1fc97d4570aa242c288327aa.png
downloads.intercomcdn.com/i/o/406238/d07ed11012a9266bb6a5b868/ 4 KB
5 KB 413ms
195ms Image
image/png 3.33.152.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://downloads.intercomcdn.com/i/o/406238/d07ed11012a9266bb6a5b868/fea06f1f1fc97d4570aa242c288327aa.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.152.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

a69d63ecdf0f33068.awsglobalaccelerator.com

Software

nginx /

Resource Hash

72b8e509ef946d3ca1ba0141ad77bc9924fc4b135afb90a5065818164c7e04c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.intruder.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 02:10:07 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-0fb0b20986efabbf0
content-security-policy: default-src 'none'; font-src fonts.intercomcdn.com; img-src downloads.intercomcdn.com/images/logo-gray-16x16-at-2x.png; media-src 'self'; style-src downloads.intercomcdn.com/410.css fonts.intercomcdn.com/proxima-nova/proxima-nova-all.css
status: 200 OK
content-transfer-encoding: binary
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="fea06f1f1fc97d4570aa242c288327aa.png"; filename*=UTF-8''fea06f1f1fc97d4570aa242c288327aa.png
x-xss-protection: 1; mode=block
x-request-id: 000bndmpkpj5l6im8tkg
x-runtime: 0.065401
last-modified: Tue, 25 Apr 2023 13:31:02 GMT
server: nginx
x-request-queueing: 0
vary: Accept-Encoding
x-frame-options: deny
content-type: image/png
x-intercom-version: 8809d519bd8b4b78f69caa94a6645837060e87f0
cache-control: max-age=86400, private

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 797B 5 KB
3 KB 371ms
371ms XHR
application/json 18.210.132.136
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.a7acf1a8.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.210.132.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-210-132-136.compute-1.amazonaws.com

