urlscan.io logo urlscan.io
SecurityTrails logo

archlinux.org Open in urlscan Pro
2a01:4f9:c010:6b1f::1  Public Scan

Go To Rescan Add Verdict Report
URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/
Submission: On May 11 via api from BY — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 2a01:4f9:c010:6b1f::1, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is archlinux.org. The Cisco Umbrella rank of the primary domain is 50486.
TLS certificate: Issued by R3 on April 13th 2024. Valid for: 3 months.
This is the only time archlinux.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 6 2a01:4f9:c010... 24940 (HETZNER-AS)
5 1
Apex Domain
Subdomains		 Transfer
6 archlinux.org
archlinux.org — Cisco Umbrella Rank: 50486
20 KB
5 1
Domain Requested by
6 archlinux.org 1 redirects archlinux.org
5 1
Subject Issuer Validity Valid
archlinux.org
R3		 2024-04-13 -
2024-07-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://archlinux.org/news/the-xz-package-has-been-backdoored/
Frame ID: 327A703A6D452BD579F81973EC5A35F9
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Arch Linux - News: The xz package has been backdoored

Page URL History Show full URLs

  1. https://archlinux.org/news/the-xz-package-has-been-backdoored HTTP 301
    https://archlinux.org/news/the-xz-package-has-been-backdoored/ Page URL

Page Statistics

5
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

20 kB
Transfer

41 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://archlinux.org/news/the-xz-package-has-been-backdoored HTTP 301
    https://archlinux.org/news/the-xz-package-has-been-backdoored/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
archlinux.org/news/the-xz-package-has-been-backdoored/
Redirect Chain
  • https://archlinux.org/news/the-xz-package-has-been-backdoored
  • https://archlinux.org/news/the-xz-package-has-been-backdoored/
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://archlinux.org/news/the-xz-package-has-been-backdoored/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:4f9:c010:6b1f::1 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
7a80b5c2f5ce520b76324929e21b9938651f9034bc7bfcf376c2631237435c62
Security Headers
Name Value
Content-Security-Policy img-src 'self' data:; default-src 'self'; base-uri 'none'; script-src 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
content-security-policy
img-src 'self' data:; default-src 'self'; base-uri 'none'; script-src 'self'; form-action 'self'; frame-ancestors 'none'
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Sat, 11 May 2024 01:01:58 GMT
etag
W/"64ff19ea63960840ff8bbf7e6316fcd7"
referrer-policy
strict-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains; preload
vary
Cookie
x-cache-status
MISS
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

content-type
text/html; charset=utf-8
date
Sat, 11 May 2024 01:01:58 GMT
location
/news/the-xz-package-has-been-backdoored/
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-cache-status
MISS
archweb.8e65ccdc8e45.css
archlinux.org/static/ 		13 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://archlinux.org/static/archweb.8e65ccdc8e45.css
Requested by
Host: archlinux.org
URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:4f9:c010:6b1f::1 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
5614b770c88673b7b51d5a50152d8bf94d55c71c36d173466ab0fc759f25c1e3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://archlinux.org/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
public
date
Sat, 11 May 2024 01:01:58 GMT
content-encoding
br
last-modified
Thu, 02 May 2024 16:50:20 GMT
server
nginx
etag
W/"6633c44c-3459"
content-type
text/css
cache-control
max-age=2592000, public
expires
Mon, 10 Jun 2024 01:01:58 GMT
archlogo.a2d0ef2df27d.png
archlinux.org/static/archnavbar/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://archlinux.org/static/archnavbar/archlogo.a2d0ef2df27d.png
Requested by
Host: archlinux.org
URL: https://archlinux.org/static/archweb.8e65ccdc8e45.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:4f9:c010:6b1f::1 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
f9780f7aa085a72c57b7acdda1f2826c904939366b0a259e45e5bc16dfb7a208

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://archlinux.org/static/archweb.8e65ccdc8e45.css
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
public
date
Sat, 11 May 2024 01:01:58 GMT
last-modified
Wed, 09 Dec 2020 14:52:46 GMT
server
nginx
etag
"5fd0e4be-14ef"
content-type
image/png
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
5359
expires
Mon, 10 Jun 2024 01:01:58 GMT
favicon.51c13517c44c.png
archlinux.org/static/ 		8 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://archlinux.org/static/favicon.51c13517c44c.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:4f9:c010:6b1f::1 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
97faeae182ba66de0eb0e22826ee833ca7970322c7821b8d0f3f819147151dc1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://archlinux.org/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
public
date
Sat, 11 May 2024 01:01:58 GMT
last-modified
Sun, 28 Apr 2024 10:07:49 GMT
server
nginx
etag
"662e1ff5-1ef4"
content-type
image/png
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
7924
expires
Mon, 10 Jun 2024 01:01:58 GMT
favicon.51c13517c44c.png
archlinux.org/static/ 		8 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://archlinux.org/static/favicon.51c13517c44c.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a01:4f9:c010:6b1f::1 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
97faeae182ba66de0eb0e22826ee833ca7970322c7821b8d0f3f819147151dc1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://archlinux.org/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
public
date
Sat, 11 May 2024 01:01:58 GMT
last-modified
Sun, 28 Apr 2024 10:07:49 GMT
server
nginx
etag
"662e1ff5-1ef4"
content-type
image/png
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
7924
expires
Mon, 10 Jun 2024 01:01:58 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src 'self' data:; default-src 'self'; base-uri 'none'; script-src 'self'; form-action 'self'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY