I've been trying to use the csaf_checker binary for another project and tried various domains out for testing, among them "test.com"
Visiting "test.com" will redirect you to "https://www.atom.com/name/Test", a site selling your this domain. Using CSAF Checker on the redirected URL will quickly produce an output, but using it on "test.com" will make it hang for a long time before producing the same output.
Here is the output for using CSAF Checker on "test.com" with --verbose flag on:
2025/11/20 10:17:12 [GET]: https://test.com/.well-known/csaf/provider-metadata.json
2025/11/20 10:17:13 [GET]: https://test.com/.well-known/security.txt
2025/11/20 10:17:13 [GET]: https://test.com/security.txt
2025/11/20 10:17:13 [GET]: https://csaf.data.security.test.com
2025/11/20 10:19:23 [GET]: https://test.com/.well-known/csaf/provider-metadata.json
2025/11/20 10:19:24 [GET]: https://test.com/.well-known/security.txt
2025/11/20 10:19:24 [GET]: https://test.com/security.txt
2025/11/20 10:19:24 [GET]: https://csaf.data.security.test.com
2025/11/20 10:21:34 No role found in meta data for domain "test.com"
{
"domains": [
// largely normal looking output
],
"version": "3.4.0",
"date": "2025-11-20T10:17:12.696932828Z"
}
Notice the 2 minute interval it takes to process "https://csaf.data.security.test.com" and the subsequent repeat of GET instructions
Is 'test' maybe reserved name in some form? Using another adress that also redirects you to a domain selling site does not cause the same issue (I also tested "majesty.com")
Edit: I don't know what https://csaf.data.security is or does, so this might be expected behaviour? I opened an issue because "test" might actually be a reserved name and cause issues and because the same output is repeated twice. Its also the only domain that took longer than a couple seconds on this "csaf.data.security" step.
I've been trying to use the csaf_checker binary for another project and tried various domains out for testing, among them "test.com"
Visiting "test.com" will redirect you to "https://www.atom.com/name/Test", a site selling your this domain. Using CSAF Checker on the redirected URL will quickly produce an output, but using it on "test.com" will make it hang for a long time before producing the same output.
Here is the output for using CSAF Checker on "test.com" with --verbose flag on:
2025/11/20 10:17:12 [GET]: https://test.com/.well-known/csaf/provider-metadata.json
2025/11/20 10:17:13 [GET]: https://test.com/.well-known/security.txt
2025/11/20 10:17:13 [GET]: https://test.com/security.txt
2025/11/20 10:17:13 [GET]: https://csaf.data.security.test.com
2025/11/20 10:19:23 [GET]: https://test.com/.well-known/csaf/provider-metadata.json
2025/11/20 10:19:24 [GET]: https://test.com/.well-known/security.txt
2025/11/20 10:19:24 [GET]: https://test.com/security.txt
2025/11/20 10:19:24 [GET]: https://csaf.data.security.test.com
2025/11/20 10:21:34 No role found in meta data for domain "test.com"
{
"domains": [
// largely normal looking output
],
"version": "3.4.0",
"date": "2025-11-20T10:17:12.696932828Z"
}
Notice the 2 minute interval it takes to process "https://csaf.data.security.test.com" and the subsequent repeat of GET instructions
Is 'test' maybe reserved name in some form? Using another adress that also redirects you to a domain selling site does not cause the same issue (I also tested "majesty.com")
Edit: I don't know what https://csaf.data.security is or does, so this might be expected behaviour? I opened an issue because "test" might actually be a reserved name and cause issues and because the same output is repeated twice. Its also the only domain that took longer than a couple seconds on this "csaf.data.security" step.