hacktricks/pentesting-web/domain-subdomain-takeover.md

# Domain/Subdomain takeover

<details>

<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Other ways to support HackTricks:

* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>

<figure><img src="../.gitbook/assets/image (3) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}

## Domain takeover

If you discover some domain (domain.tld) that is **being used by some service inside the scope** but the **company** has l**o**st the **ownership** of it, you can try to **register** it (if cheap enough) and let know the company. If this domain is receiving some **sensitive information** like a sessions cookie via **GET** parameter or in the **Referer** header, this is for sure a **vulnerability**.

### Subdomain takeover

A subdomain of the company is pointing to a **third-party service with a name not registered**. If you can **create** an **account** in this **third party service** and **register** the **name** being in use, you can perform the subdomain take over.

There are several tools with dictionaries to check for possible takeovers:

* [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)
* [https://github.com/blacklanternsecurity/bbot](https://github.com/blacklanternsecurity/bbot)
* [https://github.com/punk-security/dnsReaper](https://github.com/punk-security/dnsReaper)
* [https://github.com/haccer/subjack](https://github.com/haccer/subjack)
* [https://github.com/anshumanbh/tko-sub](https://github.com/anshumanbh/tko-subs)
* [https://github.com/ArifulProtik/sub-domain-takeover](https://github.com/ArifulProtik/sub-domain-takeover)
* [https://github.com/SaadAhmedx/Subdomain-Takeover](https://github.com/SaadAhmedx/Subdomain-Takeover)
* [https://github.com/Ice3man543/SubOver](https://github.com/Ice3man543/SubOver)
* [https://github.com/m4ll0k/takeover](https://github.com/m4ll0k/takeover)
* [https://github.com/antichown/subdomain-takeover](https://github.com/antichown/subdomain-takeover)
* [https://github.com/musana/mx-takeover](https://github.com/musana/mx-takeover)

#### Scanning for Hijackable Subdomains with [BBOT](https://github.com/blacklanternsecurity/bbot):

Subdomain takeover checks are included in BBOT's default subdomain enumeration. Signatures are pulled directly from [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz).
```bash
bbot -t evilcorp.com -f subdomain-enum
```
### DNS Wildcard jImej

DNS Wildcard jImejDaq jImejDaq vItlhutlhlaHbe'chugh, jImejDaq vItlhutlhlaHbe'chughDaq jImejDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq **ghItlhvam**. vaj 'oH 'ej vaj 'oH...

mung: 'ej 'oH `*.testing.com` vItlhutlhlaHbe'chughDaq `1.1.1.1` vItlhutlhlaHbe'chughDaqDaq. vaj `not-existent.testing.com` vItlhutlhlaHbe'chughDaq `1.1.1.1` vItlhutlhlaHbe'chughDaqDaq.

'ach, 'oH 'ej vaj 'oH, 'ej vaj 'oH **CNAME** vItlhutlhlaHbe'chughDaqDaq **qarDaq** vItlhutlhlaHbe'chughDaqDaq, **github subdomain** (vaj `sohomdatta1.github.io`) vItlhutlhlaHbe'chughDaqDaq. 'ach, **CNAME Wildcard** vItlhutlhlaHbe'chughDaqDaq, **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq **ghItlhvam** vItlhutlhlaHbe'chughDaqDaq
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00			`# Domain/Subdomain takeover`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`<details>`

arte 2023-12-31 01:25:17 +00:00			`<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
arte 2023-12-31 01:25:17 +00:00			`Other ways to support HackTricks:`

			`* If you want to see your company advertised in HackTricks or download HackTricks in PDF Check the [SUBSCRIPTION PLANS](https://github.com/sponsors/carlospolop)!`
GitBook: [#3522] No subject 2022-09-30 10:27:15 +00:00			`* Get the [official PEASS & HackTricks swag](https://peass.creator-spring.com)`
arte 2023-12-31 01:25:17 +00:00			`* Discover [The PEASS Family](https://opensea.io/collection/the-peass-family), our collection of exclusive [NFTs](https://opensea.io/collection/the-peass-family)`
A 2024-02-09 07:14:36 +00:00			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
arte 2023-12-31 01:25:17 +00:00			`* Share your hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`

GITBOOK-4230: change request with no subject merged in GitBook 2024-01-10 00:59:55 +00:00			`<figure><img src="../.gitbook/assets/image (3) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
update 2023-01-01 16:19:07 +00:00			`\`
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00			`Use [Trickest](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and automate workflows powered by the world's most advanced community tools.\`
update 2023-01-01 16:19:07 +00:00			`Get Access Today:`
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00
update 2023-01-01 16:19:07 +00:00			`{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00			`## Domain takeover`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00			`If you discover some domain (domain.tld) that is being used by some service inside the scope but the company has lost the ownership of it, you can try to register it (if cheap enough) and let know the company. If this domain is receiving some sensitive information like a sessions cookie via GET parameter or in the Referer header, this is for sure a vulnerability.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: [#3240] No subject 2022-06-06 22:28:05 +00:00			`### Subdomain takeover`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`A subdomain of the company is pointing to a third-party service with a name not registered. If you can create an account in this third party service and register the name being in use, you can perform the subdomain take over.`

			`There are several tools with dictionaries to check for possible takeovers:`

			`* [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz)`
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`* [https://github.com/blacklanternsecurity/bbot](https://github.com/blacklanternsecurity/bbot)`
GitBook: [#3361] No subject 2022-08-12 14:25:49 +00:00			`* [https://github.com/punk-security/dnsReaper](https://github.com/punk-security/dnsReaper)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`* [https://github.com/haccer/subjack](https://github.com/haccer/subjack)`
			`* [https://github.com/anshumanbh/tko-sub](https://github.com/anshumanbh/tko-subs)`
			`* [https://github.com/ArifulProtik/sub-domain-takeover](https://github.com/ArifulProtik/sub-domain-takeover)`
			`* [https://github.com/SaadAhmedx/Subdomain-Takeover](https://github.com/SaadAhmedx/Subdomain-Takeover)`
			`* [https://github.com/Ice3man543/SubOver](https://github.com/Ice3man543/SubOver)`
			`* [https://github.com/m4ll0k/takeover](https://github.com/m4ll0k/takeover)`
			`* [https://github.com/antichown/subdomain-takeover](https://github.com/antichown/subdomain-takeover)`
GitBook: [#3748] No subject 2023-01-13 10:30:46 +00:00			`* [https://github.com/musana/mx-takeover](https://github.com/musana/mx-takeover)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`#### Scanning for Hijackable Subdomains with [BBOT](https://github.com/blacklanternsecurity/bbot):`
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`Subdomain takeover checks are included in BBOT's default subdomain enumeration. Signatures are pulled directly from [https://github.com/EdOverflow/can-i-take-over-xyz](https://github.com/EdOverflow/can-i-take-over-xyz).`
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00			```bash
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00			`bbot -t evilcorp.com -f subdomain-enum`
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00			```
Translated to Klingon 2024-02-10 17:52:19 +00:00			`### DNS Wildcard jImej`
BBOT for bucket enumeration, subdomain takeover 2023-03-21 21:10:11 +00:00
Translated to Klingon 2024-02-10 17:52:19 +00:00			`DNS Wildcard jImejDaq jImejDaq vItlhutlhlaHbe'chugh, jImejDaq vItlhutlhlaHbe'chughDaq jImejDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq ghItlhvam. vaj 'oH 'ej vaj 'oH...`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated to Klingon 2024-02-10 17:52:19 +00:00			mung: 'ej 'oH `*.testing.com` vItlhutlhlaHbe'chughDaq `1.1.1.1` vItlhutlhlaHbe'chughDaqDaq. vaj `not-existent.testing.com` vItlhutlhlaHbe'chughDaq `1.1.1.1` vItlhutlhlaHbe'chughDaqDaq.
arte 2023-12-31 01:25:17 +00:00
Translated to Klingon 2024-02-10 17:52:19 +00:00			'ach, 'oH 'ej vaj 'oH, 'ej vaj 'oH CNAME vItlhutlhlaHbe'chughDaqDaq qarDaq vItlhutlhlaHbe'chughDaqDaq, github subdomain (vaj `sohomdatta1.github.io`) vItlhutlhlaHbe'chughDaqDaq. 'ach, CNAME Wildcard vItlhutlhlaHbe'chughDaqDaq, ghItlhvam vItlhutlhlaHbe'chughDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq 'e' vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq ghItlhvam vItlhutlhlaHbe'chughDaqDaq