anti-xss-demo.suckup.de Open in urlscan Pro
81.169.188.94 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://anti-xss-demo.suckup.de/
Effective URL:
https://anti-xss-demo.suckup.de/
Submission: On May 06 via api (May 6th 2024, 2:56:07 pm UTC) from US — Scanned from DE

Summary HTTP 13 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 13 HTTP transactions. The main IP is 81.169.188.94, located in Germany and belongs to STRATO STRATO AG, DE. The main domain is anti-xss-demo.suckup.de.
TLS certificate: Issued by R3 on April 22nd 2024. Valid for: 3 months.

This is the only time anti-xss-demo.suckup.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	81.169.188.94 81.169.188.94	6724 (STRATO ST...) (STRATO STRATO AG)
2	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
13	4

9 81.169.188.94 (Germany)

ASN6724 (STRATO STRATO AG, DE)
PTR: moelleken.org

anti-xss-demo.suckup.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	suckup.de anti-xss-demo.suckup.de	208 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 380 fonts.googleapis.com — Cisco Umbrella Rank: 33	42 KB
1	gstatic.com fonts.gstatic.com	48 KB
13	3

	Domain	Requested by
9	anti-xss-demo.suckup.de	anti-xss-demo.suckup.de
2	ajax.googleapis.com	anti-xss-demo.suckup.de
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	ajax.googleapis.com
13	4

This site contains links to these domains. Also see Links.

Domain
github.com
www.bioinformatics.org
htmlpurifier.org
hackingforsecurity.blogspot.de
moelleken.org

Subject Issuer	Validity	Valid
anti-xss-demo.suckup.de R3	`2024-04-22` - `2024-07-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://anti-xss-demo.suckup.de/
Frame ID: DDB65F0C70A135321B8125890C11C39E
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Anti-XSS for PHP

Page URL History Show full URLs

http://anti-xss-demo.suckup.de/ HTTP 307
https://anti-xss-demo.suckup.de/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

298 kB
Transfer

771 kB
Size

1
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/voku/anti-xss/
Title: github.com/voku/anti-xss

Search URL Search Domain Scan URL

URL: https://github.com/voku/anti-xss/tree/master/tests
Title: PHPUnit tests

Search URL Search Domain Scan URL

URL: https://github.com/cure53/DOMPurify
Title: DOMPurify

Search URL Search Domain Scan URL

URL: https://github.com/leizongmin/js-xss/
Title: JS-XSS

Search URL Search Domain Scan URL

URL: https://github.com/GrahamCampbell/Laravel-Security
Title: LaravelSecurity

Search URL Search Domain Scan URL

URL: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_TESTCASE.txt
Title: www.bioinformatics.org

Search URL Search Domain Scan URL

URL: http://htmlpurifier.org/live/smoketests/xssAttacks.php
Title: htmlpurifier.org

Search URL Search Domain Scan URL

URL: http://hackingforsecurity.blogspot.de/2013/11/xss-cheat-sheet-huge-list.html
Title: hackingforsecurity.blogspot.de

Search URL Search Domain Scan URL

URL: https://github.com/voku/anti-xss--demo
Title: here

Search URL Search Domain Scan URL

URL: http://moelleken.org/
Title: LARS MOELLEKEN

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://anti-xss-demo.suckup.de/ HTTP 307
https://anti-xss-demo.suckup.de/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
anti-xss-demo.suckup.de/
Redirect Chain

http://anti-xss-demo.suckup.de/
https://anti-xss-demo.suckup.de/

176 KB
19 KB

389ms
174ms

Document
text/html

81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://anti-xss-demo.suckup.de/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

moelleken.org

Software

nginx /

Resource Hash

456fef7ccfec2031e3ff5e6023600305de8a8a13ae2b2ea116e21267bfa5590b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 06 May 2024 14:56:02 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-clacks-overhead: GNU Terry Pratchett
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

Location: https://anti-xss-demo.suckup.de/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 font-awesome.min.css
anti-xss-demo.suckup.de/vendor/bower/font-awesome/css/ 23 KB
6 KB 56ms
53ms Stylesheet
text/css 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/vendor/bower/font-awesome/css/font-awesome.min.css
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: 541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 20:45:20 GMT
server: nginx
etag: W/"5d5472e0-5cbb"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=604800, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
expires: Mon, 13 May 2024 14:56:02 GMT

GET
H2 200 app.css
anti-xss-demo.suckup.de/css-min/ 122 KB
21 KB 60ms
57ms Stylesheet
text/css 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/css-min/app.css
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: 6bb47b406f88696a2bf7ede3292efe9df3c6f289b6892d9bb8652198c374ae61

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 20:45:19 GMT
server: nginx
etag: W/"5d5472df-1e701"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=604800, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
expires: Mon, 13 May 2024 14:56:02 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
33 KB 155ms
43ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 18:12:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247397
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33507
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 May 2025 18:12:45 GMT

GET
H2 200 modernizr.custom.js Show response
anti-xss-demo.suckup.de/vendor/ 17 KB
7 KB 105ms
104ms Script
application/javascript 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/vendor/modernizr.custom.js
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: 8e45c77714272e16560a06175e23438903ddf9cd3e53225ea99e16fa5ebf68c5

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 20:45:20 GMT
server: nginx
etag: W/"5d5472e0-4301"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
expires: Mon, 13 May 2024 14:56:02 GMT