Software

nginx /

Resource Hash

96dda43dcb13274a3c65158a2a0ba9b2d7f5a6215a23b1ddafb26525f63075cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 08 Dec 2023 02:10:07 GMT
strict-transport-security: max-age=31556952; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-ami-version: ami-0fb0b20986efabbf0
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 0007udd4v1t4iu2dlah0
x-runtime: 0.242450
server: nginx
etag: W/"96dda43dcb13274a3c65158a2a0ba9b2"
x-request-queueing: 0
vary: Accept,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.intruder.io
x-intercom-version: 8809d519bd8b4b78f69caa94a6645837060e87f0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-frame-options: SAMEORIGIN
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.intruder.io/	1970-01-20 16:46:55	Name: ahoy_visit Value: 0e7a6cf7-18ab-4f6b-912d-1244aa94ce28
.intruder.io/	1970-01-21 02:22:41	Name: ahoy_visitor Value: 5aa25bde-20d0-4d38-a88f-f4a072f8c495
.intruder.io/	1970-01-21 02:22:41	Name: _ga_ME4CJVYS32 Value: GS1.1.1702001405.1.0.1702001405.60.0.0
.intruder.io/	1970-01-20 18:56:17	Name: _fbp Value: fb.1.1702001405021.290179751
.intruder.io/	1970-01-20 16:48:07	Name: _uetsid Value: e70ceb90956e11ee96c42bea4389b396
.intruder.io/	1970-01-21 02:08:17	Name: _uetvid Value: e70ccf80956e11eebbcfb3b89496f614
.intruder.io/	1970-01-21 01:32:17	Name: _hjSessionUser_884686 Value: eyJpZCI6ImJkZWI3MjY2LTczZjItNWZjMi1iNjAzLTM0NWQ1NmY1MWMzOSIsImNyZWF0ZWQiOjE3MDIwMDE0MDUwNjQsImV4aXN0aW5nIjpmYWxzZX0=
.intruder.io/	1970-01-20 16:46:43	Name: _hjFirstSeen Value: 1
.intruder.io/	1970-01-20 16:46:43	Name: _hjIncludedInSessionSample_884686 Value: 0
.intruder.io/	1970-01-20 16:46:43	Name: _hjSession_884686 Value: eyJpZCI6IjcxYmE1MjI0LTg0NTctNGUzZi1iZDU3LTg3ZjQyNjczNmNlZiIsImNyZWF0ZWQiOjE3MDIwMDE0MDUwNjUsImluU2FtcGxlIjpmYWxzZSwic2Vzc2lvbml6ZXJCZXRhRW5hYmxlZCI6dHJ1ZX0=
.intruder.io/	1970-01-20 16:46:43	Name: _hjAbsoluteSessionInProgress Value: 0
.bing.com/	1970-01-21 02:08:17	Name: MUID Value: 38E441C0F8DC61EA2ED15221F90E60A5
tracking.g2crowd.com/	1970-01-20 17:06:51	Name: _session_id Value: 5690a1ac1073d9ab2e61e3da017a8947
.g2crowd.com/	1970-01-20 16:46:43	Name: __cf_bm Value: BcXnSpYhd9IpH8mhHxLT.yjzGMhxOcPn0PX8ukffQMo-1702001405-0-AYo8/pjum+YSfc+kZ2hEj6XkaahKSrLkPUOW2JVf0D9DCMZWcs6cvuYmwzCCadOk/rTgI2cm/W9qhHG5kE7HoOY=
.linkedin.com/	1970-01-20 18:56:17	Name: li_sugr Value: 810a17cf-69d8-48d5-be4e-3c4f4d2f6746
.linkedin.com/	1970-01-21 01:32:17	Name: bcookie Value: "v=2&eed54509-4305-4636-8ed9-4825ad8ed7b1"
.linkedin.com/	1970-01-20 16:48:07	Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3038:u=1:x=1:i=1702001405:t=1702087805:v=2:sig=AQGAkLLU7WT68mfYYtDWWuGBp5mkIioM"
www.intruder.io/	1970-01-21 02:22:41	Name: gs_v_GSN-590103-H Value:
www.intruder.io/	1970-01-21 02:22:41	Name: gs_u_GSN-590103-H Value: 648f1ba4473d2dcfd2d5832b14b24261:2567:5000:1702001405125
.intruder.io/	1970-01-21 02:22:41	Name: _ga Value: GA1.2.549845604.1702001405
.intruder.io/	1970-01-20 16:48:07	Name: _gid Value: GA1.2.1846006681.1702001405
.intruder.io/	1970-01-20 16:46:41	Name: _gat_gtag_UA_92208104_1 Value: 1
.linkedin.com/	1970-01-20 17:29:53	Name: UserMatchHistory Value: AQJXrKGgxIvD6QAAAYxHMGz6hM1H_cWpWoiPUfuqE9HW4YpUXAdRQqUX9ZJF_yBNWPBymuKBwinLkg
.linkedin.com/	1970-01-20 17:29:53	Name: AnalyticsSyncHistory Value: AQIy7torzmKHJwAAAYxHMGz6JLLiQrHAFLSH7BnRFOmNAlbFibtj2pId5ZrZSlPJ_8562eb5n03dgZX0_m8OAQ
.www.linkedin.com/	1970-01-21 01:32:17	Name: bscookie Value: "v=1&20231208021005ddb4e983-2eb5-4eb0-8854-91472e49a525AQGjNayCP88KeZTlTAE0gjq0wOV1Fy1X"
.linkedin.com/	1970-01-20 21:05:53	Name: li_gc Value: MTswOzE3MDIwMDE0MDU7MjswMjEvAs9+iacC57W45LSKZVE9yIDQALMjdRw14Jnt3mQZFA==
.intruder.io/	1970-01-20 21:05:53	Name: __hstc Value: 68294094.fe2ce55db29acf93f90bf0593115d4fd.1702001405616.1702001405616.1702001405616.1
.intruder.io/	1970-01-20 21:05:53	Name: hubspotutk Value: fe2ce55db29acf93f90bf0593115d4fd
.intruder.io/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.intruder.io/	1970-01-20 16:46:43	Name: __hssc Value: 68294094.1.1702001405617
.hubspot.com/	1970-01-20 16:46:43	Name: __cf_bm Value: GWh0q4RTRRUzcUorN8Lnz9p8fZ_TVWSmpxk0_.QJak0-1702001405-0-Abq9wWOlfioIXJ0xMIeV7tswiaUs9BB9uuXRnN9tHKh4kOK/9WCg3xIq9Mxn1vgWzKMIJaXiPb5DCmh96LtXXHw=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: vhSIqVa8jYdV4KkaoVZ6nm9DgfdLM3GfSK6_r9m4wfY-1702001405771-0-604800000
.intruder.io/	1970-01-20 23:15:31	Name: intercom-id-yez6ce5n Value: 63a9bb82-5350-4438-ba94-f50b966b5877
.intruder.io/	1970-01-20 16:56:46	Name: intercom-session-yez6ce5n Value:
.intruder.io/	1970-01-20 23:15:31	Name: intercom-device-id-yez6ce5n Value: 08c100da-3f57-4818-8d68-d3af9e77a01c

