blog.fuzzing-project.org
Open in
urlscan Pro
2a01:4f8:121:1ffe:1:1008:0:104c
Public Scan
Submission: On May 22 via api from US
Summary
TLS certificate: Issued by R3 on March 9th 2021. Valid for: 3 months.
This is the only time blog.fuzzing-project.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2a01:4f8:121:... 2a01:4f8:121:1ffe:1:1008:0:104c | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 4 | 161.156.66.184 161.156.66.184 | 36351 (SOFTLAYER) (SOFTLAYER) | |
14 | 2 |
ASN24940 (HETZNER-AS, DE)
blog.fuzzing-project.org |
ASN36351 (SOFTLAYER, US)
PTR: b8.42.9ca1.ip4.static.sl-reverse.com
ssl-vg03.met.vgwort.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
fuzzing-project.org
blog.fuzzing-project.org |
287 KB |
4 |
vgwort.de
2 redirects
ssl-vg03.met.vgwort.de |
2 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
12 | blog.fuzzing-project.org |
blog.fuzzing-project.org
|
4 | ssl-vg03.met.vgwort.de |
2 redirects
blog.fuzzing-project.org
|
14 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
blog.fuzzing-project.org R3 |
2021-03-09 - 2021-06-07 |
3 months | crt.sh |
*.met.vgwort.de Thawte RSA CA 2018 |
2020-03-13 - 2022-04-01 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch'
Frame ID: C2387B06785EC07935CFBFA2416A8DE0
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
Serendipity (CMS) ExpandDetected patterns
- meta generator /Serendipity(?: v\.([\d.]+))?/i
PHP (Programming Languages) Expand
Detected patterns
- meta generator /Serendipity(?: v\.([\d.]+))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
124 Outgoing links
These are links going to different origins than the main page.
Title: Back to main page
Search URL Search Domain Scan URL
Title: Software list
Search URL Search Domain Scan URL
Title: memory safety bugs in the Apache web server together with Craig Young
Search URL Search Domain Scan URL
Title: pool allocator
Search URL Search Domain Scan URL
Title: find old documentation about "Debugging Memory Allocation in APR"
Search URL Search Domain Scan URL
Title: a collection of information about such custom allocators and how to disable them
Search URL Search Domain Scan URL
Title: are non-issues
Search URL Search Domain Scan URL
Title: Dreamstime, CC0
Search URL Search Domain Scan URL
Title: bash proof of concept
Search URL Search Domain Scan URL
Title: this commit
Search URL Search Domain Scan URL
Title: FLIMP!
Search URL Search Domain Scan URL
Title: "Support for Various HTTP Methods on the Web"
Search URL Search Domain Scan URL
Title: XKCD
Search URL Search Domain Scan URL
Title: Limit
Search URL Search Domain Scan URL
Title: CVE-2017-9798
Search URL Search Domain Scan URL
Title: #61207
Search URL Search Domain Scan URL
Title: a harmless bug that produces a malformed Allow header
Search URL Search Domain Scan URL
Title: python proof of concept script
Search URL Search Domain Scan URL
Title: be found here
Search URL Search Domain Scan URL
Title: Analysis by Apache developer William A. Rowe Jr.
Search URL Search Domain Scan URL
Title: Commit (2.2.34 / 2.4.27-r1 fixed)
Search URL Search Domain Scan URL
Title: Bug
Search URL Search Domain Scan URL
Title: Commit
Search URL Search Domain Scan URL
Title: Commit
Search URL Search Domain Scan URL
Title: Commit (2.4.27-2 fixed)
Search URL Search Domain Scan URL
Title: Advisory
Search URL Search Domain Scan URL
Title: Commit
Search URL Search Domain Scan URL
Title: Security Tracker
Search URL Search Domain Scan URL
Title: Advisory (2.4.10-10+deb8u11, 2.4.25-3+deb9u3)
Search URL Search Domain Scan URL
Title: Advisory (2.4.25-3ubuntu2.3, 2.4.18-2ubuntu3.5, 2.4.7-1ubuntu4.18)
Search URL Search Domain Scan URL
Title: Apache-Webserver blutet (Golem.de)
Search URL Search Domain Scan URL
Title: Apache Webserver: "Optionsbleed"-Bug legt Speicherinhalte offen (heise online)
Search URL Search Domain Scan URL
Title: Risks Limited With Latest Apache Bug, Optionsbleed (Threatpost)
Search URL Search Domain Scan URL
Title: Apache “Optionsbleed” vulnerability – what you need to know (Naked Security)
Search URL Search Domain Scan URL
Title: Apache bug leaks contents of server memory for all to see—Patch now (Ars Technica)
Search URL Search Domain Scan URL
Title: 2011 at the Chaos Communication Camp Andreas Bogk gave a talk about creating a formally verified PDF parser with Ocaml and Coq
Search URL Search Domain Scan URL
Title: same bug
Search URL Search Domain Scan URL
Title: be found here
Search URL Search Domain Scan URL
Title: Affected
Search URL Search Domain Scan URL
Title: Affected
Search URL Search Domain Scan URL
Title: Affected
Search URL Search Domain Scan URL
Title: Also affected
Search URL Search Domain Scan URL
Title: extensive collection of files
Search URL Search Domain Scan URL
Title: [1]
Search URL Search Domain Scan URL
Title: [2]
Search URL Search Domain Scan URL
Title: [3]
Search URL Search Domain Scan URL
Title: test repository
Search URL Search Domain Scan URL
Title: Image Source
Search URL Search Domain Scan URL
Title: oss-security
Search URL Search Domain Scan URL
Title: discussion can be read here
Search URL Search Domain Scan URL
Title: malformed tiff file
Search URL Search Domain Scan URL
Title: malformed jpeg2000 file
Search URL Search Domain Scan URL
Title: malformed webp file
Search URL Search Domain Scan URL
Title: CFGuard
Search URL Search Domain Scan URL
Title: RAP
Search URL Search Domain Scan URL
Title: official LLVM documentation
Search URL Search Domain Scan URL
Title: talk by Kostya Serebryany that briefly mentions CFI in the second half
Search URL Search Domain Scan URL
Title: two
Search URL Search Domain Scan URL
Title: blog
Search URL Search Domain Scan URL
Title: Chrome is using a subset of the CFI functionality and there's a list of bugs found with it
Search URL Search Domain Scan URL
Title: I proposed
Search URL Search Domain Scan URL
Title: already applied to curl's git repository
Search URL Search Domain Scan URL
Title: has been applied as well
Search URL Search Domain Scan URL
Title: Chrome's release notes
Search URL Search Domain Scan URL
Title: configured via the .htaccess file
Search URL Search Domain Scan URL
Title: a patch against apr-util
Search URL Search Domain Scan URL
Title: no comparable feature
Search URL Search Domain Scan URL
Title: submitted a patch to Glibc that limits the execution time to a sane value
Search URL Search Domain Scan URL
Title: code comment by Rich Felker
Search URL Search Domain Scan URL
Title: Regular expression Denial of Service - ReDoS
Search URL Search Domain Scan URL
Title: this 29C3 talk
Search URL Search Domain Scan URL
Title: restricted the password length to 1024 characters
Search URL Search Domain Scan URL
Title: patched it
Search URL Search Domain Scan URL
Title: other security problems in multi-user settings that are very hard to avoid
Search URL Search Domain Scan URL
Title: mpm-itk
Search URL Search Domain Scan URL
Title: proof of concept examples here
Search URL Search Domain Scan URL
Title: Logo source
Search URL Search Domain Scan URL
Title: a segfault caused by a null pointer access
Search URL Search Domain Scan URL
Title: color codes
Search URL Search Domain Scan URL
Title: simple perl script
Search URL Search Domain Scan URL
Title: examples of Irssi color codes
Search URL Search Domain Scan URL
Title: CVE-2017-5196
Search URL Search Domain Scan URL
Title: similar script that executes input as a command
Search URL Search Domain Scan URL
Title: security advisory for several security vulnerabilities
Search URL Search Domain Scan URL
Title: code
Search URL Search Domain Scan URL
Title: fixing several vulnerabilities reported by Craig Young from Tripwire
Search URL Search Domain Scan URL
Title: CVE-2016-8671
Search URL Search Domain Scan URL
Title: Upstream bug report
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Commit / fix
Search URL Search Domain Scan URL
Title: Upstream bug report
Search URL Search Domain Scan URL
Title: Commit / fix
Search URL Search Domain Scan URL
Title: Upstream bug report
Search URL Search Domain Scan URL
Title: Commit / fix
Search URL Search Domain Scan URL
Title: http://rpm.org/
Search URL Search Domain Scan URL
Title: http://rpm.org/wiki/ReportingBugs
Search URL Search Domain Scan URL
Title: https://github.com/rpm-software-management/rpm
Search URL Search Domain Scan URL
Title: http://pkgs.fedoraproject.org/cgit/rpms/rpm.git/diff/rpm-4.13.0-rpmtd-out-of-bounds.patch?h=f22&id=165614f3dd42caa188f78b55e7723dad2900b2f4
Search URL Search Domain Scan URL
Title: https://github.com/libarchive/libarchive/issues/743
Search URL Search Domain Scan URL
Title: https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Search URL Search Domain Scan URL
Title: https://crashes.fuzzing-project.org/rpm-stackoverflow-glob.rpm
Search URL Search Domain Scan URL
Title: https://crashes.fuzzing-project.org/rpm-heap-oob-read-headerVerifyInfo.rpm
Search URL Search Domain Scan URL
Title: https://github.com/rpm-software-management/rpm/commit/8e847d52c811e9a57239e18672d40f781e0ec48e
Search URL Search Domain Scan URL
Title: https://crashes.fuzzing-project.org/rpm-nullptr-rpmtdFormat.rpm
Search URL Search Domain Scan URL
Title: https://github.com/rpm-software-management/rpm/commit/cddf43a56f19711866371f02f378dc4095b0fadd
