parsiya.net Open in urlscan Pro
185.199.108.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Submission: On June 01 via manual (June 1st 2022, 6:06:25 pm UTC) from CA — Scanned from CA

Summary HTTP 45 Redirects Links 73 Behaviour Indicators

Summary

This website contacted 10 IPs in 1 countries across 7 domains to perform 45 HTTP transactions. The main IP is 185.199.108.153, located in United States and belongs to FASTLY, US. The main domain is parsiya.net.
TLS certificate: Issued by R3 on May 15th 2022. Valid for: 3 months.

This is the only time parsiya.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	185.199.108.153 185.199.108.153	54113 (FASTLY) (FASTLY)
2	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
12	2600:9000:20e... 2600:9000:20e9:e400:6:8656:f5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
2	199.232.194.49 199.232.194.49	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4006:822::200e	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2607:f8b0:400... 2607:f8b0:4006:81c::200d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
45	10

16 185.199.108.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-108-153.github.com

parsiya.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

parsiya.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:20e9:e400:6:8656:f5c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.194.49 (United States)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200e (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81c::200d (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	parsiya.net parsiya.net	649 KB
14	disquscdn.com c.disquscdn.com — Cisco Umbrella Rank: 4124 a.disquscdn.com — Cisco Umbrella Rank: 8095	526 KB
6	disqus.com parsiya.disqus.com disqus.com — Cisco Umbrella Rank: 2859 referrer.disqus.com — Cisco Umbrella Rank: 6128	64 KB
5	google.com apis.google.com — Cisco Umbrella Rank: 100 accounts.google.com — Cisco Umbrella Rank: 78	44 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 144	86 KB
1	gstatic.com www.gstatic.com	34 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 97
45	7

	Domain	Requested by
16	parsiya.net	parsiya.net
12	c.disquscdn.com	parsiya.disqus.com disqus.com c.disquscdn.com
4	disqus.com	parsiya.disqus.com c.disquscdn.com
3	accounts.google.com	apis.google.com parsiya.net www.gstatic.com
2	apis.google.com	c.disquscdn.com apis.google.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	a.disquscdn.com	c.disquscdn.com
1	referrer.disqus.com
1	www.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	parsiya.disqus.com	parsiya.net
45	11

This site contains links to these domains. Also see Links.

Domain
parsiya.io
github.com
queue.acm.org
www.google.com
positive.security
textslashplain.com
twitter.com
docs.microsoft.com
www.nirsoft.net
hackerone.com
ea.com
zero.lol
www.thezdi.com
www.slideshare.net
en.wikipedia.org
www.vdoo.com
bugs.chromium.org
bash.cyberciti.biz
devblogs.microsoft.com
googleprojectzero.blogspot.com
proofofcalc.com
jeffs.sh
retrogod.altervista.org
www.electronjs.org
bitbucket.org
chromium.googlesource.com
thewhiteh4t.github.io
hackernoon.com
www.zerodayinitiative.com
www.blackhat.com
blog.chichou.me
2019.zeronights.ru
www.ea.com
keybase.io
www.linkedin.com
awsome.pw
gohugo.io

Subject Issuer	Validity	Valid
parsiya.net R3	`2022-05-15` - `2022-08-13`	3 months	crt.sh
*.disqus.com Sectigo RSA Domain Validation Secure Server CA	`2022-04-20` - `2023-04-20`	a year	crt.sh
a.disquscdn.com Amazon	`2021-10-31` - `2022-11-28`	a year	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2022-01-03` - `2023-02-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-11` - `2022-06-09`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Frame ID: 55986F3E6C411DA34A1BBE43E6FDB1A2
Requests: 21 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
Frame ID: B893A5B6130FDB3BAF900151E3063F11
Requests: 20 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 804753B6BF2579B059702B83AC2ED089
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Attack Surface Analysis - Part 2 - Custom Protocol Handlers

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Page Statistics

45
Requests

100 %
HTTPS

60 %
IPv6

7
Domains

11
Subdomains

10
IPs

1
Countries

1403 kB
Transfer

2350 kB
Size

3
Cookies

73 Outgoing links

These are links going to different origins than the main page.

URL: https://parsiya.io/
Title: My Clone

Search URL Search Domain Scan URL

URL: https://github.com/parsiya/parsiya.net
Title: Source Repo

Search URL Search Domain Scan URL

URL: https://queue.acm.org/detail.cfm?id=3197520
Title: Manual Work is a Bug

Search URL Search Domain Scan URL

URL: https://www.google.com/search?q=andrew+ridgeley
Title: The Other Guy from Wham!

Search URL Search Domain Scan URL

URL: https://positive.security/blog/url-open-rce
Title: Allow arbitrary URLs, expect arbitrary code execution

Search URL Search Domain Scan URL

URL: https://textslashplain.com/2019/08/29/web-to-app-communication-app-protocols/
Title: Web-to-App Communication: App Protocols

Search URL Search Domain Scan URL

URL: https://twitter.com/ericlaw
Title: Eric Lawrence

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Title: procmon

Search URL Search Domain Scan URL

URL: https://www.nirsoft.net/utils/url_protocol_view.html
Title: URLProtocolView

Search URL Search Domain Scan URL

URL: https://twitter.com/cyku_tw
Title: Cyku

Search URL Search Domain Scan URL

URL: https://hackerone.com/reports/1001255
Title: https://hackerone.com/reports/1001255

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.start?view=net-5.0#System_Diagnostics_Process_Start_System_String_
Title: Process.Start(String)

Search URL Search Domain Scan URL

URL: https://positive.security/blog/url-open-rce#windows-10-19042
Title: Windows 10 19042

Search URL Search Domain Scan URL

URL: https://ea.com/security
Title: EA security

Search URL Search Domain Scan URL

URL: https://twitter.com/zer0pwn
Title: Dominik Penner/zer0pwn

Search URL Search Domain Scan URL

URL: https://zero.lol/posts/2019-05-22-fun-with-uri-handlers/
Title: Fun With Custom URI Schemes

Search URL Search Domain Scan URL

URL: https://www.thezdi.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
Title: Loading up a Pair of Qt Bugs: Detailing CVE-2019-1636 and CVE-2019-6739

Search URL Search Domain Scan URL

URL: https://zero.lol/posts/2019-05-13-xss-to-rce/
Title: A Questionable Journey From XSS to RCE

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/LewisArdern/so-you-thought-you-were-safe-using-angularjs-think-again
Title: So you thought you were safe using AngularJS.. Think again!

Search URL Search Domain Scan URL

URL: https://twitter.com/LewisArdern
Title: Lewis Ardern

Search URL Search Domain Scan URL

URL: https://hackerone.com/reports/873614
Title: PlayStation Now

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Ninth_Doctor
Title: Ninth Doctor

Search URL Search Domain Scan URL

URL: https://twitter.com/b1ack0wl
Title: @b1ack0wl

Search URL Search Domain Scan URL

URL: https://github.com/b1ack0wl/linux_mint_poc
Title: The URI handler for yelp

Search URL Search Domain Scan URL

URL: https://www.vdoo.com/blog/exploiting-custom-protocol-handlers-in-windows
Title: Exploiting Custom Protocol Handlers in Windows

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=785809
Title: Chromium bug 785809

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=785809#c22
Title: comment #22

Search URL Search Domain Scan URL

URL: https://bash.cyberciti.biz/guide/$IFS
Title: Internal Field Separator or IFS

Search URL Search Domain Scan URL

URL: https://twitter.com/jonasLyk/status/1372952003719143428
Title: Tweet

Search URL Search Domain Scan URL

URL: https://twitter.com/jonasLyk
Title: @jonasLyk

Search URL Search Domain Scan URL

URL: https://devblogs.microsoft.com/oldnewthing/20060509-30/?p=31263
Title: subtle ways your innocent program can be Internet-facing

Search URL Search Domain Scan URL

URL: https://github.com/tyranid
Title: James Forshaw's

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html
Title: The Definitive Guide on Win32 to NT Path Conversion

Search URL Search Domain Scan URL

URL: https://proofofcalc.com/cve-2019-6453-mIRC/
Title: https://proofofcalc.com/cve-2019-6453-mIRC/

Search URL Search Domain Scan URL

URL: https://jeffs.sh/CVEs/CVE-2020-13699.txt
Title: Unquoted URI handler in the TeamViewer Windows Desktop Application

Search URL Search Domain Scan URL

URL: https://twitter.com/jeffssh
Title: Jeffrey Hofmann

Search URL Search Domain Scan URL

URL: http://retrogod.altervista.org/
Title: Andrea Micalizzi

Search URL Search Domain Scan URL

URL: https://www.electronjs.org/
Title: Electron

Search URL Search Domain Scan URL

URL: https://bitbucket.org/chromiumembedded/cef/src
Title: Chromium Embedded Framework (CEF)

Search URL Search Domain Scan URL

URL: https://www.thezdi.com/blog/2018/12/18/top-5-day-two-electron-boogaloo-a-case-for-technodiversity
Title: Top 5 Day Two: Electron Boogaloo - a Case for Technodiversity

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/chromium/+/master/content/public/common/content_switches.cc#414
Title: gpu-launcher

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/chromium/+/master/content/public/common/content_switches.cc#118
Title: disable-gpu-sandbox

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/chromium/+/master/content/public/common/content_switches.cc#463
Title: no-sandbox

Search URL Search Domain Scan URL

URL: https://www.electronjs.org/blog/protocol-handler-fix
Title: Electron framework was passing the Chromium switches directly

Search URL Search Domain Scan URL

URL: https://thewhiteh4t.github.io/2018/11/16/ubisoft-uplay-rce-exploit.html
Title: Ubisoft Uplay Desktop Client

Search URL Search Domain Scan URL

URL: https://hackernoon.com/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
Title: Exodus wallet

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/chromium/+/master/content/public/common/content_switches.cc#507
Title: source code

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/aosp/platform/external/libchrome/+/refs/heads/stabilize-8530.93.B/base/metrics/histogram_base.cc#136
Title: Chromium source code

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/aosp/platform/external/libchrome/+/refs/heads/master/base/metrics/histogram_base.cc
Title: the current version

Search URL Search Domain Scan URL

URL: https://github.com/arntsonl/calc_security_poc/blob/master/hta/calc.hta
Title: proof of concept

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file#:~:text=Note%20that%20directory%20names%20are%20stored%20by%20the%20file%20system%20as%20a%20special%20type%20of%20file,
Title: special type of files

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions//ms536496%28v=vs.85%29
Title: Introduction to HTML Applications (HTAs) on docs.microsoft.com

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.environment.expandenvironmentvariables
Title: Environment.ExpandEnvironmentVariables(String)

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/src/+/master/chrome/browser/flag_descriptions.cc
Title: flag-descriptions.cc

Search URL Search Domain Scan URL

URL: https://chromium.googlesource.com/chromium/chromium/+/master/content/public/common/content_switches.cc#32
Title: browser-subprocess-command

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/advisories/ZDI-18-280/
Title: Spotify Music Player URI parsing Command Injection Remote Code Execution Vulnerability

