owasp.org
Open in
urlscan Pro
2606:4700:10::6816:1b4d
Public Scan
Submission: On May 24 via api from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 4th 2020. Valid for: 6 months.
This is the only time owasp.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
24 | 2606:4700:10:... 2606:4700:10::6816:1b4d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:801::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 185.199.110.153 185.199.110.153 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:400c:c03::9d | 15169 (GOOGLE) (GOOGLE) | |
3 | 2606:4700:e0:... 2606:4700:e0::ac40:6d07 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 140.82.118.6 140.82.118.6 | 36459 (GITHUB) (GITHUB) | |
31 | 6 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN36459 (GITHUB, US)
PTR: lb-140-82-118-6-ams.github.com
api.github.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
24 |
owasp.org
owasp.org |
397 KB |
3 |
browser-update.org
browser-update.org |
13 KB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
18 KB |
1 |
github.com
api.github.com |
2 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
99 B |
1 |
github.io
buttons.github.io |
5 KB |
31 | 6 |
Domain | Requested by | |
---|---|---|
24 | owasp.org |
owasp.org
|
3 | browser-update.org |
owasp.org
browser-update.org |
2 | www.google-analytics.com |
1 redirects
owasp.org
|
1 | api.github.com |
buttons.github.io
|
1 | stats.g.doubleclick.net |
owasp.org
|
1 | buttons.github.io |
owasp.org
|
31 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-04-04 - 2020-10-09 |
6 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-05-05 - 2020-07-28 |
3 months | crt.sh |
*.github.com DigiCert SHA2 High Assurance Server CA |
2019-07-08 - 2020-07-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://owasp.org/www-community/attacks/CORS_OriginHeaderScrutiny
Frame ID: D086B77B5AA1CEFAF35152474AF59642
Requests: 31 HTTP requests in this frame
Screenshot
Detected technologies
Varnish (Cache Tools) ExpandDetected patterns
- headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
32 Outgoing links
These are links going to different origins than the main page.
Title: Update browser
Search URL Search Domain Scan URL
Title: Apply Now
Search URL Search Domain Scan URL
Title: Start a New Project...
Search URL Search Domain Scan URL
Title: Start a Local Chapter...
Search URL Search Domain Scan URL
Title: Global AppSec - San Francisco, October 19-23, 2020
Search URL Search Domain Scan URL
Title: DEFCON 28, August 6-9, 2020
Search URL Search Domain Scan URL
Title: LASCON 2020, October 28-29, 2020
Search URL Search Domain Scan URL
Title: Global AppSec - Dublin, February 15-19, 2021
Search URL Search Domain Scan URL
Title: Video
Search URL Search Domain Scan URL
Title: Mozilla Wiki
Search URL Search Domain Scan URL
Title: CORS requests
Search URL Search Domain Scan URL
Title: W3C Specification
Search URL Search Domain Scan URL
Title: Wikipedia
Search URL Search Domain Scan URL
Title: CORS Abuse
Search URL Search Domain Scan URL
Title: Edit on GitHub
Search URL Search Domain Scan URL
Title: Global AppSec SF October 19th-23rd
Search URL Search Domain Scan URL
Title: Global AppSec Dublin February 15-19th, 2021
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://www.google-analytics.com/r/collect?v=1&_v=j82&a=699218058&t=pageview&_s=1&dl=https%3A%2F%2Fowasp.org%2Fwww-community%2Fattacks%2FCORS_OriginHeaderScrutiny&ul=en-us&de=UTF-8&dt=CORS%20OriginHeaderScrutiny%20%7C%20OWASP%20Foundation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=369995477&gjid=1639252155&cid=924511928.1590351366&tid=UA-4531126-1&_gid=1536131602.1590351366&_r=1&z=448270332 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-4531126-1&cid=924511928.1590351366&jid=369995477&_gid=1536131602.1590351366&gjid=1639252155&_v=j82&z=448270332
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
CORS_OriginHeaderScrutiny
owasp.org/www-community/attacks/ |
21 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
VysKc6u4esKUPSvHsQdElKxMW4A.js
owasp.org/cdn-cgi/apps/head/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
owasp.org/www--site-theme/assets/css/ |
117 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
owasp.org/www--site-theme/assets/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
owasp.org/www--site-theme/assets/js/ |
1 KB 905 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.js
owasp.org/www--site-theme/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yaml.min.js
owasp.org/www--site-theme/assets/js/ |
42 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.js
buttons.github.io/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
owasp.org/assets/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 99 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
owasp.org/assets/fontawesome/ |
74 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-regular.woff2
owasp.org/assets/font/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
update.min.js
browser-update.org/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-medium.woff2
owasp.org/assets/font/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
owasp.org/assets/fontawesome/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menus.json
owasp.org/www--site-theme/assets/sitedata/ |
4 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
corp_members.yml
owasp.org/assets/sitedata/ |
47 KB 48 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
acunetix.png
owasp.org/assets/images/corp-member-logo/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcl.png
owasp.org/assets/images/corp-member-logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blackhat.png
owasp.org/assets/images/corp-member-logo/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sig.png
owasp.org/assets/images/corp-member-logo/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
security-journey.png
owasp.org/assets/images/corp-member-logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ub-secure.png
owasp.org/assets/images/corp-member-logo/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
immuniweb.png
owasp.org/assets/images/corp-member-logo/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sqreen.png
owasp.org/assets/images/corp-member-logo/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nowsecure.png
owasp.org/assets/images/corp-member-logo/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hi-solutions.png
owasp.org/assets/images/corp-member-logo/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
update.show.min.js
browser-update.org/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
www-community
api.github.com/repos/owasp/ |
6 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c.png
browser-update.org/static/img/small/ |
787 B 940 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| CloudflareApps function| handleOutboundLinkClicks function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery object| $buoop function| $buo_f function| Cookies function| YAML object| members string| url object| corp_members object| $bu_ function| $buo function| $bu_getBrowser object| _buorgres function| $buo_show4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.owasp.org/ | Name: _gat Value: 1 |
|
.owasp.org/ | Name: _gid Value: GA1.2.1536131602.1590351366 |
|
.owasp.org/ | Name: _ga Value: GA1.2.924511928.1590351366 |
|
.owasp.org/ | Name: __cfduid Value: d62cbbe8448572bb8bc06ca3d4ec2372e1590351365 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.github.com
browser-update.org
buttons.github.io
owasp.org
stats.g.doubleclick.net
www.google-analytics.com
140.82.118.6
185.199.110.153
2606:4700:10::6816:1b4d
2606:4700:e0::ac40:6d07
2a00:1450:4001:801::200e
2a00:1450:400c:c03::9d
03dbf63d39ef188eae3e589009f24129d9877d800de6c001898936dfb8e5c71b
088bfbdd4a9de1675989a23eec734b4c416760c6a2be754d19bb86fe26a04055
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0a3bac1c5db6d5d3b81ccda64b05605813c8d1a6b6bdfef5a0a1aa8595fac6ba
0e9fa8a99754184ca80fd32d5220a592f1f82092b8ffc46015f598cc1b7058ee
0f0ef489e63f8c0f3391a73281f41e35aa271d13912f27ac2bc25184ecdb8ddb
1cf74fe38b602addfa6f04a257194aec3d9deebc558688f05c15c8f32af590aa
1d0b22836717e8c5c13bc3c81fef015e3428e9f7aba5698db29bab4ec45a8f09
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
3c262a2b4318d90adc79a9eb208b015a5e9458c94f11e74894cba4af63aa9224
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
46a93c10a7187083838e302812adaee587582785b8d90ac96d3b7dd7ad186e9b
5c1f4155a0b1bb89562a5f064e21114e750034417993fbd5bfff4fb478ace38d
5c3a8a374a99fcaf17f62475ef3bddb3ef766b010a3014edb24a6055a0bea867
5f979bb91eaf11b4a8f292cf49bab2250eb755cff8f6a10169977db44acabd3e
63b465731d10bbb4fdd81311c1efb8b486c67f20e9af015c47ea07b85a98fd90
7644ce1e769736b30ff6f6db6b2687264da69fb8d2c6ee764c37a4d5deb9cc49
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
8d6579b9de4a13ee5f1b057a0e91b959f1299f2d995663599018893d0c2ad6b4
9375e80aafc2a67204d00cd002eb7817676568a2a2887d5bc2628d2ef459d013
9d3c2fe849bf063a7bed62e807904610f68fc9a9c5013b8ebf37ba1549ec2ab0
a70117bf0ba012eae8c4dc6bc319775270c8adbf1532486ec0a5d1ff70b0385f
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
cfdd753abe86451e7f7e3ab162d810b64fc5cbb64aa61622f80c5672dea5bf93
d7173bfd073e661ac1782586c3e596c772d4cb4cbb83667a4d55505a28ba6322
d938b9b9773f147f1b82c35803fbdc32f5469bfc39e61836ebaa1edd528366ef
ee212f69428cdabfc535c64077a9fa01bc8bd2406d342b0bc353960cd363a48d
f58a109a11741d70c099c8c6107ffd0ffcf14d3654eb0262354cccfb8a8a16cd