What Martin was able to accomplish was to detect that if the server goes down, it will in fact make another request. That’s something I had never tried before personally and a great find! I had tried modifying hosts files, changing DNS records, and all sorts of things, short of ARP spoofing since I generally don’t have access to the switch in question. So the trick is, you change the DNS record and either shut down the webserver or add a firewall rule immediately afterwords to get the browser to drop it’s cached DNS entry for www.whatever.com and poof, you now can get the browser to request the same information from a different IP address without the same origin policies. Voila!