Search URL Search Domain Scan URL

URL: https://www.zerodayinitiative.com/advisories/ZDI-18-215/
Title: Amazon Music Player URI parsing Command Injection Remote Code Execution Vulnerability

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/archive/blogs/ieinternals/understanding-protocols
Title: Understanding Protocols on docs.microsoft.com

Search URL Search Domain Scan URL

URL: https://www.slideshare.net/JeremyBrown37/provoking-windows-dragoncon-2016
Title: Provoking Windows - DragonCon 2016 - start at slide 77

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/presentations/bh-europe-08/McFeters-Rios-Carter/Presentation/bh-eu-08-mcfeters-rios-carter.pdf
Title: URI Use and Abuse - Black Hat Europe 2008 - slides

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/presentations/bh-europe-08/McFeters-Rios-Carter/Whitepaper/bh-eu-08-mcfeters-rios-carter-WP.pdf
Title: whitepaper

Search URL Search Domain Scan URL

URL: https://blog.chichou.me/2018/01/28/electron-s-bug-shellexecute-to-blame/
Title: Electron's bug, ShellExecute to blame?

Search URL Search Domain Scan URL

URL: https://twitter.com/CodeColorist
Title: @CodeColorist

Search URL Search Domain Scan URL

URL: https://2019.zeronights.ru/wp-content/themes/zeronights-2019/public/materials/1_ZN2019_Juho_Nurminen.pdf
Title: Electron, scheme handlers, and stealthy security patches

Search URL Search Domain Scan URL

URL: https://twitter.com/jupenur
Title: Juho Nurminen

Search URL Search Domain Scan URL

URL: https://www.ea.com/security
Title: Electronic Arts

Search URL Search Domain Scan URL

URL: https://github.com/parsiya/

Search URL Search Domain Scan URL

URL: https://twitter.com/cryptogangsta/

Search URL Search Domain Scan URL

URL: https://keybase.io/parsiya/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/parsiya

Search URL Search Domain Scan URL

URL: https://awsome.pw/
Title: AWSome.pw - S3 bucket squatting - my very legit branded vulnerability

Search URL Search Domain Scan URL

URL: https://gohugo.io/
Title: Hugo

Search URL Search Domain Scan URL

URL: https://github.com/parsiya/hugo-octopress/
Title: Hugo-Octopress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 81 KB
20 KB 253ms
180ms Document
text/html 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: a44915f888e7e5947a32ae6e22136f27dff66fbf7753c8c435632558d2299be9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 0
cache-control: max-age=600
content-encoding: gzip
content-length: 20462
content-type: text/html; charset=utf-8
date: Wed, 01 Jun 2022 18:06:20 GMT
etag: W/"6264597f-14282"
expires: Wed, 01 Jun 2022 18:16:20 GMT
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-request-id: 7e934b5486385d5374a59301939e4b2912edc2a6
x-github-request-id: DDD8:0F5E:DFA60:1386B9:6297AA9C
x-proxy-cache: MISS
x-served-by: cache-yul12829-YUL
x-timer: S1654106781.691116,VS0,VE170

GET
H2 200 fonts.css
parsiya.net/css/ 3 KB
640 B 179ms
178ms Stylesheet
text/css 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/css/fonts.css
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 393dd6e5398ccb198fc66601d3310a37dd43fc0ae338bd9fdfcd427b8f95c016

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 4d5617b61fcdd84be4aef18a4f27328a6efc70ab
date: Wed, 01 Jun 2022 18:06:21 GMT
content-encoding: gzip
age: 0
x-cache: MISS
content-length: 458
x-served-by: cache-yul12829-YUL
access-control-allow-origin: *
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: DD92:3990:27F2EF:31154D:6297AA9C
x-timer: S1654106781.879664,VS0,VE168
etag: W/"6264597f-ca0"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 hugo-octopress.css
parsiya.net/css/ 39 KB
8 KB 180ms
179ms Stylesheet
text/css 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/css/hugo-octopress.css
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 538de71e82a62a7a54aa448cb725dc40c010c7b947b3a30f059b21902ac00627

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 18069831d489cd3430afa4929230db99aae593d2
date: Wed, 01 Jun 2022 18:06:21 GMT
content-encoding: gzip
age: 0
x-cache: MISS
content-length: 8265
x-served-by: cache-yul12829-YUL
access-control-allow-origin: *
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: E5A2:316E:D5242:12B7A8:6297AA9C
x-timer: S1654106781.879743,VS0,VE168
etag: W/"6264597f-9dd1"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 fork-awesome.min.css
parsiya.net/css/ 31 KB
7 KB 181ms
180ms Stylesheet
text/css 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/css/fork-awesome.min.css
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 30653f254abfe34085adfc635dbe69663a68666c623f62ae2023791252c535df

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: a1ff5b322e7906ef30f5bf53a12482c7e92616b5
date: Wed, 01 Jun 2022 18:06:21 GMT
content-encoding: gzip
age: 0
x-cache: MISS
content-length: 7432
x-served-by: cache-yul12829-YUL
access-control-allow-origin: *
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 92E4:9A6E:170A6F:1AF1DD:6297AA9C
x-timer: S1654106781.879734,VS0,VE169
etag: W/"6264597f-7df9"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 01-wmplayer-run.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 15 KB
15 KB 188ms
187ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/01-wmplayer-run.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 09c590ba77c9096cea4d676ee89efc842e9d74fe89e5ebce2ad6198f8271514a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: b3fbc178f1e3f11c6c8a2db7458332b997e8ef59
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 15133
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: B88A:0F5F:18933E:1F9774:6297AA9C
x-timer: S1654106781.900970,VS0,VE168
etag: "6264597f-3b1d"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 02-wmplayer-procmon.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 17 KB
18 KB 182ms
181ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/02-wmplayer-procmon.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: f2cad4442760fe702bd5b58dac47fe1183f6144bbee633b4f80468080890d775

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 31df3a6755741b10764166d3973170401720efcc
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 17796
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: AC42:7FDE:23BAC2:2C7F1B:6297AA9C
x-timer: S1654106781.900956,VS0,VE167
etag: "6264597f-4584"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Wed, 01 Jun 2022 18:16:20 GMT

GET
H2 200 03-gwd-poc.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 280 KB
280 KB 489ms
488ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/03-gwd-poc.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 215e126b2464ab6aced399e46c78b129371d9a856244ed9042a8f6612106f402

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 7da927684f27465a79b46ceb22673ccf5b50ca5b
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 286245
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: A936:32F4:7BA57:C6B4E:6297AA9C
x-timer: S1654106781.900943,VS0,VE476
etag: "6264597f-45e25"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Wed, 01 Jun 2022 18:16:20 GMT

GET
H2 200 05-hta-executed.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 23 KB
23 KB 189ms
188ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/05-hta-executed.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: addbf4a8f6ffac00302ae63c2d7df27de5f74d5e7e533e0581da82f684c0328d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: a435b2bd6107c254732c3aa7cd9757956f4e0e0d
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 23424
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 5BA4:7FDE:23BAC2:2C7F1C:6297AA9C
x-timer: S1654106781.900943,VS0,VE170
etag: "6264597f-5b80"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 06-hta-procmon.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 21 KB
21 KB 177ms
176ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/06-hta-procmon.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: bcebdd9bcd7928b969441f542fbbd747840fd1daf315c2d8dda1ef02376c6da2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 8082bc0fe1c637fc5dabc7be1c674b8ca3833c9e
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 21469
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: BFBE:9A6C:93AA8:B157B:6297AA9C
x-timer: S1654106781.900909,VS0,VE164
etag: "6264597f-53dd"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:20 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 04-nordvpn-uri.png
parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/ 6 KB
6 KB 186ms
186ms Image
image/png 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/04-nordvpn-uri.png
Requested by: Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 5f045bded31e93f99d47f7493928eec264301c787ff5246622276e1faa75fd32

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 024b6d88a1b8246aebfee34001ce468dfb1a7897
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 5977
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 1744:49AF:EDC82:12B250:6297AA9C
x-timer: S1654106781.900892,VS0,VE168
etag: "6264597f-1759"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Wed, 01 Jun 2022 18:16:20 GMT

GET
H2 200 pt-serif-v9-latin-regular.woff2
parsiya.net/fonts/ 32 KB
32 KB 193ms
193ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/pt-serif-v9-latin-regular.woff2
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: e18ade8df4b6e742eccf00ad8eba3832a16297b915fbe79ca2558e707d30a42a

Request headers

Referer: https://parsiya.net/css/fonts.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: e14dc398c076bfb12f396f55c26bacf23994a502
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 32652
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 5BA4:7FDE:23BAC6:2C7F21:6297AA9D
x-timer: S1654106781.072596,VS0,VE173
etag: "6264597f-7f8c"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:21 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 pt-sans-v9-latin-regular.woff2
parsiya.net/fonts/ 44 KB
44 KB 182ms
181ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/pt-sans-v9-latin-regular.woff2
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 143c5c0124d14b936536af0c656e10aebbc2bb832563f00137f7e9c717195df1

Request headers

Referer: https://parsiya.net/css/fonts.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 32abce15667e852844328571f1e44329bfbf2f18
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 45052
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 2E2C:0481:177150:1E428D:6297AA9D
x-timer: S1654106781.073235,VS0,VE170
etag: "6264597f-affc"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Wed, 01 Jun 2022 18:16:21 GMT

GET
H2 200 forkawesome-webfont.woff2
parsiya.net/fonts/ 83 KB
83 KB 190ms
189ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/forkawesome-webfont.woff2?v=1.0.11
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fork-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 86305c01d421f0d558863ca3594c65256defa8e7c715b452d95e215b996cf9cb

Request headers

Referer: https://parsiya.net/css/fork-awesome.min.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: a72e4603a3b32d264d9b58adec33ccfa0f9b29fd
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 85264
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 318A:49C1:166907:1CECD3:6297AA9D
x-timer: S1654106781.073283,VS0,VE172
etag: "6264597f-14d10"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:21 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 pt-serif-v9-latin-700.woff2
parsiya.net/fonts/ 28 KB
29 KB 179ms
179ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/pt-serif-v9-latin-700.woff2
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: e436778f48ec72f828d948d11ed8fddaa31c89709253763f70c9b0bbf80bc95f

Request headers

Referer: https://parsiya.net/css/fonts.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 66407479dee00b29fdbbc720942ea2c96a1ab36e
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 29040
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: C89C:49C2:260ADB:2ED61F:6297AA9D
x-timer: S1654106781.073926,VS0,VE169
etag: "6264597f-7170"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:21 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 pt-serif-v9-latin-italic.woff2
parsiya.net/fonts/ 33 KB
34 KB 180ms
180ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/pt-serif-v9-latin-italic.woff2
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 93e4b905bee35a36c677763de8ea05bbdddc8cd9a85a878dbae1e8541ed32908

Request headers

Referer: https://parsiya.net/css/fonts.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: d811a768a493ae96ff56ffdb2cfedb528366d149
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
content-length: 34300
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 593A:0F61:252098:2E137C:6297AA9D
x-timer: S1654106781.075617,VS0,VE169
etag: "6264597f-85fc"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 01 Jun 2022 18:16:21 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 pt-serif-v9-latin-700italic.woff2
parsiya.net/fonts/ 27 KB
28 KB 190ms
189ms Font
font/woff2 185.199.108.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://parsiya.net/fonts/pt-serif-v9-latin-700italic.woff2
Requested by: Host: parsiya.net
URL: https://parsiya.net/css/fonts.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS: cdn-185-199-108-153.github.com
Software: GitHub.com /
Resource Hash: 70b0f897d53aa3ea80d50f06d93424b801a0d19a8befdf613a8e406d4039fdd0

Request headers

Referer: https://parsiya.net/css/fonts.css
Origin: https://parsiya.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-fastly-request-id: 81865df1112f9734e8c6e22b588b97a536796ff5
date: Wed, 01 Jun 2022 18:06:21 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 27964
x-served-by: cache-yul12829-YUL
last-modified: Sat, 23 Apr 2022 19:54:39 GMT
server: GitHub.com
x-github-request-id: 1744:49AF:EDC84:12B251:6297AA9D
x-timer: S1654106781.076610,VS0,VE170
etag: "6264597f-6d3c"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
expires: Wed, 01 Jun 2022 18:16:21 GMT

GET
H/1.1 200
OK embed.js Show response
parsiya.disqus.com/ 78 KB
25 KB 122ms
76ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://parsiya.disqus.com/embed.js

Requested by

Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

cf17cc073e2755cd1fe27cd03545c351dd4fed345222eef0166fd7879176284a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 18:06:21 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 25393
Cross-Origin-Resource-Policy: cross-origin

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ 0
26 KB 129ms
33ms Other
text/css 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: parsiya.disqus.com
URL: https://parsiya.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6216008
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:13 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: ontM8rNYnSAEnqw_OBLyxZeRYlVCyxltzWe8RoNBZ87AEcYMGh-f5w==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js
c.disquscdn.com/next/embed/ 0
93 KB 151ms
55ms Other
application/javascript 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: parsiya.disqus.com
URL: https://parsiya.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3706513
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: Ztm3qBA84oiSNELQGMrPxdxTMy4FoR5OEir2NZ_bgUoazeo-Ewnomw==
x-cache-hits: 0

GET
H2 200 lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js
c.disquscdn.com/next/embed/ 0
121 KB 184ms
88ms Other
application/javascript 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js

Requested by

Host: parsiya.disqus.com
URL: https://parsiya.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1918563
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123201
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1e141"
content-type: application/javascript; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: UNb5g_XCSkMwWBvJI9s3L1jNnFe-GiD3kO8gGXjSOyQErMFHir6r0g==
x-cache-hits: 0

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
15 KB 36ms
10ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: parsiya.disqus.com
URL: https://parsiya.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://parsiya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 18:06:21 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 6
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15276
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame B893 6 KB
4 KB 53ms
52ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default

Requested by

Host: parsiya.disqus.com
URL: https://parsiya.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

fd02190a83811fcc2e574112876bf7e44b0149e9f85ec253043f154406403e2e

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://parsiya.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Age: 0
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2722
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Content-Type: text/html; charset=utf-8
Cross-Origin-Resource-Policy: cross-origin
Date: Wed, 01 Jun 2022 18:06:21 GMT
ETag: W/"lounge:view:8441677823.05b51ae8b8ba6604c1cd50a25f7c4014.2"
Last-Modified: Thu, 18 Mar 2021 03:10:50 GMT
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Strict-Transport-Security: max-age=300; includeSubdomains
Timing-Allow-Origin: *
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"

GET
H2 200 lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js Show response
c.disquscdn.com/next/embed/ Frame B893 958 B
1 KB 86ms
28ms Script
application/javascript 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b902d7ba78659a80d05f31e599aba4dec14072711d49c42eb3188a716adaf642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1918563
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 495
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1ef"
content-type: application/javascript; charset=utf-8
via: 1.1 25e7bebca39745fba964bb8cceec363e.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: i33leC-olJ09qELVRCCHep5B--37tGrMm4iEFPnNv65b6QvMPuzPdw==
x-cache-hits: 0

GET
H2 200 common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js Show response
c.disquscdn.com/next/embed/ Frame B893 282 KB
93 KB 28ms
28ms Script
application/javascript 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.9db7f31f906666f4d56c3f4488ea0e6c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 19 Apr 2022 20:31:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3706513
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 94755
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 19 Apr 2022 20:21:53 GMT
server: nginx
etag: "625f19e1-17223"
content-type: application/javascript; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Wed, 19 Apr 2023 20:31:08 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: 0O6XcTpMyGsD861WUXehoJJ1LtQqiVjNQCseXOWeoQwfOQZuUm0Krg==
x-cache-hits: 0

GET
H2 200 lounge.63860eb743c7d9d2adf0fa435788abe7.css
c.disquscdn.com/next/embed/styles/ Frame B893 165 KB
26 KB 28ms
28ms Stylesheet
text/css 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 21 Mar 2022 19:26:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6216008
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 26078
x-xss-protection: 1; mode=block
x-served-by: static-web-2
access-control-allow-origin: *
surrogate-key: next
last-modified: Mon, 21 Mar 2022 19:03:40 GMT
server: nginx
etag: "6238cc0c-65de"
content-type: text/css; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Tue, 21 Mar 2023 19:26:13 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: MJwe4BIoDFkmWrHg3FJZgXl4R3I8CtuHXW497bqdd5M6B0cTQNfZ2w==
x-cache-hits: 0

GET
H2 200 lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js Show response
c.disquscdn.com/next/embed/ Frame B893 476 KB
121 KB 30ms
30ms Script
application/javascript 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

6188135f984e2ff0352d6218a20717f620efda7d4644dfad19b792735a37cc8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Tue, 10 May 2022 13:10:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1918563
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 123201
x-xss-protection: 1; mode=block
x-served-by: static-web-1
access-control-allow-origin: *
surrogate-key: next
last-modified: Tue, 10 May 2022 13:06:19 GMT
server: nginx
etag: "627a634b-1e141"
content-type: application/javascript; charset=utf-8
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
expires: Wed, 10 May 2023 13:10:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
timing-allow-origin: *
x-amz-cf-id: xZATUoSHG7QyDIXzdq7NGjQfOb0b-Ka1MiMF9IrR4bRlDsZ_zgVXbA==
x-cache-hits: 0

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame B893 15 KB
15 KB 11ms
10ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7184f2085bedef65d3c0c459b2ade2c5cda92c16f4b6e426618aae36fc20d754

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 18:06:21 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 6
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 15276
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame B893 3 KB
3 KB 42ms
42ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=parsiya&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c0b8ab365edb8fad70b92990b34db0a5300484328fb7446774f86e1db47f6661

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
X-Requested-With: XMLHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 18:06:21 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3024
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1647409581/images/ Frame B893 2 KB
2 KB 55ms
14ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1647409581/images/noavatar92.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 18:06:21 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 281663
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: YUL62-C1
content-length: 1644
x-amz-cf-id: fVLszYHA3VxzDW7kYQNBJon3Wpj_gDSTzhR02IlkTptgx3KKFGYiRw==
expires: Thu, 28 Apr 2022 20:11:44 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame B893 13 KB
13 KB 28ms
28ms Image
image/svg+xml 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 30 Apr 2022 05:43:02 GMT
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2809399
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Sun, 30 Apr 2023 05:43:02 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: qMz8thXYsThLXnRK0n0dj6S8NrcCe3gHkXLTuFPyUEyaW6mpsFZSOg==
x-cache-hits: 0

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame B893 3 KB
3 KB 29ms
28ms Image
image/gif 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 02 May 2022 21:10:18 GMT
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2580963
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 2971
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-b9b"
content-type: image/gif
access-control-allow-origin: *
expires: Tue, 02 May 2023 21:10:18 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: u02HJgPOBlzp4lKfMQj3FuRrvyBdumnrTAwAw-FO46363v7cpWvAQA==
x-cache-hits: 0

GET
H2 200 sprite.ad630a07080a45451f139a7487853ff8.png
c.disquscdn.com/next/embed/assets/img/ Frame B893 2 KB
2 KB 29ms
29ms Image
image/png 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 19:47:49 GMT
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 21766712
x-cache: Hit from cloudfront
content-length: 1763
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Wed, 22 Sep 2021 19:30:27 GMT
server: nginx
etag: "614b8453-6e3"
content-type: image/png
access-control-allow-origin: *
expires: Thu, 22 Sep 2022 19:47:49 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 4KfyDFBcjgMJXKG0V9EjXFqsT49HvK8ingzwDBqfSXlokuJYzFYJOQ==
x-cache-hits: 0

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame B893 8 KB
8 KB 30ms
30ms Font
application/octet-stream 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 07 May 2022 01:16:30 GMT
via: 1.1 25e7bebca39745fba964bb8cceec363e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2220591
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 7900
x-xss-protection: 1; mode=block
x-served-by: static-web-1
surrogate-key: next
last-modified: Fri, 06 May 2022 16:25:41 GMT
server: nginx
etag: "62754c05-1edc"
content-type: application/octet-stream
access-control-allow-origin: *
expires: Sun, 07 May 2023 01:16:30 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 3bKic9ns6-lfqTkaROEBVKPuLafUdOYDqB3P5xfSr9z6rU7wm58EIQ==
x-cache-hits: 0

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame B893 3 KB
2 KB 67ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

13e8b1fdc14b8d5fe80cddd8857fa7d24a2e0e5afc8023bd79098e182cdfa401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 21ZfPwYiyGoJFK2CFEkoqQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: WMAcZJBqnwLl8K3SJd+8g60MoaOUy2ZQxxFeRsKe0q9E1GrcDt1KFYVnmX1vWZpzfESD+zZhHfQ+nbiLjYhJJw==
x-fb-trip-id: 1512268381
x-fb-content-md5: 3bd7a73d2a1e44858ed86ed3184e70bc
x-frame-options: DENY
date: Wed, 01 Jun 2022 18:06:21 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "a7d8c4522c168bac3b85ab8b4b957062"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 01 Jun 2022 18:24:06 GMT

GET
H2 200 api.js Show response
apis.google.com/js/ Frame B893 14 KB
6 KB 89ms
42ms Script
text/javascript 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de30b1fc781f1344f02ff2230b868a870e18cea33e2228017066b2f1d2ef753d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5520
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
date: Wed, 01 Jun 2022 18:06:21 GMT
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "5e358415b06c48cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 18:06:21 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame B893 13 KB
13 KB 28ms
27ms Image
image/svg+xml 2600:9000:20e9:e400:6:8656:f5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20e9:e400:6:8656:f5c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://c.disquscdn.com/next/embed/styles/lounge.63860eb743c7d9d2adf0fa435788abe7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 30 Apr 2022 05:43:02 GMT
via: 1.1 dc760475944e10360a952041f2e88fc8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 2809399
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 13079
x-xss-protection: 1; mode=block
x-served-by: static-web-2
surrogate-key: next
last-modified: Tue, 26 Apr 2022 19:12:12 GMT
server: nginx
etag: "6268440c-3317"
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
expires: Sun, 30 Apr 2023 05:43:02 GMT
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: ORD52-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Q-9fKbCgLlKmastZXmaQI30W2FsZerS9qZAJjbMv_6OjX_Mt2Sa1gw==
x-cache-hits: 0

