blog.fuzzing-project.org Open in urlscan Pro
2a01:4f8:121:1ffe:1:1008:0:104c Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
Submission: On May 22 via api (May 22nd 2021, 9:48:28 pm UTC) from US

Summary HTTP 14 Redirects Links 124 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2a01:4f8:121:1ffe:1:1008:0:104c, located in Hamburg, Germany and belongs to HETZNER-AS, DE. The main domain is blog.fuzzing-project.org.
TLS certificate: Issued by R3 on March 9th 2021. Valid for: 3 months.

This is the only time blog.fuzzing-project.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2a01:4f8:121:... 2a01:4f8:121:1ffe:1:1008:0:104c	24940 (HETZNER-AS) (HETZNER-AS)
2 4	161.156.66.184 161.156.66.184	36351 (SOFTLAYER) (SOFTLAYER)
14	2

12 2a01:4f8:121:1ffe:1:1008:0:104c (Hamburg, Germany)

ASN24940 (HETZNER-AS, DE)

blog.fuzzing-project.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 161.156.66.184 (United States) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.42.9ca1.ip4.static.sl-reverse.com

ssl-vg03.met.vgwort.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	fuzzing-project.org blog.fuzzing-project.org	287 KB
4	vgwort.de 2 redirects ssl-vg03.met.vgwort.de	2 KB
14	2

	Domain	Requested by
12	blog.fuzzing-project.org	blog.fuzzing-project.org
4	ssl-vg03.met.vgwort.de	2 redirects blog.fuzzing-project.org
14	2

This site contains links to these domains. Also see Links.

Domain
fuzzing-project.org
github.com
apr.apache.org
download.vikis.lt
icing.github.io
www.dreamstime.com
flimp.fuzzing-project.org
arxiv.org
xkcd.com
httpd.apache.org
nvd.nist.gov
bz.apache.org
bugs.launchpad.net
svn.apache.org
mail-archives.apache.org
gitweb.gentoo.org
bugs.gentoo.org
pkgsrc.se
lists.gnu.org
www.mail-archive.com
www.slackware.com
security-tracker.debian.org
usn.ubuntu.com
www.golem.de
www.heise.de
threatpost.com
nakedsecurity.sophos.com
arstechnica.com
media.ccc.de
bugzilla.mozilla.org
bugs.chromium.org
developer.microsoft.com
bugs.ghostscript.com
cgit.freedesktop.org
commons.wikimedia.org
www.openwall.com
dev.exiv2.org
crashes.fuzzing-project.org
msdn.microsoft.com
grsecurity.net
clang.llvm.org
www.youtube.com
blog.trailofbits.com
www.chromium.org
curl.haxx.se
chromereleases.googleblog.com
www.nginx.com
sourceware.org
git.musl-libc.org
www.owasp.org
www.openssh.com
blog.hboeck.de
mpm-itk.sesse.net
irssi.org
gitlab.com
cve.mitre.org
www.tripwire.com
bugzilla.gnome.org
git.gnome.org
rpm.org
pkgs.fedoraproject.org
gist.github.com
www.matrixssl.org
lists.lysator.liu.se
access.redhat.com
s9y.org

Subject Issuer	Validity	Valid
blog.fuzzing-project.org R3	`2021-03-09` - `2021-06-07`	3 months	crt.sh
*.met.vgwort.de Thawte RSA CA 2018	`2020-03-13` - `2022-04-01`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
Frame ID: C2387B06785EC07935CFBFA2416A8DE0
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Serendipity (CMS) Expand

Overall confidence: 100%
Detected patterns

meta generator /Serendipity(?: v\.([\d.]+))?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /Serendipity(?: v\.([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

288 kB
Transfer

383 kB
Size

1
Cookies

124 Outgoing links

These are links going to different origins than the main page.

