Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: favicon survey script

From: David Fifield <david () bamsoftware com>
Date: Tue, 18 Aug 2009 11:15:45 -0600
On Mon, Aug 17, 2009 at 11:57:42PM -0300, Joao Correa wrote:

ECAA88F7FA0BF610A5A26CF545DCD3AA:3 bytes invalid favicon: Domain Sellers Websites


This icon, whose contents are

0000000: efbb bf                                  ...

is a UTF-8 byte-order mark, that is, it is the character U+FEFF encoded
into UTF-8. I think Windows Notepad will create this file if you open a
new file and save it without entering any test. Likewise this one:


68B329DA9893E34099C7D8AD5CB9C940:1 byte invalid Favicon


contains a single newline.

0000000: 0a                                       .

You would get this if you created a new file in vi and saved it without
entering any text. My guess is that in both these cases someone was
trying to create an empty file using a text editor. Of the non-graphical
favicons, these are among the most common. Here are the top five
non-graphical icons with counts:

72702 D41D8CD98F00B204E9800998ECF8427E  empty file
6044  A8FE5B8AE2C445A33AC41B33CCC9A120  "Cannot file server" HTML
3334  ECAA88F7FA0BF610A5A26CF545DCD3AA  UTF-8 byte-order mark
342   68B329DA9893E34099C7D8AD5CB9C940  newline
290   AFB7E908C5308DAB8A70ACBCBF1000AA  "Unconfigured site" HTML

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: