pentester.land
Open in
urlscan Pro
2a06:98c1:3120::3
Public Scan
Submission: On July 14 via manual from IN — Scanned from NL
Summary
TLS certificate: Issued by R3 on June 28th 2023. Valid for: 3 months.
This is the only time pentester.land was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700:10:... 2606:4700:10::6816:335d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:3865 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
pentester.land
pentester.land |
602 KB |
2 |
datatables.net
cdn.datatables.net — Cisco Umbrella Rank: 5568 |
116 KB |
1 |
cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1174 |
7 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 433 |
31 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
12 | pentester.land |
pentester.land
ajax.googleapis.com static.cloudflareinsights.com |
2 | cdn.datatables.net |
pentester.land
|
1 | static.cloudflareinsights.com |
pentester.land
|
1 | ajax.googleapis.com |
pentester.land
|
16 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
pentester.land R3 |
2023-06-28 - 2023-09-26 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-28 - 2024-04-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pentester.land/writeups/
Frame ID: EC0CE8A2224F34D5CE94811ADE6B52D3
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Writeups - Pentester LandDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Cloudflare Browser Insights (Analytics) Expand
Detected patterns
- static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
DataTables (JavaScript Libraries) Expand
Detected patterns
- dataTables.*\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
53 Outgoing links
These are links going to different origins than the main page.
Title: GitHub
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Click here to join the Intigriti community
Search URL Search Domain Scan URL
Title: Security Feature Bypass In ASP.NET and Visual Studio – Race Condition
Search URL Search Domain Scan URL
Title: Story of Clickjacking on Microsoft Leads To Privilege Escalation & Account Takeover Of Admin
Search URL Search Domain Scan URL
Title: Executing Arbitrary Code & Executables in Read-Only FileSystems
Search URL Search Domain Scan URL
Title: Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803
Search URL Search Domain Scan URL
Title: Exploiting XSS in hidden inputs and meta tags
Search URL Search Domain Scan URL
Title: An interesting RCE on a Synack Red Team target!
Search URL Search Domain Scan URL
Title: Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution
Search URL Search Domain Scan URL
Title: CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Search URL Search Domain Scan URL
Title: Unexpected Zero in MySQL Injection
Search URL Search Domain Scan URL
Title: [REL] A Journey Into Hacking Google Search Appliance
Search URL Search Domain Scan URL
Title: Linux local electron application script-src: self bypass
Search URL Search Domain Scan URL
Title: Multiple Vulnerabilities In Cockpit CMS <= V2.5.2
Search URL Search Domain Scan URL
Title: Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Search URL Search Domain Scan URL
Title: Why ORMs and Prepared Statements Can't (Always) Win
Search URL Search Domain Scan URL
Title: Multiple vulnerabilities in UCOPIA <= 6.0.7 (CVE-2022-44719 / CVE-2022-44720)
Search URL Search Domain Scan URL
Title: [ GCP 2022 ] Few bugs in the google cloud shell
Search URL Search Domain Scan URL
Title: Account (of the CEO) Takeover via Password Reset
Search URL Search Domain Scan URL
Title: AWS CodeBuild + S3 == Privilege Escalation
Search URL Search Domain Scan URL
Title: From Blackbox .NET Remoting to Unauthenticated Remote Code Execution
Search URL Search Domain Scan URL
Title: CVE-2023-36934 Analysis: MOVEit Transfer SQL Injection
Search URL Search Domain Scan URL
Title: macOS Atlassian Companion Remote Code Execution
Search URL Search Domain Scan URL
Title: Account Takeover via Custom OTP, No User Interaction Required!
Search URL Search Domain Scan URL
Title: Full Disclosure - DOM-based XSS And Failures In Bug Bounty Hunting
Search URL Search Domain Scan URL
Title: RCE In GitLab's CLI Tool
Search URL Search Domain Scan URL
Title: Windows Installer arbitrary content manipulation Elevation of Privilege (CVE-2020-0911)
Search URL Search Domain Scan URL
Title: Story Of My First RCE :)
Search URL Search Domain Scan URL
Title: Chaining for Critical: Unauthorized to Cloud Administrator
Search URL Search Domain Scan URL
Title: Encrypted Doesn't Mean Authenticated: ShareFile RCE (CVE-2023-24489)
Search URL Search Domain Scan URL
Title: Pulling SYSTEM out of Windows GINA
Search URL Search Domain Scan URL
Title: Getting email address of any HackerOne user worth $7,500
Search URL Search Domain Scan URL
Title: Partial File Read in phpList <= 3.6.12 (CVE-2023-35834)
Search URL Search Domain Scan URL
Title: Hunting for Nginx Alias Traversals in the wild
Search URL Search Domain Scan URL
Title: How We Found Another GitHub Action Environment Injection Vulnerability in a Google Project
Search URL Search Domain Scan URL
Title: Technical Details of CVE-2023-30990 - Unauthenticated RCE in IBM i DDM Service
Search URL Search Domain Scan URL
Title: Domain Takeover Without Domain Admin Permissions
Search URL Search Domain Scan URL
Title: Server-side Template Injection Leading to RCE on Google VRP
Search URL Search Domain Scan URL
Title: Chaining Self Blind XSS with Broken Access Control To Make it Non Self Blind XSS
Search URL Search Domain Scan URL
Title: CVE-2023-33298 - Perimeter81 Local Privilege Escalation
Search URL Search Domain Scan URL
Title: Exploiting the HP Printer without the printer (Pwn2Own 2022)
Search URL Search Domain Scan URL
Title: ServiceNow Insecure Access Control To Full Admin Takeover
Search URL Search Domain Scan URL
Title: RCE via Path Traversal vulnerability in Onlyoffice CommunityServer < 12.5.2 (CVE-2023-34939)
Search URL Search Domain Scan URL
Title: Hunting for Bitwarden master passwords stored in memory
Search URL Search Domain Scan URL
Title: Patch Diffing CVE-2023-28121 to Compromise a WooCommerce
Search URL Search Domain Scan URL
Title: How Abusing AWS CloudFormation Led to a Total Takeover of an AWS Environment
Search URL Search Domain Scan URL
Title: How did I get 200$ with WordPress vulnerability!!!
Search URL Search Domain Scan URL
Title: How i was able to get Account Takeover via Insecure Data Storage and WebView With Exported Activity
Search URL Search Domain Scan URL
Title: SSO Gadgets II: Unauthenticated Client-Side Template Injection to Account Takeover using SSO Gadget Chain
Search URL Search Domain Scan URL
Title: Laravel debug mode left on at Zouikwatzeggen.nl leaks admin credentials & potentially submitted reports of improper behaviour at Amsterdam University Medical Centers
Search URL Search Domain Scan URL
Title: How I get 1000$ bounty for Discovering Account Takeover in Android Application
Search URL Search Domain Scan URL
Title: Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
pentester.land/writeups/ |
22 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jost-v4-latin-regular.woff2
pentester.land/fonts/vendor/jost/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jost-v4-latin-500.woff2
pentester.land/fonts/vendor/jost/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jost-v4-latin-700.woff2
pentester.land/fonts/vendor/jost/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.8b6b56833bb9946f89513a9b39e5b1c3aa0c710b4dd0d52a0bfa3ba083deb713da7a4a20aa25be3c04c0ac48d151bd71013707eae0cd775ec563af41b6f46926.css
pentester.land/ |
110 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ |
88 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.dataTables.css
cdn.datatables.net/1.12.1/css/ |
21 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.dataTables.js
cdn.datatables.net/1.12.1/js/ |
443 KB 113 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
pentester.land/images/ |
15 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
intigriti_iconlogo_landscape_NAVY.png
pentester.land/images/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.54bf0932b8a36d0e152b1635b099a6ef1394d35327e2437550a075c9c8ed1bd8aed5847c21b36fc02ed24014c031d9ca24017b0c78b1639d7e2fa8329898b842.js
pentester.land/js/ |
78 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
highlight.min.0f6c84cad9ce723f37693f4d84941b2527f773c7e340ca9e5f2a95e196384659d13b3c46be12bfbe5b14329f2e2aa6c727d3680e6d33f0e8914ad463bc17fc84.js
pentester.land/js/ |
48 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.min.9dca0982b5ab665da737ca6255450dae5aecc7cd8cda743ecfe6d68825339198bf474d2e17197b5321019114601ebe128515db4816890fd2d11abf8fa3511e67.js
pentester.land/ |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v2cb3a2ab87c5498db5ce7e6608cf55231689030342039
static.cloudflareinsights.com/beacon.min.js/ |
20 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
264 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
writeups.json
pentester.land/ |
3 MB 460 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
rum
pentester.land/cdn-cgi/ |
0 140 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery function| DataTable number| uidEvent object| lazySizes object| __cfBeacon0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src * 'unsafe-inline'; font-src * data:; img-src * data:; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.datatables.net
pentester.land
static.cloudflareinsights.com
2606:4700:10::6816:335d
2606:4700::6810:3865
2a00:1450:4001:80b::200a
2a06:98c1:3120::3
147f992cfc7ebe8436379c342e7043620f102b026e9d82e4a0ac7e5f08669c2d
1d374042dc4a6b523b96adbe0bfe5a00f5be103ead57d2cc7d40468d2f5192b4
54919b3f6bda06855ac729452fadc6798afea83143ea316aa9059e9154682105
73246c8456348484d4dfb8360acc2ec567c024970d1ffe137b7c46b7dfa98d9b
9c37552fecda8922a6fe77bc3ea11401a8ffc8c2aa6f4ecd9d0cfacace9ff4f5
9d3aefc756ce182b859047749164d335dbce2c8e44cf04f349069616199a4835
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
af780e357234ceb6feec085a9a31f46834c88c4d3852d79050ad9dc3658a3a67
b6ec88467d03e77c12b2583965e33f2f92bdd0ae916dd04f5a4a0d09c7ed21e9
c2440ba0b961b6b11b370af0ed2306fd9fff2efa69686f92d4e42fb70b934cde
c3d7918d8d43e652b28e3d659ad0cbd8884d65b628ab37ed945199fadd7f6c26
cd98748755ec9560f8bf9731a17f3ae1e3be2268d1c3d5c02aff4450c52eb5c7
ce08214c4185d69121e68d72a56e60f1c25ed5c57946908dd6e5eb99c88a635a
cef32d98ab4077ef3708825bb5da85328575ab7ffd948208700ebf788e94a888
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf8c0533dff0ea9b9060a066661e7d42c967da1ad3f52c1da742253ef651ce5
f3692e8e36d8553ee6008fb474eee0477eb8f649d94609c515d5665b78cdfc31