GET
H2 200 plugins.js Show response
anti-xss-demo.suckup.de/js-min/ 154 KB
50 KB 109ms
108ms Script
application/javascript 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/js-min/plugins.js
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: c565b2406d31c61d1472b446e45d1bfa289f8cf975eedc4e895c6985e99e2b70

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 20:45:19 GMT
server: nginx
etag: W/"5d5472df-26848"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
expires: Mon, 13 May 2024 14:56:02 GMT

GET
H2 200 app.js Show response
anti-xss-demo.suckup.de/js-min/ 1 KB
831 B 110ms
109ms Script
application/javascript 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/js-min/app.js
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: bd03e0877fd2d9968a7a6ced8b8afe70cd2cc7c439668ad41ebf21e98a54bf7d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 20:45:19 GMT
server: nginx
etag: W/"5d5472df-40a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
expires: Mon, 13 May 2024 14:56:02 GMT

GET
H2 200 bg.jpg
anti-xss-demo.suckup.de/images/ 81 KB
82 KB 66ms
66ms Image
image/jpeg 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anti-xss-demo.suckup.de/images/bg.jpg
Requested by: Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/css-min/app.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: 3fbff5d5388be6468d70ff21200efd679314027b77567df34e28176cfbedbdef

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/css-min/app.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 06 May 2024 14:56:02 GMT
last-modified: Wed, 14 Aug 2019 20:45:19 GMT
server: nginx
etag: "5d5472df-144b3"
content-type: image/jpeg
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate, post-check=0, pre-check=0
accept-ranges: bytes
content-length: 83123
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 glyphicons-halflings-regular.woff
anti-xss-demo.suckup.de/fonts/ 23 KB
23 KB 51ms
51ms Font
font/woff 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL

https://anti-xss-demo.suckup.de/fonts/glyphicons-halflings-regular.woff

Requested by

Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/css-min/app.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),

Reverse DNS

moelleken.org

Software

nginx /

Resource Hash

63faf0af44a428f182686f0d924bb30e369a9549630c7b98a969394f58431067

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/css-min/app.css
Origin: https://anti-xss-demo.suckup.de
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 06 May 2024 14:56:02 GMT
x-clacks-overhead: GNU Terry Pratchett
x-content-type-options: nosniff
last-modified: Wed, 14 Aug 2019 20:45:19 GMT
server: nginx
etag: "5d5472df-5afc"
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: https://anti-xss-demo.suckup.de
accept-ranges: bytes
content-length: 23292

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 16 KB
6 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js

Requested by

Host: anti-xss-demo.suckup.de
URL: https://anti-xss-demo.suckup.de/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 02 May 2024 10:49:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 360386
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6490
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 May 2025 10:49:36 GMT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
2 KB 148ms
51ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,800

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

66bbba608d89c20a2ebc0c02937450fb503204cd9ab55e4ae0dfac7b73d98c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 06 May 2024 14:56:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 06 May 2024 14:56:02 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 136ms
41ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,800

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://anti-xss-demo.suckup.de
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Fri, 03 May 2024 22:45:56 GMT
x-content-type-options: nosniff
age: 231006
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 May 2025 22:45:56 GMT

GET
H2 404 favicon.ico
anti-xss-demo.suckup.de/images/ 514 B
536 B 55ms
54ms Other
text/html 81.169.188.94
STRATO STRATO AG

General

Check archive.org

Show headers Download Go to

Full URL: https://anti-xss-demo.suckup.de/images/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.169.188.94 , Germany, ASN6724 (STRATO STRATO AG, DE),
Reverse DNS: moelleken.org
Software: nginx /
Resource Hash: 980553cc60fea22e77d4de8a8eaf7a0b3a544e7e5a663e97dd19c8be523029c2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://anti-xss-demo.suckup.de/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 06 May 2024 14:56:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			anti-xss-demo.suckup.de/	1969-12-31 23:59:59	Name: PHPSESSID Value: 61apne6afqqu6395j6jrnkqc1h

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://anti-xss-demo.suckup.de/images/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
anti-xss-demo.suckup.de
fonts.googleapis.com
fonts.gstatic.com
2a00:1450:4001:806::2003
2a00:1450:4001:80b::200a
2a00:1450:4001:812::200a
81.169.188.94
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3fbff5d5388be6468d70ff21200efd679314027b77567df34e28176cfbedbdef
456fef7ccfec2031e3ff5e6023600305de8a8a13ae2b2ea116e21267bfa5590b
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
63faf0af44a428f182686f0d924bb30e369a9549630c7b98a969394f58431067
66bbba608d89c20a2ebc0c02937450fb503204cd9ab55e4ae0dfac7b73d98c6d
6bb47b406f88696a2bf7ede3292efe9df3c6f289b6892d9bb8652198c374ae61
8e45c77714272e16560a06175e23438903ddf9cd3e53225ea99e16fa5ebf68c5
980553cc60fea22e77d4de8a8eaf7a0b3a544e7e5a663e97dd19c8be523029c2
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
bd03e0877fd2d9968a7a6ced8b8afe70cd2cc7c439668ad41ebf21e98a54bf7d
c565b2406d31c61d1472b446e45d1bfa289f8cf975eedc4e895c6985e99e2b70
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

anti-xss-demo.suckup.de Open in urlscan Pro 81.169.188.94 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

4 IPs

1 Countries

298 kBTransfer

771 kBSize

1 Cookies

10 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

anti-xss-demo.suckup.de Open in urlscan Pro
81.169.188.94 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

1
Countries

298 kB
Transfer

771 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions