connectandrepair.co.uk

Session-specific backend admin portal URL exposed in DNS

$ dig TXT connectandrepair.co.uk

;; QUESTION SECTION:

;connectandrepair.co.uk. IN TXT

;; ANSWER SECTION:

connectandrepair.co.uk. 3600 IN TXT "https://app.websitesforfree.co.uk/admin/ORLp89n2T7fi6cgBkJRmXGplliE3/websites/connectandrepair.co.uk?isPreviewing=true&tutorial=false"

What Happened

Instead of verifying their domain, the administrator pasted the exact, session-specific backend URL to their web builder's admin portal into DNS. This exposes their internal tenant ID (`ORLp89n2T7fi6cgBkJRmXGplliE3`), the platform they use, and configuration state flags (`isPreviewing=true&tutorial=false`) to any automated crawler scanning the .uk zone.

Full TXT Record Value

https://app.websitesforfree.co.uk/admin/ORLp89n2T7fi6cgBkJRmXGplliE3/websites/connectandrepair.co.uk?isPreviewing=true&tutorial=false