www.xss.securebank.site Open in urlscan Pro
91.142.94.78 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://xss.securebank.site/
Effective URL:
https://www.xss.securebank.site/
Submission: On January 28 via automatic, source certstream-suspicious (January 28th 2022, 10:39:03 am UTC) — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 21 HTTP transactions. The main IP is 91.142.94.78, located in St Petersburg, Russian Federation and belongs to MIRAN-AS Miran DC, RU. The main domain is www.xss.securebank.site.
TLS certificate: Issued by R3 on January 28th 2022. Valid for: 3 months.

This is the only time www.xss.securebank.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 19	91.142.94.78 91.142.94.78	41722 (MIRAN-AS ...) (MIRAN-AS Miran DC)
1	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
21	3

19 91.142.94.78 (St Petersburg, Russian Federation) 1 redirects

ASN41722 (MIRAN-AS Miran DC, RU)
PTR: vl2254.miran.ru

xss.securebank.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.xss.securebank.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	securebank.site 1 redirects xss.securebank.site www.xss.securebank.site	698 KB
2	gstatic.com fonts.gstatic.com	91 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	2 KB
21	3

	Domain	Requested by
18	www.xss.securebank.site	www.xss.securebank.site
2	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	www.xss.securebank.site
1	xss.securebank.site	1 redirects
21	4

This site contains no links.

Subject Issuer	Validity	Valid
xss.securebank.site R3	`2022-01-28` - `2022-04-28`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.xss.securebank.site/
Frame ID: 4D600AC787C5D2B097271E05743741E6
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

XSS Hunter

Page URL History Show full URLs

https://xss.securebank.site/ HTTP 301
https://www.xss.securebank.site/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

791 kB
Transfer

1017 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://xss.securebank.site/ HTTP 301
https://www.xss.securebank.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.xss.securebank.site/
Redirect Chain

https://xss.securebank.site/
https://www.xss.securebank.site/

5 KB
6 KB

266ms
44ms

Document
text/html

91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.xss.securebank.site/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),

Reverse DNS

vl2254.miran.ru

Software

nginx/1.19.10 /

Resource Hash

26a234d2be5c37bdfad8118067e9ee27a4524d143eeb4cae7935034e726391c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' xss.delab.site api.xss.delab.site; style-src 'self' fonts.googleapis.com; img-src 'self' api.xss.delab.site; font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self'; frame-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.19.10
Date: Fri, 28 Jan 2022 10:38:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5218
Connection: keep-alive
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' xss.delab.site api.xss.delab.site; style-src 'self' fonts.googleapis.com; img-src 'self' api.xss.delab.site; font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self'; frame-src 'self'
X-Content-Type-Options: nosniff
X-Frame-Options: deny

Redirect headers

Server: nginx/1.19.10
Date: Fri, 28 Jan 2022 10:38:57 GMT
Content-Type: text/html
Content-Length: 170
Connection: keep-alive
Location: https://www.xss.securebank.site/

GET
H/1.1 200
OK bootstrap.min.css
www.xss.securebank.site/static/css/ 111 KB
112 KB 74ms
74ms Stylesheet
text/css 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/css/bootstrap.min.css
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 125b9cf633ec84123500c02f34b423e9ae4cedd1d6c1f4e7b48b71f763bda416

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "23fdd4e60d5bca15ab7fcbb70446dcec"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 114012

GET
H/1.1 200
OK site.min.css
www.xss.securebank.site/static/css/ 174 KB
175 KB 150ms
79ms Stylesheet
text/css 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/css/site.min.css
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 07713f6d9c5da30496929b8bd30a3cdbe875b591dc3893c0e654df92a7a813af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "d621c2de14f4e2c3eefd547a4a509433"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 178533

GET
H/1.1 200
OK prettify.css
www.xss.securebank.site/static/css/ 2 KB
2 KB 116ms
45ms Stylesheet
text/css 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/css/prettify.css
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 1ceae0d8158ec0e39cbfbfd5c777e3b9d754d809b7cd6160bec3901eb88ff0e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "b3ee55d958b6badce341f16d1644e306"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1570

