xss.is
Open in
urlscan Pro
37.187.25.182
Public Scan
Effective URL: https://xss.is/
Submission: On July 29 via manual from US — Scanned from IS
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 17th 2024. Valid for: a year.
This is the only time xss.is was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 37.187.25.182 37.187.25.182 | 16276 (OVH) (OVH) | |
1 | 151.101.65.229 151.101.65.229 | 54113 (FASTLY) (FASTLY) | |
1 | 104.19.230.21 104.19.230.21 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 104.19.229.21 104.19.229.21 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
xss.is
xss.is |
851 KB |
4 |
hcaptcha.com
hcaptcha.com — Cisco Umbrella Rank: 5917 newassets.hcaptcha.com — Cisco Umbrella Rank: 8953 |
112 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410 |
2 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
16 | xss.is |
xss.is
|
3 | newassets.hcaptcha.com |
hcaptcha.com
|
1 | hcaptcha.com |
xss.is
|
1 | cdn.jsdelivr.net |
xss.is
|
21 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
xss.is Sectigo RSA Domain Validation Secure Server CA |
2024-05-17 - 2025-05-20 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
hcaptcha.com WE1 |
2024-07-10 - 2024-10-08 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://xss.is/
Frame ID: B61BF68D0F097092ABF13C2A716C1865
Requests: 19 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html
Frame ID: 842AA5BDCAB6FEDE66F381FD66101176
Requests: 1 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/988e468/static/hcaptcha.html
Frame ID: 057772D047D018D03ABF556143DCDDD4
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Вход | XSS.is (ex DaMaGeLaB)Page URL History Show full URLs
-
http://xss.is/
HTTP 307
https://xss.is/ Page URL
Detected technologies
XenForo (Message Boards) ExpandDetected patterns
hCaptcha (Security) Expand
Detected patterns
- https://hcaptcha.com/([\d]+?)/api.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://xss.is/
HTTP 307
https://xss.is/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
xss.is/ Redirect Chain
|
25 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-light-300.woff2
xss.is/styles/fonts/fa/ |
180 KB 180 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-solid-900.woff2
xss.is/styles/fonts/fa/ |
134 KB 134 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-brands-400.woff2
xss.is/styles/fonts/fa/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.php
xss.is/ |
391 KB 83 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.php
xss.is/ |
33 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preamble.min.js
xss.is/js/xf/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
xss.is/js/vendor/jquery/ |
87 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-compiled.js
xss.is/js/vendor/ |
43 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core-compiled.js
xss.is/js/xf/ |
211 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_signup.min.js
xss.is/js/xf/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
captcha.min.js
xss.is/js/xf/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
triangles.png
xss.is/styles/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-regular-400.woff2
xss.is/styles/fonts/fa/ |
165 KB 165 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f1f7-1f1fa.png
cdn.jsdelivr.net/joypixels/assets/8.0/png/unicode/64/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
keep-alive
xss.is/login/ |
166 B 960 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
hcaptcha.com/1/ |
380 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
is.json
newassets.hcaptcha.com/captcha/v1/988e468/static/i18n/ |
9 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/988e468/static/ Frame 842A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/988e468/static/ Frame 0577 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.png
xss.is/styles/ |
3 KB 4 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| XF function| $ function| jQuery object| Mustache function| autosize function| XFReCaptchaCallback function| XFTurnstileCaptchaCallback function| XFHCaptchaCallback object| Raven object| hcaptcha object| grecaptcha2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
xss.is/ | Name: xf_csrf Value: XhM85ZA_FihbxfDz |
|
api2.hcaptcha.com/ | Name: __cflb Value: 04dTobrcPfCH2Cv1uxYioAFTikqddqvYDZizMcGEww |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
hcaptcha.com
newassets.hcaptcha.com
xss.is
104.19.229.21
104.19.230.21
151.101.65.229
37.187.25.182
03dfedc84a20980d603a024e33b6906e4cd2b1493e4594d7f5332a4bc0240ddc
227da5ef7159c11efab2c270dc5bf053eccb72079ecef8aac0c10da7447d3ddf
304e77733a818935ddeb447ed9d6d6d4f16e44b8cc262ee05c89324ee7afdc6c
34587ae6132b58d041ede69d569fafcd33dab90577398861a39c275c9330309c
3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
7ba4dc2f27d40ef39a66d999bbd7bb131747b70167ed091ba7e8aa5b22de99cd
87c1485b49078a8cf6e2fe375ca6f1db87dd92619672fb6742a094d389ceaf5b
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
9a927a6efd0db794fc9646d10b67651d4b4432f5c359b86179b8de40098e645d
9e47a6bef674d7258ca4576458433953510960993cac4affd1f90f83ac799b63
a0aa0ea86b380542a85e18bd0a1a3d09c98c82cdb4fa59661db51a47b662a7c4
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388
c4368b116bd1bd6886e2ad318162792eac233126fe98b09b20657692b5eaf134
d471df95018bfa4fadf22ed62f4f9ac12f7c58b7d6c3788d717a535324a56853
d9390ab2f391d696580686c979bf2af47be6d60f8b743d5cb2b6c2260f06fbab
e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d
f164331c6c9251b4533ba156fe6f1186f9ef2b8cef06a3afc1fa67fd71c4c6c0
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d