Search URL Search Domain Scan URL
Title: https://crashes.fuzzing-project.org/rpm-heap-oob-read-rpmtdGetNumber.rpm
Search URL Search Domain Scan URL
Title: https://github.com/rpm-software-management/rpm/commit/b722cf86200505b3e3fcbb2095c4ff61f1f5a2ab
Search URL Search Domain Scan URL
Title: https://crashes.fuzzing-project.org/rpm-segfault-headerVerifyInfo.rpm
Search URL Search Domain Scan URL
Title: a wrapper, similar to previous experiments, comparing its result to OpenSSL
Search URL Search Domain Scan URL
Title: code
Search URL Search Domain Scan URL
Title: code
Search URL Search Domain Scan URL
Title: CVE-2016-6885
Search URL Search Domain Scan URL
Title: patch against openssl that allows to test this
Search URL Search Domain Scan URL
Title: CVE-2016-6886
Search URL Search Domain Scan URL
Title: have been fixed in 3.8.4
Search URL Search Domain Scan URL
Title: somewhat similar issue in Nettle
Search URL Search Domain Scan URL
Title: code
Search URL Search Domain Scan URL
Title: CVE-2016-6887
Search URL Search Domain Scan URL
Title: Florian Weimer observed that various devices had this error
Search URL Search Domain Scan URL
Title: oss-security mailing list that he also observed this in devices using MatrixSSL
Search URL Search Domain Scan URL
Title: Pull request / patch
Search URL Search Domain Scan URL
Title: CVE-2015-8949
Search URL Search Domain Scan URL
Title: software list
Search URL Search Domain Scan URL
Title: Serendipity
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://ssl-vg03.met.vgwort.de/na/cebfb3b02359461ab9ecf10beb28e327 HTTP 302
- https://ssl-vg03.met.vgwort.de/blank.gif
- https://ssl-vg03.met.vgwort.de/na/18d199e9596c4bdb82d4b86de95bc498 HTTP 302
- https://ssl-vg03.met.vgwort.de/blank.gif
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
apache-2.2-optionsbleed-backport.patch'
blog.fuzzing-project.org/uploads/ |
109 KB 110 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serendipity.css
blog.fuzzing-project.org/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.7.1.min.js
blog.fuzzing-project.org/templates/2k11/js/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
blog.fuzzing-project.org/templates/ |
95 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serendipity.js
blog.fuzzing-project.org/ |
259 B 316 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ram.jpg
blog.fuzzing-project.org/uploads/ |
49 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optionsbleed.serendipityThumb.png
blog.fuzzing-project.org/uploads/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.gif
ssl-vg03.met.vgwort.de/ Redirect Chain
|
43 B 332 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moebius-endless-loop.jpg
blog.fuzzing-project.org/uploads/ |
16 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apache-httpd-logo.png
blog.fuzzing-project.org/uploads/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blank.gif
ssl-vg03.met.vgwort.de/ Redirect Chain
|
43 B 332 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xml.gif
blog.fuzzing-project.org/templates/2k11/img/ |
652 B 712 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
subtome.png
blog.fuzzing-project.org/templates/2k11/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2k11.min.js
blog.fuzzing-project.org/templates/2k11/js/ |
14 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| Modernizr object| html5 undefined| $ function| jQuery function| AccessifyHTML5 object| respond1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
blog.fuzzing-project.org/ | Name: s9y_3206894fe440a1f3420285122de04069 Value: 09lbsdbjm5oko79a3k1uj3ea1u |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blog.fuzzing-project.org
ssl-vg03.met.vgwort.de
161.156.66.184
2a01:4f8:121:1ffe:1:1008:0:104c
42d62d64c1fb9729713dd36039bc5efeacb8f3e599b7f44202bf66c3c0f92252
5301114b6d3a693571b78f0d6f21fb33413c284527e876e16dd4b76d87a8e401
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6b21d69796a99e1d6507cf150b504e9eee883b009d9cec36ad373475da150654
779ba0654c8f53f95cdf75809e22efd67fd81385959e8f9a813dac5ce0b42b39
ab449915b6079d95ab07a53d34bad4d6dd3a74fa8a179fd7a4dc30cc35e8a8e6
b1f104239b1b3132f85ab84b3c69de08e99e214ef0347bf897265d5530b51bf4
b50a97d9ba4af80b370af4bad09f32939d7052abc111d885442de716175ab336
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e79dd5de72be5a8dc0277bb5a6c81678dcbe46ba6af13eb4682c9968f8b88ee0
f725d0d48b8e15722e22400e629e9f1217a13c44ea39158d5b277c2e429b56f3
f834b461840f0ae383d8b18c06c7963f2185925ed1045a0f50dad6b7f79eb173
fe8871de554fdbff99dbacd642bb6c7f5b6cd3ae577c1828e0be0aa6a3988336