xss.is Open in urlscan Pro
190.123.45.42 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://xss.is/
Effective URL:
https://xss.is/
Submission: On May 18 via manual (May 18th 2021, 12:44:33 pm UTC) from UA

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 190.123.45.42, located in Panama and belongs to Panamaserver.com, PA. The main domain is xss.is.
TLS certificate: Issued by R3 on March 29th 2021. Valid for: 3 months.

This is the only time xss.is was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 15	190.123.45.42 190.123.45.42		52284 (Panamaser...) (Panamaserver.com)
14	1

15 190.123.45.42 (Panama) 1 redirects

ASN52284 (Panamaserver.com, PA)

xss.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	xss.is 1 redirects xss.is	870 KB
14	1

	Domain	Requested by
15	xss.is	1 redirects xss.is
14	1

This site contains no links.

Subject Issuer	Validity	Valid
xss.is R3	`2021-03-29` - `2021-06-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xss.is/
Frame ID: D26A7C541FEF330A0400545A9AEE5A51
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://xss.is/ HTTP 301
https://xss.is/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

870 kB
Transfer

1481 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://xss.is/ HTTP 301
https://xss.is/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

403
Forbidden

Primary Request

Cookie set / Show response
xss.is/
Redirect Chain

http://xss.is/
https://xss.is/

25 KB
9 KB

1421ms
825ms

Document
text/html

190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

c3aecb05e282aaeee4e3611e6749ee2b00dcec1ace9fca18b14a497bfe4486ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: xss.is
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Tue, 18 May 2021 12:43:53 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8660
Connection: keep-alive
X-Frame-Options: SAMEORIGIN SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Tue, 18 May 2021 12:43:53 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: xf_csrf=nodoF_CRCLSkeG1W; path=/; secure;HttpOnly;Secure
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests

Redirect headers

Server: nginx
Date: Tue, 18 May 2021 12:43:51 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://xss.is/

GET
H/1.1 200
OK fa-light-300.woff2
xss.is/styles/fonts/fa/ 185 KB
186 KB 1086ms
1085ms Font
font/woff2 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-light-300.woff2?_v=5.15.1

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

a96c21672b34a2f47197f6d5ae5ae4b6012d6fac6cfca1c851f66901c9c8abf4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://xss.is
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Origin: https://xss.is
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:53 GMT
Last-Modified: Fri, 18 Dec 2020 11:28:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "2e4d0-5b6bb6825514c"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-light-300.woff2?_v=5.15.1
Content-Type: font/woff2
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 189648
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-solid-900.woff2
xss.is/styles/fonts/fa/ 138 KB
138 KB 3521ms
902ms Font
font/woff2 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.1

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://xss.is
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Origin: https://xss.is
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Last-Modified: Fri, 18 Dec 2020 11:28:26 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "226c4-5b6bb6826996e"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.1
Content-Type: font/woff2
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 140996
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-brands-400.woff2
xss.is/styles/fonts/fa/ 77 KB
77 KB 3691ms
1067ms Font
font/woff2 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.1

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://xss.is
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Origin: https://xss.is
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Last-Modified: Fri, 18 Dec 2020 11:28:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "13280-5b6bb6824092a"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.1
Content-Type: font/woff2
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 78464
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK css.php
xss.is/ 387 KB
82 KB 2422ms
979ms Stylesheet
text/css 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1620747032&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

a5133b4cab45c6947107a9be2b5c6334c9314b9ab728a78b185fff75c36bc342

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 15:30:32 GMT
Server: nginx
Connection: keep-alive
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1620747032&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=31536000
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 83303
X-XSS-Protection: 1; mode=block
Expires: Wed, 18 May 2022 12:43:55 GMT

GET
H/1.1 200
OK css.php
xss.is/ 41 KB
10 KB 3381ms
789ms Stylesheet
text/css 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1620747032&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

1f10840248f19c77f1319eca5094eef8f8d7024751bdb35abe8158bc7f42a11f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Content-Encoding: gzip
Last-Modified: Tue, 11 May 2021 15:30:32 GMT
Server: nginx
Connection: keep-alive
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1620747032&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806
Content-Type: text/css; charset=utf-8
Cache-Control: public, max-age=31536000
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 9040
X-XSS-Protection: 1; mode=block
Expires: Wed, 18 May 2022 12:43:56 GMT

GET
H/1.1 200
OK preamble.min.js Show response
xss.is/js/xf/ 3 KB
2 KB 3354ms
722ms Script
application/javascript 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/preamble.min.js?_v=488363e0

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

b48fc223d524430ef86336e524ca8b95b74927ca840abc04a0407b58e5905823

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Dec 2020 14:20:45 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "c4a-5b5a42e9f2940-gzip"
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/preamble.min.js?_v=488363e0
Content-Type: application/javascript
Connection: keep-alive
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 1561
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
xss.is/js/vendor/jquery/ 87 KB
31 KB 3710ms
1075ms Script
application/javascript 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/vendor/jquery/jquery-3.5.1.min.js?_v=488363e0

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Dec 2020 14:20:43 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "15d84-5b5a42e80a4c0-gzip"
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/jquery/jquery-3.5.1.min.js?_v=488363e0
Content-Type: application/javascript
Connection: keep-alive
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 30910
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vendor-compiled.js Show response
xss.is/js/vendor/ 69 KB
21 KB 4077ms
1295ms Script
application/javascript 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/vendor/vendor-compiled.js?_v=488363e0

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

a97392a02775136f7fcda1786540414e4a6595f79c49dc1bc9c790f472a9a9f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Dec 2020 14:20:43 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "113ab-5b5a42e80a4c0-gzip"
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/vendor-compiled.js?_v=488363e0
Content-Type: application/javascript
Connection: keep-alive
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 21176
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK core-compiled.js Show response
xss.is/js/xf/ 218 KB
63 KB 4629ms
1274ms Script
application/javascript 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/core-compiled.js?_v=488363e0

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

5836492f7617953671b0b5faa16b643227ceccf95487fbad44ae5d41de9df960

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 May 2021 14:21:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "36888-5c195ea654813-gzip"
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/core-compiled.js?_v=488363e0
Content-Type: application/javascript
Connection: keep-alive
Transfer-Encoding: chunked
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK login_signup.min.js Show response
xss.is/js/xf/ 4 KB
2 KB 4279ms
898ms Script
application/javascript 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/js/xf/login_signup.min.js?_v=488363e0

Requested by

Host: xss.is
URL: https://xss.is/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

6647d0f2f0e0151d2cd9b8c106b1fb665278194cbd516bb4f41b57c5f3b90ada

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://xss.is/
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:57 GMT
Content-Encoding: gzip
Last-Modified: Fri, 04 Dec 2020 14:20:44 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "10c6-5b5a42e8fe700-gzip"
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/login_signup.min.js?_v=488363e0
Content-Type: application/javascript
Connection: keep-alive
Content-Security-Policy: upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 1816
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK triangles.png
xss.is/styles/ 77 KB
77 KB 1422ms
995ms Image
image/png 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.is/styles/triangles.png

Requested by

Host: xss.is
URL: https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1620747032&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

9e47a6bef674d7258ca4576458433953510960993cac4affd1f90f83ac799b63

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1620747032&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Referer: https://xss.is/css.php?css=public%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1620747032&k=76cd1bac8788c42b735a81be3fe0f7ac622d7806
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:57 GMT
Last-Modified: Fri, 04 Dec 2020 14:14:08 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "1331c-5b5a416f56c00"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/triangles.png
Content-Type: image/png
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 78620
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-regular-400.woff2
xss.is/styles/fonts/fa/ 170 KB
170 KB 1495ms
1175ms Font
font/woff2 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.1

Requested by

Host: xss.is
URL: https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1620747032&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

4e4cc2d5669ad1bb831c050c273dbf760a070eb5f413458cf5cd7625c594a583

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://xss.is
Accept-Encoding: gzip, deflate, br
Host: xss.is
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1620747032&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Origin: https://xss.is
Referer: https://xss.is/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1620747032&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 18 May 2021 12:43:57 GMT
Last-Modified: Fri, 18 Dec 2020 11:28:26 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "2a61c-5b6bb6825fd2d"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.1
Content-Type: font/woff2
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 173596
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK keep-alive Show response
xss.is/login/ 166 B
822 B 791ms
791ms XHR
application/json 190.123.45.42
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.is/login/keep-alive

Requested by

Host: xss.is
URL: https://xss.is/js/vendor/jquery/jquery-3.5.1.min.js?_v=488363e0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

190.123.45.42 , Panama, ASN52284 (Panamaserver.com, PA),

Reverse DNS

Software

nginx /

Resource Hash

fd6001222ffc75dc029f000221e0631e684f8186725bd2c621a6c69fcd47a7ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: cors
Origin: https://xss.is
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Cookie: xf_csrf=nodoF_CRCLSkeG1W
Connection: keep-alive
Content-Length: 75
Pragma: no-cache
Host: xss.is
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Cache-Control: no-cache
Referer: https://xss.is/
Sec-Fetch-Site: same-origin
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://xss.is/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Tue, 18 May 2021 12:43:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 137
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 18 May 2021 12:43:58 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/login/keep-alive
Content-Type: application/json; charset=utf-8
Cache-Control: private, no-cache, max-age=0
Content-Security-Policy: upgrade-insecure-requests
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xss.is/	1969-12-31 23:59:59	Name: xf_ls Value: %7B%22cacheKey%22%3A%226597dd3995db64c1a11b7969dc5af31b%22%7D
			xss.is/	1969-12-31 23:59:59	Name: xf_csrf Value: nodoF_CRCLSkeG1W

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xss.is
190.123.45.42
1f10840248f19c77f1319eca5094eef8f8d7024751bdb35abe8158bc7f42a11f
4e4cc2d5669ad1bb831c050c273dbf760a070eb5f413458cf5cd7625c594a583
5836492f7617953671b0b5faa16b643227ceccf95487fbad44ae5d41de9df960
59beb1f8f4ea7e16c50ae0652005e6f7a39f58f9deb0e155d8c8981ea99544b0
6647d0f2f0e0151d2cd9b8c106b1fb665278194cbd516bb4f41b57c5f3b90ada
8b5a3ff47c2413e0bf3dd3bb7899a25aeef9b390a055847a1185a39ad48a2da2
9e47a6bef674d7258ca4576458433953510960993cac4affd1f90f83ac799b63
a5133b4cab45c6947107a9be2b5c6334c9314b9ab728a78b185fff75c36bc342
a96c21672b34a2f47197f6d5ae5ae4b6012d6fac6cfca1c851f66901c9c8abf4
a97392a02775136f7fcda1786540414e4a6595f79c49dc1bc9c790f472a9a9f3
b48fc223d524430ef86336e524ca8b95b74927ca840abc04a0407b58e5905823
c3aecb05e282aaeee4e3611e6749ee2b00dcec1ace9fca18b14a497bfe4486ff
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd6001222ffc75dc029f000221e0631e684f8186725bd2c621a6c69fcd47a7ae

xss.is Open in urlscan Pro 190.123.45.42 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

870 kBTransfer

1481 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

xss.is Open in urlscan Pro
190.123.45.42 Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

870 kB
Transfer

1481 kB
Size

2
Cookies

14 HTTP transactions
0 data transactions