URL: https://fuzzing-project.org/
Title: Back to main page

Search URL Search Domain Scan URL

URL: https://fuzzing-project.org/software.html
Title: Software list

Search URL Search Domain Scan URL

URL: https://github.com/hannob/apache-uaf
Title: memory safety bugs in the Apache web server together with Craig Young

Search URL Search Domain Scan URL

URL: https://apr.apache.org/docs/apr/1.6/group__apr__pools.html
Title: pool allocator

Search URL Search Domain Scan URL

URL: http://download.vikis.lt/manual/developer/debugging.html
Title: find old documentation about "Debugging Memory Allocation in APR"

Search URL Search Domain Scan URL

URL: https://fuzzing-project.org/tutorial-malloc.html
Title: a collection of information about such custom allocators and how to disable them

Search URL Search Domain Scan URL

URL: https://icing.github.io/mod_h2/pool-debugging.html
Title: are non-issues

Search URL Search Domain Scan URL

URL: https://www.dreamstime.com/ddr2-sdram-stands-double-data-rate-synchronous-dynamic-random-access-memory-interface-modules-used-desktop-pcs-public-domain-image-free-87854911
Title: Dreamstime, CC0

Search URL Search Domain Scan URL

URL: https://github.com/hannob/wolfoverflow
Title: bash proof of concept

Search URL Search Domain Scan URL

URL: https://github.com/wolfSSL/wolfssl/pull/1231/commits/9f7e40ad5c8097ff38d7caff4a9989db260981cc
Title: this commit

Search URL Search Domain Scan URL

URL: https://flimp.fuzzing-project.org/
Title: FLIMP!

Search URL Search Domain Scan URL

URL: https://arxiv.org/pdf/1405.2330.pdf
Title: "Support for Various HTTP Methods on the Web"

Search URL Search Domain Scan URL

URL: https://xkcd.com/1354/
Title: XKCD

Search URL Search Domain Scan URL

URL: https://httpd.apache.org/docs/2.4/mod/core.html#limit
Title: Limit

Search URL Search Domain Scan URL

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-9798
Title: CVE-2017-9798

Search URL Search Domain Scan URL

URL: https://bz.apache.org/bugzilla/show_bug.cgi?id=61207
Title: #61207

Search URL Search Domain Scan URL

URL: https://bugs.launchpad.net/launchpad/+bug/1717682
Title: a harmless bug that produces a malformed Allow header

Search URL Search Domain Scan URL

URL: https://github.com/hannob/optionsbleed
Title: python proof of concept script

Search URL Search Domain Scan URL

URL: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
Title: be found here

Search URL Search Domain Scan URL

URL: https://mail-archives.apache.org/mod_mbox/httpd-dev//201709.mbox/%3CCACsi253RfX7OT5NhZCKRru2JpOKoscux%3DjzDzJOnbcF31XHmMw%40mail.gmail.com%3E
Title: Analysis by Apache developer William A. Rowe Jr.

Search URL Search Domain Scan URL

URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c25916f8a7c6f6e22320bb100028496ed980e28
Title: Commit (2.2.34 / 2.4.27-r1 fixed)

Search URL Search Domain Scan URL

URL: https://bugs.gentoo.org/631308
Title: Bug

Search URL Search Domain Scan URL

URL: http://pkgsrc.se/files.php?messageId=20170918132405.F1150FA9A@cvs.NetBSD.org
Title: Commit

Search URL Search Domain Scan URL

URL: https://lists.gnu.org/archive/html/guix-commits/2017-09/msg00644.html
Title: Commit

Search URL Search Domain Scan URL

URL: https://www.mail-archive.com/arch-commits@archlinux.org/msg357403.html
Title: Commit (2.4.27-2 fixed)

Search URL Search Domain Scan URL

URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.551634
Title: Advisory

Search URL Search Domain Scan URL

URL: https://github.com/NixOS/nixpkgs/commit/c9d11b8a1d8d1f3bff230027496e90d0fb963d8b
Title: Commit

Search URL Search Domain Scan URL

URL: https://security-tracker.debian.org/tracker/CVE-2017-9798
Title: Security Tracker

Search URL Search Domain Scan URL

URL: https://security-tracker.debian.org/tracker/DSA-3980-1
Title: Advisory (2.4.10-10+deb8u11, 2.4.25-3+deb9u3)

Search URL Search Domain Scan URL

URL: https://usn.ubuntu.com/usn/usn-3425-1/
Title: Advisory (2.4.25-3ubuntu2.3, 2.4.18-2ubuntu3.5, 2.4.7-1ubuntu4.18)

Search URL Search Domain Scan URL

URL: https://www.golem.de/news/optionsbleed-apache-webserver-blutet-1709-130105.html
Title: Apache-Webserver blutet (Golem.de)

Search URL Search Domain Scan URL

URL: https://www.heise.de/security/meldung/Apache-Webserver-Optionsbleed-Bug-legt-Speicherinhalte-offen-3835313.html
Title: Apache Webserver: "Optionsbleed"-Bug legt Speicherinhalte offen (heise online)

Search URL Search Domain Scan URL

URL: https://threatpost.com/risks-limited-with-latest-apache-bug-optionsbleed/128014/
Title: Risks Limited With Latest Apache Bug, Optionsbleed (Threatpost)

Search URL Search Domain Scan URL

URL: https://nakedsecurity.sophos.com/2017/09/19/apache-optionsbleed-vulnerability-what-you-need-to-know/
Title: Apache “Optionsbleed” vulnerability – what you need to know (Naked Security)

Search URL Search Domain Scan URL

URL: https://arstechnica.com/information-technology/2017/09/apache-bug-leaks-contents-of-server-memory-for-all-to-see-patch-now/
Title: Apache bug leaks contents of server memory for all to see—Patch now (Ars Technica)

Search URL Search Domain Scan URL

URL: https://media.ccc.de/v/cccamp11-4426-certified_programming_with_dependent_types-en
Title: 2011 at the Chaos Communication Camp Andreas Bogk gave a talk about creating a formally verified PDF parser with Ocaml and Coq

Search URL Search Domain Scan URL

URL: https://github.com/qpdf/qpdf/issues/149
Title: same bug

Search URL Search Domain Scan URL

URL: https://github.com/andreas23/pdfparser/blob/master/tests/loop_edited.pdf
Title: be found here

Search URL Search Domain Scan URL

URL: https://bugzilla.mozilla.org/show_bug.cgi?id=1393476
Title: Affected

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/pdfium/issues/detail?id=875
Title: Affected

Search URL Search Domain Scan URL

URL: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13534806/
Title: Affected

Search URL Search Domain Scan URL

URL: https://bugs.ghostscript.com/show_bug.cgi?id=698409
Title: Also affected

Search URL Search Domain Scan URL

URL: https://github.com/mozilla/pdf.js/tree/master/test/pdfs
Title: extensive collection of files

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=450871
Title: [1]

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=457493
Title: [2]

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=450971
Title: [3]

Search URL Search Domain Scan URL

URL: https://cgit.freedesktop.org/poppler/test/
Title: test repository

Search URL Search Domain Scan URL

URL: https://commons.wikimedia.org/wiki/File:Circle_Wind_Sculpture.jpg
Title: Image Source

Search URL Search Domain Scan URL

URL: http://www.openwall.com/lists/oss-security/2017/06/30/1
Title: oss-security

Search URL Search Domain Scan URL

URL: http://dev.exiv2.org/issues/1248
Title: discussion can be read here

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/exiv2-heap-oob-write.tiff
Title: malformed tiff file

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/exiv2-heap-oob-read.jp2
Title: malformed jpeg2000 file

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/exiv2-stack-oob-read.webp
Title: malformed webp file

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065(v=vs.85).aspx
Title: CFGuard

Search URL Search Domain Scan URL

URL: https://grsecurity.net/rap_announce.php
Title: RAP

Search URL Search Domain Scan URL

URL: https://clang.llvm.org/docs/ControlFlowIntegrity.html
Title: official LLVM documentation

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=qTkYDA0En6U
Title: talk by Kostya Serebryany that briefly mentions CFI in the second half

Search URL Search Domain Scan URL

URL: https://blog.trailofbits.com/2016/10/17/lets-talk-about-cfi-clang-edition/
Title: two

Search URL Search Domain Scan URL

URL: https://blog.trailofbits.com/2017/02/20/the-challenges-of-deploying-security-mitigations/
Title: blog

Search URL Search Domain Scan URL

URL: https://www.chromium.org/developers/testing/control-flow-integrity
Title: Chrome is using a subset of the CFI functionality and there's a list of bugs found with it

Search URL Search Domain Scan URL

URL: https://curl.haxx.se/mail/lib-2017-03/0116.html
Title: I proposed

Search URL Search Domain Scan URL

URL: https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698
Title: already applied to curl's git repository

Search URL Search Domain Scan URL

URL: https://github.com/curl/curl/commit/baaf0ba358787dcab708449399fd5eda25311b4f
Title: has been applied as well

Search URL Search Domain Scan URL

URL: https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_29.html
Title: Chrome's release notes

Search URL Search Domain Scan URL

URL: https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype
Title: configured via the .htaccess file

Search URL Search Domain Scan URL

URL: https://github.com/hannob/htpasswdos/blob/master/apr-util-1.5-limit-dos.diff
Title: a patch against apr-util

Search URL Search Domain Scan URL

URL: https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/
Title: no comparable feature

Search URL Search Domain Scan URL

URL: https://sourceware.org/bugzilla/show_bug.cgi?id=20616
Title: submitted a patch to Glibc that limits the execution time to a sane value

Search URL Search Domain Scan URL

URL: https://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha256.c?id=5505f6afae9acf37ef565c68a07ca3df7b1ae2cb#n168
Title: code comment by Rich Felker

Search URL Search Domain Scan URL

URL: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Title: Regular expression Denial of Service - ReDoS

Search URL Search Domain Scan URL

URL: https://media.ccc.de/v/29c3-5152-en-hashflooding_dos_reloaded_h264
Title: this 29C3 talk

Search URL Search Domain Scan URL

URL: https://www.openssh.com/txt/release-7.3
Title: restricted the password length to 1024 characters

Search URL Search Domain Scan URL

URL: https://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?r1=1357780&r2=1772803
Title: patched it

Search URL Search Domain Scan URL

URL: https://blog.hboeck.de/archives/873-The-tricky-security-issue-with-FollowSymLinks-and-Apache.html
Title: other security problems in multi-user settings that are very hard to avoid

Search URL Search Domain Scan URL

URL: http://mpm-itk.sesse.net/
Title: mpm-itk

Search URL Search Domain Scan URL

URL: https://github.com/hannob/htpasswdos
Title: proof of concept examples here

Search URL Search Domain Scan URL

URL: https://commons.wikimedia.org/wiki/File:Apache_HTTP_server_logo_(2016).svg
Title: Logo source

Search URL Search Domain Scan URL

URL: https://github.com/irssi/irssi/issues/550
Title: a segfault caused by a null pointer access

Search URL Search Domain Scan URL

URL: https://irssi.org/documentation/settings/#a_d
Title: color codes

Search URL Search Domain Scan URL

URL: https://gitlab.com/hanno/irssi-fuzzing/blob/master/fuzz-print.pl
Title: simple perl script

Search URL Search Domain Scan URL

URL: https://gitlab.com/hanno/irssi-fuzzing/blob/master/irssi-example-colorcodes.txt
Title: examples of Irssi color codes

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
Title: CVE-2017-5196

Search URL Search Domain Scan URL

URL: https://gitlab.com/hanno/irssi-fuzzing/blob/master/fuzz-command.pl
Title: similar script that executes input as a command

Search URL Search Domain Scan URL

URL: https://irssi.org/security/irssi_sa_2017_01.txt
Title: security advisory for several security vulnerabilities

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/matrixssl-exptmod-bug-variant2.c
Title: code

Search URL Search Domain Scan URL

URL: http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/flawed-matrixssl-code-highlights-need-for-better-iot-update-practices/
Title: fixing several vulnerabilities reported by Craig Young from Tripwire

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8671
Title: CVE-2016-8671

Search URL Search Domain Scan URL

URL: https://bugzilla.gnome.org/show_bug.cgi?id=762493
Title: Upstream bug report

Search URL Search Domain Scan URL

URL: https://bugzilla.gnome.org/show_bug.cgi?id=766211
Title: here

Search URL Search Domain Scan URL

URL: https://git.gnome.org/browse/glib/commit/?id=bcbd8d7
Title: Commit / fix

Search URL Search Domain Scan URL

URL: https://bugzilla.gnome.org/show_bug.cgi?id=762417
Title: Upstream bug report

Search URL Search Domain Scan URL

URL: https://git.gnome.org/browse/glib/commit/glib/gvariant-parser.c?id=aead1c046dd39748cca449b55ec300ba5f025365
Title: Commit / fix

Search URL Search Domain Scan URL

URL: https://bugzilla.gnome.org/show_bug.cgi?id=768441
Title: Upstream bug report

Search URL Search Domain Scan URL

URL: https://git.gnome.org/browse/gnome-session/commit/?h=gnome-3-20&id=634ab70d9f03b1650be4b8259091ca3036f0fbf9
Title: Commit / fix

Search URL Search Domain Scan URL

URL: http://rpm.org/
Title: http://rpm.org/

Search URL Search Domain Scan URL

URL: http://rpm.org/wiki/ReportingBugs
Title: http://rpm.org/wiki/ReportingBugs

Search URL Search Domain Scan URL

URL: https://github.com/rpm-software-management/rpm
Title: https://github.com/rpm-software-management/rpm

Search URL Search Domain Scan URL

URL: http://pkgs.fedoraproject.org/cgit/rpms/rpm.git/diff/rpm-4.13.0-rpmtd-out-of-bounds.patch?h=f22&id=165614f3dd42caa188f78b55e7723dad2900b2f4
Title: http://pkgs.fedoraproject.org/cgit/rpms/rpm.git/diff/rpm-4.13.0-rpmtd-out-of-bounds.patch?h=f22&id=165614f3dd42caa188f78b55e7723dad2900b2f4

Search URL Search Domain Scan URL

URL: https://github.com/libarchive/libarchive/issues/743
Title: https://github.com/libarchive/libarchive/issues/743

Search URL Search Domain Scan URL

URL: https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Title: https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/rpm-stackoverflow-glob.rpm
Title: https://crashes.fuzzing-project.org/rpm-stackoverflow-glob.rpm

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/rpm-heap-oob-read-headerVerifyInfo.rpm
Title: https://crashes.fuzzing-project.org/rpm-heap-oob-read-headerVerifyInfo.rpm

Search URL Search Domain Scan URL

URL: https://github.com/rpm-software-management/rpm/commit/8e847d52c811e9a57239e18672d40f781e0ec48e
Title: https://github.com/rpm-software-management/rpm/commit/8e847d52c811e9a57239e18672d40f781e0ec48e

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/rpm-nullptr-rpmtdFormat.rpm
Title: https://crashes.fuzzing-project.org/rpm-nullptr-rpmtdFormat.rpm

Search URL Search Domain Scan URL

URL: https://github.com/rpm-software-management/rpm/commit/cddf43a56f19711866371f02f378dc4095b0fadd
Title: https://github.com/rpm-software-management/rpm/commit/cddf43a56f19711866371f02f378dc4095b0fadd

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/rpm-heap-oob-read-rpmtdGetNumber.rpm
Title: https://crashes.fuzzing-project.org/rpm-heap-oob-read-rpmtdGetNumber.rpm

Search URL Search Domain Scan URL

URL: https://github.com/rpm-software-management/rpm/commit/b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab
Title: https://github.com/rpm-software-management/rpm/commit/b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab

Search URL Search Domain Scan URL

URL: https://crashes.fuzzing-project.org/rpm-segfault-headerVerifyInfo.rpm
Title: https://crashes.fuzzing-project.org/rpm-segfault-headerVerifyInfo.rpm

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/openssl-vs-matrixssl-modexp.c
Title: a wrapper, similar to previous experiments, comparing its result to OpenSSL

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/matrixssl-base-equals-modulus.c
Title: code

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/matrixssl-base-zero.c
Title: code

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6885
Title: CVE-2016-6885

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/openssl-break-rsa-values.diff
Title: patch against openssl that allows to test this

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6886
Title: CVE-2016-6886

Search URL Search Domain Scan URL

URL: http://www.matrixssl.org/blog/releases/matrixssl_3_8_4
Title: have been fixed in 3.8.4

Search URL Search Domain Scan URL

URL: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
Title: somewhat similar issue in Nettle

Search URL Search Domain Scan URL

URL: https://github.com/hannob/bignum-fuzz/blob/master/matrixssl-exptmod-bug.c
Title: code

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6887
Title: CVE-2016-6887

Search URL Search Domain Scan URL

URL: https://access.redhat.com/blogs/766093/posts/1976703
Title: Florian Weimer observed that various devices had this error

Search URL Search Domain Scan URL

URL: http://www.openwall.com/lists/oss-security/2016/06/27/1
Title: oss-security mailing list that he also observed this in devices using MatrixSSL

Search URL Search Domain Scan URL

URL: https://github.com/perl5-dbi/DBD-mysql/pull/45
Title: Pull request / patch

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8949
Title: CVE-2015-8949

Search URL Search Domain Scan URL

URL: https://fuzzing-project.org/software/
Title: software list

Search URL Search Domain Scan URL

URL: http://s9y.org/
Title: Serendipity

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://ssl-vg03.met.vgwort.de/na/cebfb3b02359461ab9ecf10beb28e327 HTTP 302
https://ssl-vg03.met.vgwort.de/blank.gif

Request Chain 9

https://ssl-vg03.met.vgwort.de/na/18d199e9596c4bdb82d4b86de95bc498 HTTP 302
https://ssl-vg03.met.vgwort.de/blank.gif

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request apache-2.2-optionsbleed-backport.patch' Show response
blog.fuzzing-project.org/uploads/ 109 KB
110 KB 59ms
44ms Document
text/html 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

6b21d69796a99e1d6507cf150b504e9eee883b009d9cec36ad373475da150654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: blog.fuzzing-project.org
:scheme: https
:path: /uploads/apache-2.2-optionsbleed-backport.patch'
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
server: Apache
x-session-reinit: true
cache-control: private, pre-check=0, post-check=0, max-age=0
expires: 0
pragma: no-cache
set-cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u; path=/; secure
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
vary: User-Agent
content-type: text/html; charset=UTF-8

GET
H2 200 serendipity.css
blog.fuzzing-project.org/ 31 KB
7 KB 24ms
22ms Stylesheet
text/css 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/serendipity.css?v=

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

f725d0d48b8e15722e22400e629e9f1217a13c44ea39158d5b277c2e429b56f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /serendipity.css?v=
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
date: Sat, 22 May 2021 21:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: Apache
etag: "0c6effa7bee5904a974d70cc96d4141b-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css; charset=UTF-8
cache-control
strict-transport-security: max-age=31536000
vary: Accept-Encoding,User-Agent
content-length: 6903
expires: Sat, 22 May 2021 22:48:04 GMT

GET
H2 200 modernizr-2.7.1.min.js Show response
blog.fuzzing-project.org/templates/2k11/js/ 7 KB
3 KB 4ms
3ms Script
application/x-javascript 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/templates/2k11/js/modernizr-2.7.1.min.js

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

f834b461840f0ae383d8b18c06c7963f2185925ed1045a0f50dad6b7f79eb173

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /templates/2k11/js/modernizr-2.7.1.min.js
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 05:56:16 GMT
server: Apache
etag: "1ce8-5a47bb916e9d0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-length: 3342

GET
H2 200 jquery.js Show response
blog.fuzzing-project.org/templates/ 95 KB
33 KB 9ms
9ms Script
application/x-javascript 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/templates/jquery.js

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /templates/jquery.js
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 05:56:16 GMT
server: Apache
etag: "17b8b-5a47bb91451c4-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-length: 33696

GET
H2 200 serendipity.js Show response
blog.fuzzing-project.org/ 259 B
316 B 32ms
32ms Script
application/javascript 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/serendipity.js?v=

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

e79dd5de72be5a8dc0277bb5a6c81678dcbe46ba6af13eb4682c9968f8b88ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /serendipity.js?v=
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
server: Apache
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=UTF-8
cache-control
strict-transport-security: max-age=31536000
vary: User-Agent
expires: Sat, 22 May 2021 22:48:04 GMT

GET
H2 200 ram.jpg
blog.fuzzing-project.org/uploads/ 49 KB
49 KB 5ms
3ms Image
image/jpeg 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/uploads/ram.jpg

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

b50a97d9ba4af80b370af4bad09f32939d7052abc111d885442de716175ab336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /uploads/ram.jpg
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Tue, 29 Jan 2019 16:32:47 GMT
server: Apache
etag: "c3cc-5809b57f61260"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 50124

GET
H2 200 optionsbleed.serendipityThumb.png
blog.fuzzing-project.org/uploads/ 48 KB
48 KB 9ms
7ms Image
image/png 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/uploads/optionsbleed.serendipityThumb.png

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

5301114b6d3a693571b78f0d6f21fb33413c284527e876e16dd4b76d87a8e401

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /uploads/optionsbleed.serendipityThumb.png
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 18 Sep 2017 11:26:39 GMT
server: Apache
etag: "bfab-5597504240b30"
x-frame-options: SAMEORIGIN
content-type: image/png
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 49067

GET
H/1.1

200
OK

blank.gif
ssl-vg03.met.vgwort.de/
Redirect Chain

https://ssl-vg03.met.vgwort.de/na/cebfb3b02359461ab9ecf10beb28e327
https://ssl-vg03.met.vgwort.de/blank.gif

43 B
332 B

31ms
31ms

Image
image/gif

161.156.66.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssl-vg03.met.vgwort.de/blank.gif
Requested by: Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 161.156.66.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: b8.42.9ca1.ip4.static.sl-reverse.com
Software: s2.52.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://blog.fuzzing-project.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 22 May 2021 21:48:04 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: s2.52.0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Sat, 22 May 2021 21:48:04 GMT
Last-Modified: Sat, 22 May 2021 21:48:04 GMT
Server: s2.52.0
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html
Location: /blank.gif
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Tue, 22 Aug 2000 15:05:01 GMT

GET
H2 200 moebius-endless-loop.jpg
blog.fuzzing-project.org/uploads/ 16 KB
17 KB 4ms
1ms Image
image/jpeg 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/uploads/moebius-endless-loop.jpg

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

779ba0654c8f53f95cdf75809e22efd67fd81385959e8f9a813dac5ce0b42b39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /uploads/moebius-endless-loop.jpg
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 03 Sep 2017 16:04:30 GMT
server: Apache
etag: "41c2-5584b26303bc0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 16834

GET
H2 200 apache-httpd-logo.png
blog.fuzzing-project.org/uploads/ 10 KB
10 KB 9ms
7ms Image
image/png 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/uploads/apache-httpd-logo.png

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

b1f104239b1b3132f85ab84b3c69de08e99e214ef0347bf897265d5530b51bf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /uploads/apache-httpd-logo.png
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2017 12:15:05 GMT
server: Apache
etag: "290e-545bc6f35fa90"
x-frame-options: SAMEORIGIN
content-type: image/png
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 10510

GET
H/1.1

200
OK

blank.gif
ssl-vg03.met.vgwort.de/
Redirect Chain

https://ssl-vg03.met.vgwort.de/na/18d199e9596c4bdb82d4b86de95bc498
https://ssl-vg03.met.vgwort.de/blank.gif

43 B
332 B

30ms
30ms

Image
image/gif

161.156.66.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssl-vg03.met.vgwort.de/blank.gif
Requested by: Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 161.156.66.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS: b8.42.9ca1.ip4.static.sl-reverse.com
Software: s2.52.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://blog.fuzzing-project.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 22 May 2021 21:48:04 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: s2.52.0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Sat, 22 May 2021 21:48:04 GMT
Last-Modified: Sat, 22 May 2021 21:48:04 GMT
Server: s2.52.0
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Content-Type: text/html
Location: /blank.gif
Cache-Control: max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection: keep-alive
Expires: Tue, 22 Aug 2000 15:05:01 GMT

GET
H2 200 xml.gif
blog.fuzzing-project.org/templates/2k11/img/ 652 B
712 B 3ms
2ms Image
image/gif 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/templates/2k11/img/xml.gif

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

42d62d64c1fb9729713dd36039bc5efeacb8f3e599b7f44202bf66c3c0f92252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /templates/2k11/img/xml.gif
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 05:56:16 GMT
server: Apache
etag: "28c-5a47bb91674a1"
x-frame-options: SAMEORIGIN
content-type: image/gif
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 652

GET
H2 200 subtome.png
blog.fuzzing-project.org/templates/2k11/img/ 2 KB
2 KB 7ms
6ms Image
image/png 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.fuzzing-project.org/templates/2k11/img/subtome.png

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

ab449915b6079d95ab07a53d34bad4d6dd3a74fa8a179fd7a4dc30cc35e8a8e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /templates/2k11/img/subtome.png
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 05:56:16 GMT
server: Apache
etag: "90f-5a47bb91674a1"
x-frame-options: SAMEORIGIN
content-type: image/png
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: User-Agent
content-length: 2319

GET
H2 200 2k11.min.js Show response
blog.fuzzing-project.org/templates/2k11/js/ 14 KB
6 KB 7ms
7ms Script
application/x-javascript 2a01:4f8:121:1ffe:1:1008:0:104c
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.fuzzing-project.org/templates/2k11/js/2k11.min.js

Requested by

Host: blog.fuzzing-project.org
URL: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a01:4f8:121:1ffe:1:1008:0:104c Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Apache /

Resource Hash

fe8871de554fdbff99dbacd642bb6c7f5b6cd3ae577c1828e0be0aa6a3988336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:path: /templates/2k11/js/2k11.min.js
pragma: no-cache
cookie: s9y_3206894fe440a1f3420285122de04069=09lbsdbjm5oko79a3k1uj3ea1u
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: blog.fuzzing-project.org
referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 22 May 2021 21:48:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 05:56:16 GMT
server: Apache
etag: "39df-5a47bb916e9d0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
strict-transport-security: max-age=31536000
accept-ranges: bytes
vary: Accept-Encoding,User-Agent
content-length: 6260

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			blog.fuzzing-project.org/	1969-12-31 23:59:59	Name: s9y_3206894fe440a1f3420285122de04069 Value: 09lbsdbjm5oko79a3k1uj3ea1u

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blog.fuzzing-project.org
ssl-vg03.met.vgwort.de
161.156.66.184
2a01:4f8:121:1ffe:1:1008:0:104c
42d62d64c1fb9729713dd36039bc5efeacb8f3e599b7f44202bf66c3c0f92252
5301114b6d3a693571b78f0d6f21fb33413c284527e876e16dd4b76d87a8e401
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6b21d69796a99e1d6507cf150b504e9eee883b009d9cec36ad373475da150654
779ba0654c8f53f95cdf75809e22efd67fd81385959e8f9a813dac5ce0b42b39
ab449915b6079d95ab07a53d34bad4d6dd3a74fa8a179fd7a4dc30cc35e8a8e6
b1f104239b1b3132f85ab84b3c69de08e99e214ef0347bf897265d5530b51bf4
b50a97d9ba4af80b370af4bad09f32939d7052abc111d885442de716175ab336
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e79dd5de72be5a8dc0277bb5a6c81678dcbe46ba6af13eb4682c9968f8b88ee0
f725d0d48b8e15722e22400e629e9f1217a13c44ea39158d5b277c2e429b56f3
f834b461840f0ae383d8b18c06c7963f2185925ed1045a0f50dad6b7f79eb173
fe8871de554fdbff99dbacd642bb6c7f5b6cd3ae577c1828e0be0aa6a3988336

blog.fuzzing-project.org Open in urlscan Pro 2a01:4f8:121:1ffe:1:1008:0:104c Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

288 kBTransfer

383 kBSize

1 Cookies

124 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

blog.fuzzing-project.org Open in urlscan Pro
2a01:4f8:121:1ffe:1:1008:0:104c Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

288 kB
Transfer

383 kB
Size

1
Cookies

14 HTTP transactions
0 data transactions