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api-iam.intercom.io
api-internal.intruder.io
assets-global.website-files.com
assets.website-files.com
bat.bing.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
connect.facebook.net
d1l6p2sc9645hc.cloudfront.net
d3e54v103j8qbb.cloudfront.net
data.gosquared.com
downloads.intercomcdn.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
get.geojs.io
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hscollectedforms.net
js.intercomcdn.com
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
storage.googleapis.com
track.hubspot.com
tracking.g2crowd.com
unpkg.com
use.typekit.net
widget.intercom.io
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.intruder.io
www.linkedin.com
108.157.4.103
13.107.42.14
13.32.27.19
18.210.132.136
18.66.147.43
18.66.248.94
2001:4860:4802:32::36
2600:9000:206f:4200:15:a0d3:77c0:93a1
2600:9000:2315:aa00:f:fd8f:b000:93a1
2600:9000:243d:ba00:11:3b84:d200:93a1
2600:9000:243d:f400:12:9e5f:cac0:93a1
2606:4700:10::6816:2c6e
2606:4700:20::ac43:46e9
2606:4700:4400::6812:22e5
2606:4700:4400::ac40:90e1
2606:4700::6810:4dba
2606:4700::6810:5914
2606:4700::6810:7daf
2606:4700::6810:be59
2606:4700::6811:190e
2606:4700::6811:579a
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::200a
2a00:1450:4001:802::2004
2a00:1450:4001:802::201b
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::200e
2a00:1450:400c:c00::9a
2a02:26f0:480:f::213:7ec6
2a02:26f0:780::210:a40a
2a02:26f0:780::210:a469
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
3.33.152.127
34.249.200.254
35.171.200.195
52.222.232.99
00f0ca5978af7f577f3bb245b52f5b98546fca77cbf7b2b42838fddc2b53cd59
026e0334e803cf2aadc379101e61937153ab27c1a77039f842dd75a8d2acab34
089436f8415aeeeb9a8f6c175cf3d9aff818662af1ff73aef4b0906575460df4
0a9cf0033c7a056a1fc7c1bf678fee69bc5b99a88c20212dd00ed16a70b2f98f
0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0
0e43bf523b4b03cf656074fee4e78f659036f45e8e343b01ef9b260339758ace
12f8ac3fc64ae3115833e285d66b58636d6c8c954eca2832e1cd4432bd24b744
1420e47d5334162b0593a626c8d3159cc7f78bd01241a26f535ab5e1fb378f43
1b15fe2971998a048aebb60f26f6eed76122071db9ef3b995abd003224f52a98
22d80f937d6d702fab693fba52ca8c9e75cc6c4bf6d71e040c65c602278b22ff
2516ffceaee624e95516f2caa7b8f25100993d94230e624c8ee7858a8552bcc9
254309f1954bb42ce3d8741a1ff65e62ac4d67501fb6f03962cad2a26171a407
2b517e93a68cb99952b049a002a5fb713d2c817e06a70dfb8d78067eaa86afd7
2f9b39d4685187f53d059fa79097782292ba1954f9e29d518adee023e86d90c1
31000c90d9c42f5e6578a0e002440da3e77484eaa72965835ce8867294db2af3
34b3a205f8a3de9af4531da302777f7dd48a79a5ae3d57061dcf3743a9d1a56d
361f81a908802deaecefb24d8b3b0cefd527976f3258f9acb8f6ce3a9a22e6de
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
41aee88d28d01eaf74f59c6f61511707c49d1f9e72a45a4b8ef1c962d3fdfcdd
460f61872cbcc858ab380a59c2c0617838f09ff05ff5f4880c94241d2af5ebcf
4d4e470997ef87da35e1b0aa220a4ebaa62a8ca661291385aef94b80b89b8472
4f068e941a0410d1899c858c9b1ce0c97b7877b78bf53fee3337949e2c8825da
5028aa8921f4cac5eb7e209aec12e26a206abe49d147a446fdcf19bae0ee6ea4
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f4de154a4a94c4d9d3a112aaa48fdbf9156ddff739c4bb83f479443f738ae58
676661a4cd041701a55233d2cc1358cd874d1fd5d85256eaa35ef98e5615b28e
6fa152503e57142b822556d4ffc3ddd86417c7af18e3591d0812a19a6ca86e49
72b8e509ef946d3ca1ba0141ad77bc9924fc4b135afb90a5065818164c7e04c6
72d0e968a2bc13b2b3af3a39d1aa6f240e37b3054feaf1ca31b18399974111fb
762ae9c57b00b6079e218991907a7377b05bd3ebec5e16abe34e25bae814996c
76c97ea57258e394f1dab0a6886ac17a8be277b485253469eaa2b5f0af42df80
77b716612c82a972a2619f66c6c0b6270ac4e20ef4afed45e4c114413f9c5c50
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8640f1b21ee5bfab780371f6e6680c20a79505832d555d88ad9bd37921d375e5
889794fd02992011c4b843a05190531656d4c6148e6d4375be6bab3432b580d0
92443d06835a28423649bca60e6d755e4a1bd09638443196d58e0dd1f06c827f
9568f121a5388589a304e2553cb0fd327ea643270634bbbe7dfa97b05d4c27da
96dda43dcb13274a3c65158a2a0ba9b2d7f5a6215a23b1ddafb26525f63075cb
978711dfe9482705eee076dc906877ba3a8b43c095c65c468237aa612c892cdc
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9c4ea932ba4feba08c8486917f79710309a44e497e81b4a2214fab3f3de5aaf4
a2eefa82fcc4ef9caf67ab77f3f488c4828d10fdb57d624e3b79ca41d34425b9
a98b0d22fb50853a6fbb1a665e510a9595d2dae5f86a5774f8f0c2f701955532
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
be222a2f26519a90d2451ef326e2f1df7552aa5c86230d1d04d5f861d97c8267
c6981bb75dbbcf57742ebad456e947cef155e160cad40197e0bca398317c466a
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
cd9b5f36c64db80af8025f635d95105f07fc83edc2ba61e1500b406a7fa2be05
d23fb46cde3d24a7f2c5ef5b750b118eed476a8c4fdc5c07b3927fd819accc83
db53e2912b77469c64a3f0ba2b09e5fa90fe1d2b16bb50820a4f18d2d0cf3fb6
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e945d20f8e921a9d0ebed1c9cb68ee80becc63cdd939b3965256fcec5adb7f6c
eb38beea12a3a708c8dd789701ec714cf96cafb77c0385c20fb7b46ac1ca069a
ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9fc05f497293b4b20afb0f492156cfa41072bd6c9b8a7409bdbf32c0e93d0b5

www.intruder.io Open in urlscan Pro 34.249.200.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

73 Requests

99 %HTTPS

76 %IPv6

31 Domains

44 Subdomains

42 IPs

4 Countries

1788 kBTransfer

4585 kBSize

35 Cookies

20 Outgoing links

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.intruder.io Open in urlscan Pro
34.249.200.254 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

99 %
HTTPS

76 %
IPv6

31
Domains

44
Subdomains

42
IPs

4
Countries

1788 kB
Transfer

4585 kB
Size

35
Cookies

73 HTTP transactions
0 data transactions