xss.is Open in urlscan Pro
37.187.25.182 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xss.is/
Effective URL:
https://xss.is/
Submission: On July 29 via manual (July 29th 2024, 7:27:42 pm UTC) from US — Scanned from IS

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 21 HTTP transactions. The main IP is 37.187.25.182, located in France and belongs to OVH, FR. The main domain is xss.is.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 17th 2024. Valid for: a year.

This is the only time xss.is was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
16	37.187.25.182 37.187.25.182	16276 (OVH) (OVH)
1	151.101.65.229 151.101.65.229	54113 (FASTLY) (FASTLY)
1	104.19.230.21 104.19.230.21	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.19.229.21 104.19.229.21	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	4

16 37.187.25.182 (France)

ASN16276 (OVH, FR)
PTR: ns314150.ip-37-187-25.eu

xss.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.230.21 (None, )

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.19.229.21 (None, )

ASN13335 (CLOUDFLARENET, US)

newassets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	xss.is xss.is	851 KB
4	hcaptcha.com hcaptcha.com — Cisco Umbrella Rank: 5917 newassets.hcaptcha.com — Cisco Umbrella Rank: 8953	112 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	2 KB
21	3

	Domain	Requested by
16	xss.is	xss.is
3	newassets.hcaptcha.com	hcaptcha.com
1	hcaptcha.com	xss.is
1	cdn.jsdelivr.net	xss.is
21	4

This site contains no links.

Subject Issuer	Validity	Valid
xss.is Sectigo RSA Domain Validation Secure Server CA	`2024-05-17` - `2025-05-20`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
hcaptcha.com WE1	`2024-07-10` - `2024-10-08`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://xss.is/
Frame ID: B61BF68D0F097092ABF13C2A716C1865
Requests: 19 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html
Frame ID: 842AA5BDCAB6FEDE66F381FD66101176
Requests: 1 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html
Frame ID: 057772D047D018D03ABF556143DCDDD4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Вход | XSS.is (ex DaMaGeLaB)

Page URL History Show full URLs

http://xss.is/ HTTP 307
https://xss.is/ Page URL

Detected technologies

XenForo (Message Boards) Expand

Overall confidence: 100%
Detected patterns

hCaptcha (Security) Expand

Overall confidence: 100%
Detected patterns

https://hcaptcha.com/([\d]+?)/api.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

21
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

964 kB
Transfer

1828 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xss.is/ HTTP 307
https://xss.is/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

403
Forbidden

Primary Request / Show response
xss.is/
Redirect Chain

http://xss.is/
https://xss.is/

25 KB
10 KB

551ms
325ms

Document
text/html

37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

c4368b116bd1bd6886e2ad318162792eac233126fe98b09b20657692b5eaf134

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9142
Content-Security-Policy: upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Date: Mon, 29 Jul 2024 19:27:36 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 29 Jul 2024 19:27:36 GMT
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/index.php
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN SAMEORIGIN
X-XSS-Protection: 1; mode=block

Redirect headers

Location: https://xss.is/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK fa-light-300.woff2
xss.is/styles/fonts/fa/ 180 KB
180 KB 418ms
416ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-light-300.woff2?_v=5.15.3

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
Origin: https://xss.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-light-300.woff2
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 184144
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-solid-900.woff2
xss.is/styles/fonts/fa/ 134 KB
134 KB 624ms
414ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
Origin: https://xss.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-solid-900.woff2
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136824
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-brands-400.woff2
xss.is/styles/fonts/fa/ 75 KB
76 KB 623ms
414ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
Origin: https://xss.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-brands-400.woff2
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76740
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK css.php
xss.is/ 391 KB
83 KB 636ms
438ms Stylesheet
text/css 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1721420476&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

f164331c6c9251b4533ba156fe6f1186f9ef2b8cef06a3afc1fa67fd71c4c6c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 84058
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 19 Jul 2024 20:21:16 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php
Access-Control-Expose-Headers: Origin
Cache-Control: public, max-age=31536000
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Expires: Tue, 29 Jul 2025 19:27:37 GMT

GET
H/1.1 200
OK css.php
xss.is/ 33 KB
8 KB 478ms
280ms Stylesheet
text/css 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1721420476&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

7ba4dc2f27d40ef39a66d999bbd7bb131747b70167ed091ba7e8aa5b22de99cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 7660
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 19 Jul 2024 20:21:16 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php
Access-Control-Expose-Headers: Origin
Cache-Control: public, max-age=31536000
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Expires: Tue, 29 Jul 2025 19:27:37 GMT

GET
H/1.1 200
OK preamble.min.js Show response
xss.is/js/xf/ 4 KB
2 KB 483ms
271ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/preamble.min.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

304e77733a818935ddeb447ed9d6d6d4f16e44b8cc262ee05c89324ee7afdc6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 1737
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 May 2023 21:57:51 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/preamble.min.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
xss.is/js/vendor/jquery/ 87 KB
31 KB 906ms
427ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/vendor/jquery/jquery-3.5.1.min.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 30910
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 04 Dec 2020 14:20:43 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/jquery/jquery-3.5.1.min.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK vendor-compiled.js Show response
xss.is/js/vendor/ 43 KB
13 KB 749ms
265ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/vendor/vendor-compiled.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 12823
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 16 Sep 2021 19:37:57 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/vendor-compiled.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK core-compiled.js Show response
xss.is/js/xf/ 211 KB
61 KB 965ms
333ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/core-compiled.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

03dfedc84a20980d603a024e33b6906e4cd2b1493e4594d7f5332a4bc0240ddc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/core-compiled.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK login_signup.min.js Show response
xss.is/js/xf/ 3 KB
2 KB 1005ms
272ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/login_signup.min.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

87c1485b49078a8cf6e2fe375ca6f1db87dd92619672fb6742a094d389ceaf5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 1363
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 19 May 2022 22:11:56 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/login_signup.min.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK captcha.min.js Show response
xss.is/js/xf/ 7 KB
2 KB 1012ms
273ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/captcha.min.js?_v=b263c9d6

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

d9390ab2f391d696580686c979bf2af47be6d60f8b743d5cb2b6c2260f06fbab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 1840
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/captcha.min.js
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Accept-Ranges: bytes

GET
H/1.1 200
OK triangles.png
xss.is/styles/ 77 KB
77 KB 316ms
316ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.is/styles/triangles.png

Requested by

Host: xss.is
URL: https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1721420476&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

9e47a6bef674d7258ca4576458433953510960993cac4affd1f90f83ac799b63

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1721420476&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:08 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/triangles.png
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 78620
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-regular-400.woff2
xss.is/styles/fonts/fa/ 165 KB
165 KB 418ms
418ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3

Requested by

Host: xss.is
URL: https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1721420476&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1721420476&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
Origin: https://xss.is
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:37 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Thu, 06 Jun 2024 14:41:48 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-regular-400.woff2
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 168768
X-XSS-Protection: 1; mode=block

GET
H2 200 1f1f7-1f1fa.png
cdn.jsdelivr.net/joypixels/assets/8.0/png/unicode/64/ 2 KB
2 KB 519ms
98ms Image
image/png 151.101.65.229
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/joypixels/assets/8.0/png/unicode/64/1f1f7-1f1fa.png

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d471df95018bfa4fadf22ed62f4f9ac12f7c58b7d6c3788d717a535324a56853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 29 Jul 2024 19:27:38 GMT
x-content-type-options: nosniff
age: 2386928
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1549
x-served-by: cache-fra-eddf8230069-FRA, cache-ams2100116-AMS
etag: W/"60d-gU5RX3nVHZhK/yb/nTQO0nK6pD8"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

POST
H/1.1 200
OK keep-alive Show response
xss.is/login/ 166 B
960 B 287ms
286ms XHR
application/json 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/login/keep-alive

Requested by

Host: xss.is
URL: https://xss.is/js/vendor/jquery/jquery-3.5.1.min.js?_v=b263c9d6

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

9a927a6efd0db794fc9646d10b67651d4b4432f5c359b86179b8de40098e645d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://xss.is/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 29 Jul 2024 19:27:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 136
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 29 Jul 2024 19:27:38 GMT
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/index.php
Access-Control-Expose-Headers: Origin
Cache-Control: private, no-cache, max-age=0
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 api.js Show response
hcaptcha.com/1/ 380 KB
108 KB 141ms
67ms Script
application/javascript 104.19.230.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit

Requested by

Host: xss.is
URL: https://xss.is/js/vendor/jquery/jquery-3.5.1.min.js?_v=b263c9d6

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.230.21 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0aa0ea86b380542a85e18bd0a1a3d09c98c82cdb4fa59661db51a47b662a7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 19:27:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
server: cloudflare
age: 0
etag: W/"b28638edf126bf22d652b4f3432b0406"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
cross-origin-resource-policy: cross-origin
cf-ray: 8aaf81e70ff15cc0-KEF
alt-svc: h3=":443"; ma=86400

GET
H3 200 is.json Show response
newassets.hcaptcha.com/captcha/v1/988e468/static/i18n/ 9 KB
4 KB 258ms
185ms XHR
application/json 104.19.229.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/988e468/static/i18n/is.json

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.229.21 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34587ae6132b58d041ede69d569fafcd33dab90577398861a39c275c9330309c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 19:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-length: 3564
server: cloudflare
etag: "9c7173818182f1634f4b4c96d1190dde"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=1209600
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
accept-ranges: bytes
cf-ray: 8aaf81e988e25cbf-KEF
expires: Mon, 12 Aug 2024 19:27:38 GMT

GET
H3 200 hcaptcha.html
newassets.hcaptcha.com/captcha/v1/988e468/static/ Frame 842A 0
0 126ms
65ms Document
text/html 104.19.229.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.229.21 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://xss.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 8aaf81e998e35cbf-KEF
content-encoding: br
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
content-type: text/html
date: Mon, 29 Jul 2024 19:27:38 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Origin
x-content-type-options: nosniff

GET
H3 200 hcaptcha.html
newassets.hcaptcha.com/captcha/v1/988e468/static/ Frame 0577 0
0 122ms
122ms Document
text/html 104.19.229.21
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?onload=XFHCaptchaCallback&render=explicit

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.229.21 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
X-Content-Type-Options	nosniff

Request headers

Referer: https://xss.is/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=1209600
cf-cache-status: HIT
cf-ray: 8aaf81e998e35cbf-KEF
content-encoding: br
content-security-policy: report-uri https://sentry.hcaptcha.com/api/6/security/?sentry_key=30910f52569b4c17b1081ead2dae43b4&sentry_environment=prod&sentry_release=csp1;
content-type: text/html
date: Mon, 29 Jul 2024 19:27:38 GMT
server: cloudflare
vary: Accept-Encoding Origin
x-content-type-options: nosniff

GET
H/1.1 200
OK favicon.png
xss.is/styles/ 3 KB
4 KB 267ms
267ms Other
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/favicon.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

Resource Hash

227da5ef7159c11efab2c270dc5bf053eccb72079ecef8aac0c10da7447d3ddf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.is/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Mon, 29 Jul 2024 19:27:39 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:08 GMT
X-Frame-Options: SAMEORIGIN
Onion-Location: https://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/favicon.png
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Origin
Permissions-Policy: geolocation=(),microphone=(),camera=(),magnetometer=(),gyroscope=()
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2993
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xss.is/	1969-12-31 23:59:59	Name: xf_csrf Value: XhM85ZA_FihbxfDz
			api2.hcaptcha.com/	1970-01-20 22:24:43	Name: __cflb Value: 04dTobrcPfCH2Cv1uxYioAFTikqddqvYDZizMcGEww

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xss.is/ Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
hcaptcha.com
newassets.hcaptcha.com
xss.is
104.19.229.21
104.19.230.21
151.101.65.229
37.187.25.182
03dfedc84a20980d603a024e33b6906e4cd2b1493e4594d7f5332a4bc0240ddc
227da5ef7159c11efab2c270dc5bf053eccb72079ecef8aac0c10da7447d3ddf
304e77733a818935ddeb447ed9d6d6d4f16e44b8cc262ee05c89324ee7afdc6c
34587ae6132b58d041ede69d569fafcd33dab90577398861a39c275c9330309c
3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
7ba4dc2f27d40ef39a66d999bbd7bb131747b70167ed091ba7e8aa5b22de99cd
87c1485b49078a8cf6e2fe375ca6f1db87dd92619672fb6742a094d389ceaf5b
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
9a927a6efd0db794fc9646d10b67651d4b4432f5c359b86179b8de40098e645d
9e47a6bef674d7258ca4576458433953510960993cac4affd1f90f83ac799b63
a0aa0ea86b380542a85e18bd0a1a3d09c98c82cdb4fa59661db51a47b662a7c4
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388
c4368b116bd1bd6886e2ad318162792eac233126fe98b09b20657692b5eaf134
d471df95018bfa4fadf22ed62f4f9ac12f7c58b7d6c3788d717a535324a56853
d9390ab2f391d696580686c979bf2af47be6d60f8b743d5cb2b6c2260f06fbab
e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d
f164331c6c9251b4533ba156fe6f1186f9ef2b8cef06a3afc1fa67fd71c4c6c0
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

xss.is Open in urlscan Pro 37.187.25.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

964 kBTransfer

1828 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

xss.is Open in urlscan Pro
37.187.25.182 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

964 kB
Transfer

1828 kB
Size

2
Cookies

21 HTTP transactions
0 data transactions