jonbottarini.com | Security and Bug Hunting - Just another security blog

Robots.txt Information

Robot	Path	Permission
GoogleBot	/	✔
BingBot	/	✔
BaiduSpider	/	✔
YandexBot	/	✔
# START YOAST BLOCK # --------------------------- User-agent: * Disallow: Sitemap: https://jonbottarini.com/sitemap_index.xml # --------------------------- # END YOAST

Meta Tags

Title	Security and Bug Hunting - Just another security blog - by Jon
Description	Just another security blog - by Jon
Keywords	N/A

Server Information

WebSite	jonbottarini.com
Host IP	104.21.1.249
Location	United States

Related Websites

                        Site
                        Rank
                    

More to Explore

jonbottarini.com Valuation

US$1,667,976

Last updated: 2023-05-08 12:26:07

jonbottarini.com has Semrush global rank of 6,345,597. jonbottarini.com has an estimated worth of US$ 1,667,976, based on its estimated Ads revenue. jonbottarini.com receives approximately 192,459 unique visitors each day. Its web server is located in United States, with IP address 104.21.1.249. According to SiteAdvisor, jonbottarini.com is safe to visit.

Traffic & Worth Estimates

Purchase/Sale Value	US$1,667,976
Daily Ads Revenue	US$1,540
Monthly Ads Revenue	US$46,191
Yearly Ads Revenue	US$554,282
Daily Unique Visitors	12,831
Note: All traffic and earnings values are estimates.

DNS Records

Host	Type	TTL	Data
jonbottarini.com.	A	299	IP: 104.21.1.249
jonbottarini.com.	A	299	IP: 172.67.128.107
jonbottarini.com.	AAAA	299	IPV6: 2606:4700:3033::ac43:806b
jonbottarini.com.	AAAA	299	IPV6: 2606:4700:3034::6815:1f9
jonbottarini.com.	NS	86400	NS Record: elaine.ns.cloudflare.com.
jonbottarini.com.	NS	86400	NS Record: chad.ns.cloudflare.com.
jonbottarini.com.	MX	300	MX Record: 0 mail.jonbottarini.com.
jonbottarini.com.	TXT	300	TXT Record: v=spf1 a mx ptr include:bluehost.com ?all

HtmlToTextCheckTime:2023-05-08 12:26:07

Menu Close Security and Bug Hunting Just another security blog - by Jon Bottarini Cross Site Scripting (XSS) Authentication Bypass Insecure Direct Object Reference Other Bugs Cross Site Scripting (XSS) Authentication Bypass Insecure Direct Object Reference Other Bugs December 9, 2021 Don’t Reply: A Clever Phishing Method In Apple’s Mail App About four or five years ago, friend and fellow bug bounty hunter Sam Curry asked if I had “ ever thought about what was possible to load inside an <img> tag, besides an image “. What a peculiar question. I didn’t really understand what he was asking, and I assume Sam got bored of me guessing the wrong answers, so he sent a simple payload that looked like this: <img src=https://www.jonbottarini.com/pocs/restricted.php></img> At the surface, this appears to be a normal HTML <img> element, until you look a bit closer and realize that the src= parameter is not pointing to an image at all, but rather a webpage ending in .php. If

HTTP Headers

HTTP/1.1 301 Moved Permanently
Date: Sat, 30 Oct 2021 01:21:37 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 30 Oct 2021 02:21:37 GMT
Location: https://jonbottarini.com/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S2F7VH%2F5b%2BWV2aNZvxVHBNpDHtmwT%2FAWaLCdeepCObRrqijFypRMfP7BrBulweHq4jNCjrsxpiw6JWUAv%2FlAsGca5X9iVX9ZFWLOmTnmiEyfZ7eJr%2FmqeR%2B8RXft7EKWEJOD"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 6a60d3f088142bed-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

HTTP/2 200 
date: Sat, 30 Oct 2021 01:21:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
link: ; rel="https://api.w.org/"
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBrUMFO3zOV%2BecrHtw1OeCQMWZ9dH9XxBCu22D%2Fl1Rqv7dBlV43dymA%2FhsHqG6t0ziZp9%2FT4mgKR7pI4pmiNJpbZB9KQNzSu9s1z4tsQne6UFB4aZy4q6hWdcJ08yeJ%2BOjVn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6a60d3f10cf36368-ORD
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

jonbottarini.com Whois Information

Domain Name: JONBOTTARINI.COM
Registry Domain ID: 2042408541_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-06-12T06:45:47Z
Creation Date: 2016-07-12T19:17:04Z
Registry Expiry Date: 2022-07-12T19:17:04Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CHAD.NS.CLOUDFLARE.COM
Name Server: ELAINE.NS.CLOUDFLARE.COM
DNSSEC: unsigned
>>> Last update of whois database: 2021-09-17T12:50:14Z <<<

jonbottarini.com valuation and analysis