GET
H/1.1 200
OK main.css
www.xss.securebank.site/static/css/ 359 B
617 B 116ms
45ms Stylesheet
text/css 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/css/main.css
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: c3faed19ca5df755d5b068a34e98abc166204d58a2a54c0d9c6d279dcdf89471

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "66b0032d41ac50df382781d35adb1208"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 359

GET
H2 200 css
fonts.googleapis.com/ 26 KB
2 KB 138ms
50ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,800,700,400italic,600italic,700italic,800italic,300italic

Requested by

Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

035f76cad89b4436226962589da4573cdba89378ed3ef64029e73035d4e122c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Jan 2022 10:38:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 28 Jan 2022 10:38:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jan 2022 10:38:58 GMT

GET
H/1.1 200
OK ie-emulation-modes-warning.js Show response
www.xss.securebank.site/static/js/ 2 KB
2 KB 119ms
47ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/ie-emulation-modes-warning.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 6d7c9f6ece6c8ae31d4ac7728f3db3813364d31b8e2ca8ee816bc57d20d46aea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "a40552917752e3b9dbf39a67177f8dc1"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2130

GET
H/1.1 200
OK site.min.js Show response
www.xss.securebank.site/static/js/ 139 KB
140 KB 193ms
75ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/site.min.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 3c0ccca5c6ae5c3788f3b212cc954f9a39a72ba8078357b6c45af70523f914b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "0c5c508d508d0599a52a885d0d4aa4c9"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 142820

GET
H/1.1 200
OK jquery-2.1.4.min.js Show response
www.xss.securebank.site/static/js/ 82 KB
83 KB 194ms
77ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/jquery-2.1.4.min.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "f9c7afd05729f10f55b689f36bb20172"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 84345

GET
H/1.1 200
OK bootstrap.min.js Show response
www.xss.securebank.site/static/js/ 35 KB
35 KB 205ms
87ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/bootstrap.min.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 5d51d5f4bc972e7d7c48d17fb92c191b55bd1be71533c12ef39fea6365156be0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "4b5018e4e7344caa58de4c18e8f4d2f0"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35558

GET
H/1.1 200
OK ie10-viewport-bug-workaround.js Show response
www.xss.securebank.site/static/js/ 641 B
913 B 170ms
52ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/ie10-viewport-bug-workaround.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: f663fd5d5698e04a8e56de60c13c54abcb6943adcb21c3d5e80866d0eda0604d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "90e29070de7dcd28a451465ec74047be"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 641

GET
H/1.1 200
OK prettify.js Show response
www.xss.securebank.site/static/js/ 62 KB
62 KB 183ms
39ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/prettify.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 271319a0f7370c86291ccd62c0bfdaf058f863dc0057c636f27f68ed294e419f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "7e0d77e2a87aa5480d8a8a336488a1b4"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 63364

GET
H/1.1 200
OK clipboard.min.js Show response
www.xss.securebank.site/static/js/ 9 KB
9 KB 209ms
38ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/clipboard.min.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 404b016f5c9a369726eec56a280c93478da17a52ed0f1fee116838330772ec70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "55db0ff82a3b6b247844ae0d07d85fc6"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8854

GET
H/1.1 200
OK main.js Show response
www.xss.securebank.site/static/js/ 1 KB
2 KB 230ms
43ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/main.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: abefbf9ca8bf85cb82a80089032c5db4c294798a0a5c8422996bafc2c7e0d3e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "518f69e208ff8e4325e680398188777c"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1414

GET
H/1.1 200
OK homepage.css
www.xss.securebank.site/static/css/ 269 B
527 B 116ms
46ms Stylesheet
text/css 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/css/homepage.css
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: fb9355a9e732da1cddd56f3fb81bf545939e0a600e02871650daec8e59af9b21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "53358423654208e711a8360e9f0f852a"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 269

GET
H/1.1 200
OK homepage.js Show response
www.xss.securebank.site/static/js/ 0
270 B 244ms
39ms Script
application/javascript 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/js/homepage.js
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 0

GET
H/1.1 200
OK bg.png
www.xss.securebank.site/static/img/ 46 KB
47 KB 41ms
41ms Image
image/png 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xss.securebank.site/static/img/bg.png
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/static/css/main.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: 895d6b598afdcd51b9552654b012e3ef6578d44e3e0efdb59d33024ead80a5a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.xss.securebank.site/static/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "88ab8ad95a8055d0f3dc4f7dfa075ba0"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47433

GET
H/1.1 200
OK glyphicons-halflings-regular.woff
www.xss.securebank.site/static/fonts/ 23 KB
23 KB 44ms
43ms Font
font/woff 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/fonts/glyphicons-halflings-regular.woff
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/static/css/bootstrap.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash: fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Request headers

Referer: https://www.xss.securebank.site/static/css/bootstrap.min.css
Origin: https://www.xss.securebank.site
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "68ed1dac06bf0409c18ae7bc62889170"
Content-Type: font/woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23320

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 128ms
41ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,800,700,400italic,600italic,700italic,800italic,300italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.xss.securebank.site
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 13:52:02 GMT
x-content-type-options: nosniff
age: 593216
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 21 Jan 2023 13:52:02 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v27/ 47 KB
47 KB 184ms
96ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,600,800,700,400italic,600italic,700italic,800italic,300italic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.xss.securebank.site
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 13:44:20 GMT
x-content-type-options: nosniff
age: 593678
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47836
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:32:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 21 Jan 2023 13:44:20 GMT

GET
H/1.1 200
OK xss_the_wrong_way.mp4
www.xss.securebank.site/static/video/ 208 KB
0 41ms
41ms Media
video/mp4 91.142.94.78
MIRAN-AS Miran DC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xss.securebank.site/static/video/xss_the_wrong_way.mp4
Requested by: Host: www.xss.securebank.site
URL: https://www.xss.securebank.site/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.142.94.78 St Petersburg, Russian Federation, ASN41722 (MIRAN-AS Miran DC, RU),
Reverse DNS: vl2254.miran.ru
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://www.xss.securebank.site/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Range: bytes=0-

Response headers

Date: Fri, 28 Jan 2022 10:38:58 GMT
Last-Modified: Tue, 11 May 2021 10:16:04 GMT
Server: nginx/1.19.10
Etag: "8a401b7040625e54475d1c1434615fcf"
Content-Type: video/mp4
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1075193

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' xss.delab.site api.xss.delab.site; style-src 'self' fonts.googleapis.com; img-src 'self' api.xss.delab.site; font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self'; frame-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
www.xss.securebank.site
xss.securebank.site
2a00:1450:4001:808::200a
2a00:1450:4001:831::2003
91.142.94.78
035f76cad89b4436226962589da4573cdba89378ed3ef64029e73035d4e122c5
07713f6d9c5da30496929b8bd30a3cdbe875b591dc3893c0e654df92a7a813af
125b9cf633ec84123500c02f34b423e9ae4cedd1d6c1f4e7b48b71f763bda416
1ceae0d8158ec0e39cbfbfd5c777e3b9d754d809b7cd6160bec3901eb88ff0e1
26a234d2be5c37bdfad8118067e9ee27a4524d143eeb4cae7935034e726391c8
271319a0f7370c86291ccd62c0bfdaf058f863dc0057c636f27f68ed294e419f
3c0ccca5c6ae5c3788f3b212cc954f9a39a72ba8078357b6c45af70523f914b5
404b016f5c9a369726eec56a280c93478da17a52ed0f1fee116838330772ec70
5d51d5f4bc972e7d7c48d17fb92c191b55bd1be71533c12ef39fea6365156be0
6d7c9f6ece6c8ae31d4ac7728f3db3813364d31b8e2ca8ee816bc57d20d46aea
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
895d6b598afdcd51b9552654b012e3ef6578d44e3e0efdb59d33024ead80a5a4
abefbf9ca8bf85cb82a80089032c5db4c294798a0a5c8422996bafc2c7e0d3e2
c3faed19ca5df755d5b068a34e98abc166204d58a2a54c0d9c6d279dcdf89471
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c
f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23
f663fd5d5698e04a8e56de60c13c54abcb6943adcb21c3d5e80866d0eda0604d
fb9355a9e732da1cddd56f3fb81bf545939e0a600e02871650daec8e59af9b21
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

www.xss.securebank.site Open in urlscan Pro 91.142.94.78 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

67 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

791 kBTransfer

1017 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.xss.securebank.site Open in urlscan Pro
91.142.94.78 Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

791 kB
Transfer

1017 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions