- Secrets, Mysteries, and a New Update!
MarcusWeinberger - What I've found

I decided (finally) to look into's structure, and see if I could find anything neat. The results are... interesting, but thankfully I don't see any gaping holes which is what I expected.

(Bonus message at the end - just did a very neat update)


I found these using the handy recon-ng tool and a google dork (site:*


What's on them

What, if anything, is on each of them

I was unable to connect to this one, but that's just visiting it as a website. I'd like to do a portscan but I'm concerned about the legality.

This one is pretty weird. It seems to be a mirror of the regular Looking at the subdomain, staging, maybe it's a redundancy for the main site? For them to upgrade then switch? I'm not quite sure as I haven't had much experience in the corporate world and I don't know how things are typically done. When you visit this site, you get prompted to login. Doing this with google doesn't work, and I havent been bothered to try sign up yet. You can, however, create anonymous repls that work, so yeah.

Edit: Thanks to @PaoloAmoroso for explaining what a staging server is for -
"A staging server is a server for testing a system or some of its features using a setup and configuration similar to the production server's."

Now, when I found this, I was reeeeeeaally hoping that they had a public API so I could automate some neat stuff, however it appears to either be closed off or down, as I just get hit with a cloudflare page.

Edit: Having just stumbled upon, a project that appears to have been sadly abandoned, maybe this had something to do with it?

I cannot, for the life of me, imagine what this would be for. When visiting it, all it returns is ヾ(*ФωФ)βyё βyё☆彡. Now, what's neat is that you get the same result when doing something like this. Maybe it's the default return for whatever google service use for running code.

Edit: after peeking into's abandoned cli npm module,, this appears to be the default option for the -G argument. It calls this the goval host, which I can't seem to find any information about. For now, I'll just assume this has been abandoned along with

Google 404 page. As I suspected, use google for something, whether it be data hosting or server management.

Wasn't able to connect to it through my browser, judging from the name it may have some interesting ports open but I also doubt it.

Strangely, I wasn't able to connect to this either. I was sure that they were hosting all their images on it, but maybe you need some form of authentication that I'm too dumb to figure out. I have no clue what I'm doing.

This is pretty neat, it shows's uptime and other info.

This one is really curious. If you head to this url, it will just redirect you straight to, however, using the google dork (just search that up in google) we can see what appears to be websites hosted on there. I'll look into that more later. They all appear to be under the /data/web_hosting_1/ uri which I think means they're ready to expand, which is good.

Edit: Okay I think its for all the HTML,CSS,JS sites hosted on, but that can't be right as there is way more than them. Actually while I was typing this I now realise that it's for sites where people have connected a domain to. must save the actual files somewhere static in order to have them connected to that custom domain. That makes sense to me.

Just the regular site, nothing interesting to see here.

Some sort of mirror for the doc pages of browserffy? Not sure why it's hosted on

Edit: After a quick look, it seems to be browserify hosted on From what I can understand, they must use it for their nodejs projects and what it does, is grab whatever requirement, install it, and serve it as a standalone module. Pretty neat!


I can't believe it took me this long to check for this. Also, something interesting, I think rolled out an update as I was typing this as they've started using a different tool to install packages in python, and repls are loading faster than they've been for the past day or so. Nice. It appears that now, instead of rebuilding each python package each time, they load them from a database of pre-built packages. I'm glad they did this because everything runs a lot quicker! Well done,!

Edit: This is actually probably only an update for those opted in to the beta lol which is good because they messed up one of my repls.

More about the update

Okay actually I changed my mind, I'm not done with the new beta update. It broke one of my repls. updated one of their docker packages, which they use to install requirements, two hours ago as of now. This update did something that changed how they install them for python. For some reason, they decided to now use the python poetry module to install things, which is neat, sure, but doesn't seem to like having a git dependency in the requirements.txt. I don't even know how it works with a requirements.txt file as from what I can tell from their github page, it should only work with their special toml files which look too complicated and bothersome.

Furthermore, I had no clue they even had a docker profile, but it makes sense that they'd run stuff with docker as it's a good fit. I found an old post talking about how they use docker, but I guess I just never saw that.

Late update

So, many people seem to think that use docker for running repls, and while that is technically true, I think I might have just found out a bit more! While experimenting with getting the exact time a uuid was generated, I found the MAC address (a unique identifier) of the server where the repl was being run. After doing a google search for that specific MAC address, I found it in a github issue page for moby, and it appears that, unless I made a mistake, this is what use/have used.

You are viewing a single comment. View All

@EchoCoding I don't know what you mean by that, I'm not quite sure what those are