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ Frame B893 294 KB
84 KB 38ms
18ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=454dfaee84238a5fb2fa97d584c93ab3

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bc8811f579b34717a703ad5de2b44ea3dff60bf9dcf542270a46810f817f5948

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
Origin: https://disqus.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: W+lrfakFirjiJA4nLQ0DSw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 85714
x-fb-rlafr: 0
x-fb-debug: C4PGsQ2Eydg2I3JZe088wvh6FEda0uxlzn0Ua/srQemxvJQTRIPd+6SPBRNfEZvqrjacse5tvxrejkbzcbryTQ==
x-fb-content-md5: 23a227786882d19299ddf46debbd2b6f
x-frame-options: DENY
date: Wed, 01 Jun 2022 18:06:21 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "2fb1a9f8d94edc6481f1b817bf84143d"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 01 Jun 2023 13:46:28 GMT

GET
H3 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.KVSPb_Y8pSk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gW8E5WGSmGcbq8d2kz7xJze20YQ/ Frame B893 108 KB
36 KB 62ms
19ms Script
text/javascript 2607:f8b0:4006:822::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.KVSPb_Y8pSk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gW8E5WGSmGcbq8d2kz7xJze20YQ/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e7ff8a9893c0fb085662356cddd8e57d34b4241bb5bbe1d9ad002d973c2fb77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 18:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36599
x-xss-protection: 0
last-modified: Sat, 30 Apr 2022 15:21:12 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 01 Jun 2023 18:05:33 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ Frame B893 0
0 80ms
34ms Fetch
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fparsiya.net&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dparsiya%26t_u%3Dhttps%253A%252F%252Fparsiya.net%252Fblog%252F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%252F%26t_d%3DAttack%2520Surface%2520Analysis%2520-%2520Part%25202%2520-%2520Custom%2520Protocol%2520Handlers%26t_t%3DAttack%2520Surface%2520Analysis%2520-%2520Part%25202%2520-%2520Custom%2520Protocol%2520Handlers%26s_o%3Ddefault%23version%3D9db7f31f906666f4d56c3f4488ea0e6c&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.33bc87b2c4f9324203cc85b7dd1d0492.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: O+MZdODUradCX90PU56oWcMKWu1WCWXW1DbEGf8ojQ3hbkwAfo1Q608M9YqjFIrk1mNkna3xEPVxEIY5LdO2vA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Wed, 01 Jun 2022 18:06:22 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 8047 283 B
1 KB 150ms
92ms Document
text/html 2607:f8b0:4006:81c::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.KVSPb_Y8pSk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9gW8E5WGSmGcbq8d2kz7xJze20YQ/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::200d Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad39bd0e4d927c65c58f9a3fc2bd4bd741276029130feb0316e0dfe0f382477e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VCh0noQ-OM-IGCDOfmKl6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-VCh0noQ-OM-IGCDOfmKl6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Wed, 01 Jun 2022 18:06:22 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 400 cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 8047 2 KB
845 B 89ms
45ms Other
text/html 2607:f8b0:4006:81c::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/_/IdpIFrameHttp/cspreport

Requested by

Host: parsiya.net
URL: https://parsiya.net/blog/2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::200d Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bd095fdf7027a6372907c0475430b379b2c7669cbdd2c5f84c95b34991121fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Wed, 01 Jun 2022 18:06:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 1; mode=block
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=base Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.WvCiOdHrPNo.es5.O/d=1/rs=AOaEmlEUGBMzSKyE8UIfLPIqu4VuXDqtXg/ Frame 8047 98 KB
34 KB 67ms
20ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.WvCiOdHrPNo.es5.O/d=1/rs=AOaEmlEUGBMzSKyE8UIfLPIqu4VuXDqtXg/m=base

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6091520bc4bc7ba560c91d09f6258eab8abc8499124eb0e8ce131fbf691f419

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 30 May 2022 15:55:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 180653
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34436
x-xss-protection: 0
last-modified: Sat, 21 May 2022 01:51:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 May 2023 15:55:29 GMT

GET
H3 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 8047 49 B
95 B 155ms
154ms XHR
application/json 2607:f8b0:4006:81c::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.en_US.WvCiOdHrPNo.es5.O/d=1/rs=AOaEmlEUGBMzSKyE8UIfLPIqu4VuXDqtXg/m=base

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::200d Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-u6JDrBj8YX62_33oFs5Wlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
X-Requested-With: XmlHttpRequest
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 18:06:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: same-site
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
cross-origin-opener-policy: same-origin
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-u6JDrBj8YX62_33oFs5Wlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
expires: Wed, 01 Jun 2022 18:06:22 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1647409581/images/ Frame B893 2 KB
2 KB 10ms
10ms Image
image/png 199.232.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1647409581/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.275044d1ea778800bd83f8337ba3d84e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.194.49 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Wed, 01 Jun 2022 18:06:22 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 281663
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
content-type: image/png
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: YUL62-C1
content-length: 1644
x-amz-cf-id: fVLszYHA3VxzDW7kYQNBJon3Wpj_gDSTzhR02IlkTptgx3KKFGYiRw==
expires: Thu, 28 Apr 2022 20:11:44 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame B893 43 B
339 B 58ms
26ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&load_time=851&event=init_embed&thread=8441677823&forum=parsiya&forum_id=3318856&imp=3ouo6aj33oi0op&prev_imp&thread_slug=attack_surface_analysis_part_2_custom_protocol_handlers&user_type=anon&referrer=https%3A%2F%2Fparsiya.net%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://disqus.com/embed/comments/?base=default&f=parsiya&t_u=https%3A%2F%2Fparsiya.net%2Fblog%2F2021-03-17-attack-surface-analysis-part-2-custom-protocol-handlers%2F&t_d=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&t_t=Attack%20Surface%20Analysis%20-%20Part%202%20-%20Custom%20Protocol%20Handlers&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Wed, 01 Jun 2022 18:06:22 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
disqus.com/	1970-01-20 03:28:28	Name: __jid Value: 3ouo6aj33oi0op
.disqus.com/	1970-01-20 12:14:02	Name: disqus_unique Value: 3ouo6cf2s0ona6
.google.com/	1970-01-20 07:51:57	Name: NID Value: 511=PLJtPzL4VKCWeagfWMcWEsv0NYHGduH4quo2fIXUPCYjlgZYFuvXaydvLHLDCbBnZ2h1JQr03_yZ0SH2Dn0Sm1gnr40AWvG8d5i3Zcaflw5NfYC_wvGdBTDGjSoFl9LCO_H59zaK15XTJhwkLUcVIHR5l-LU5cQzH1moO5Ki030

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
accounts.google.com
apis.google.com
c.disquscdn.com
connect.facebook.net
disqus.com
parsiya.disqus.com
parsiya.net
referrer.disqus.com
www.facebook.com
www.gstatic.com
151.101.128.134
185.199.108.153
199.232.194.49
199.232.196.134
2600:9000:20e9:e400:6:8656:f5c0:93a1
2607:f8b0:4006:809::2003
2607:f8b0:4006:81c::200d
2607:f8b0:4006:822::200e
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
09c590ba77c9096cea4d676ee89efc842e9d74fe89e5ebce2ad6198f8271514a
13e8b1fdc14b8d5fe80cddd8857fa7d24a2e0e5afc8023bd79098e182cdfa401
143c5c0124d14b936536af0c656e10aebbc2bb832563f00137f7e9c717195df1
215e126b2464ab6aced399e46c78b129371d9a856244ed9042a8f6612106f402
2e7ff8a9893c0fb085662356cddd8e57d34b4241bb5bbe1d9ad002d973c2fb77
30653f254abfe34085adfc635dbe69663a68666c623f62ae2023791252c535df
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
393dd6e5398ccb198fc66601d3310a37dd43fc0ae338bd9fdfcd427b8f95c016
4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
538de71e82a62a7a54aa448cb725dc40c010c7b947b3a30f059b21902ac00627
5f045bded31e93f99d47f7493928eec264301c787ff5246622276e1faa75fd32
6188135f984e2ff0352d6218a20717f620efda7d4644dfad19b792735a37cc8d
64cee676a611b27aca955c5e227666f9d955682512ec25b982bd5e2f92eb61dd
70b0f897d53aa3ea80d50f06d93424b801a0d19a8befdf613a8e406d4039fdd0
7184f2085bedef65d3c0c459b2ade2c5cda92c16f4b6e426618aae36fc20d754
86305c01d421f0d558863ca3594c65256defa8e7c715b452d95e215b996cf9cb
8784042e14531617c1aef40d7623d3dd1d0b24730721c779e0c3ae86ed03990e
93e4b905bee35a36c677763de8ea05bbdddc8cd9a85a878dbae1e8541ed32908
9714221c828961b20f45a782c3281c0596f6652cfe1299bee18097f98e8fb7b3
a44915f888e7e5947a32ae6e22136f27dff66fbf7753c8c435632558d2299be9
ad39bd0e4d927c65c58f9a3fc2bd4bd741276029130feb0316e0dfe0f382477e
addbf4a8f6ffac00302ae63c2d7df27de5f74d5e7e533e0581da82f684c0328d
b6091520bc4bc7ba560c91d09f6258eab8abc8499124eb0e8ce131fbf691f419
b902d7ba78659a80d05f31e599aba4dec14072711d49c42eb3188a716adaf642
bc8811f579b34717a703ad5de2b44ea3dff60bf9dcf542270a46810f817f5948
bcebdd9bcd7928b969441f542fbbd747840fd1daf315c2d8dda1ef02376c6da2
bd095fdf7027a6372907c0475430b379b2c7669cbdd2c5f84c95b34991121fa6
c0b8ab365edb8fad70b92990b34db0a5300484328fb7446774f86e1db47f6661
cf17cc073e2755cd1fe27cd03545c351dd4fed345222eef0166fd7879176284a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
de30b1fc781f1344f02ff2230b868a870e18cea33e2228017066b2f1d2ef753d
e18ade8df4b6e742eccf00ad8eba3832a16297b915fbe79ca2558e707d30a42a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e436778f48ec72f828d948d11ed8fddaa31c89709253763f70c9b0bbf80bc95f
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f2cad4442760fe702bd5b58dac47fe1183f6144bbee633b4f80468080890d775
fd02190a83811fcc2e574112876bf7e44b0149e9f85ec253043f154406403e2e

parsiya.net Open in urlscan Pro 185.199.108.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

60 %IPv6

7 Domains

11 Subdomains

10 IPs

1 Countries

1403 kBTransfer

2350 kBSize

3 Cookies

73 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

parsiya.net Open in urlscan Pro
185.199.108.153 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

60 %
IPv6

7
Domains

11
Subdomains

10
IPs

1
Countries

1403 kB
Transfer

2350 kB
Size

3
Cookies

45 HTTP transactions
0 data transactions