xss.as Open in urlscan Pro
37.187.25.182 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xss.as/threads/74338/
Submission: On December 19 via manual (December 19th 2022, 8:56:50 am UTC) from CZ — Scanned from FR

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 37.187.25.182, located in France and belongs to OVH, FR. The main domain is xss.as.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 7th 2022. Valid for: a year.

This is the only time xss.as was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
19	37.187.25.182 37.187.25.182		16276 (OVH) (OVH)
19	1

19 37.187.25.182 (France)

ASN16276 (OVH, FR)
PTR: ns314150.ip-37-187-25.eu

xss.as	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xss.is	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	xss.as xss.as	919 KB
1	xss.is xss.is	3 KB
19	2

	Domain	Requested by
18	xss.as	xss.as
1	xss.is	xss.as
19	2

This site contains no links.

Subject Issuer	Validity	Valid
xss.as Sectigo RSA Domain Validation Secure Server CA	`2022-05-07` - `2023-05-21`	a year	crt.sh
xss.is Sectigo RSA Domain Validation Secure Server CA	`2022-05-07` - `2023-05-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://xss.as/threads/74338/
Frame ID: 30AB469BBDEB86B7E5FDAB125347914C
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Вход | XSS.is (ex DaMaGeLaB)

Detected technologies

XenForo (Message Boards) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

921 kB
Transfer

1507 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 403
Forbidden Primary Request / Show response
xss.as/threads/74338/ 27 KB
10 KB 288ms
213ms Document
text/html 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

08265bbb585965530b43bcf8a33273ed35ab097c15c3ff5deeea76ab982a39c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 9539
Content-Security-Policy: upgrade-insecure-requests
Content-Type: text/html; charset=utf-8
Date: Mon, 19 Dec 2022 08:56:45 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Mon, 19 Dec 2022 08:56:45 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-light-300.woff2
xss.as/styles/fonts/fa/ 180 KB
180 KB 239ms
239ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/styles/fonts/fa/fa-light-300.woff2?_v=5.15.3

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.as/threads/74338/
Origin: https://xss.as
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 09 Jul 2021 09:10:56 GMT
Server: nginx
ETag: "2cf50-5c6ad2631e800"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-light-300.woff2?_v=5.15.3
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 184144
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-solid-900.woff2
xss.as/styles/fonts/fa/ 134 KB
134 KB 301ms
245ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.as/threads/74338/
Origin: https://xss.as
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 09 Jul 2021 09:10:56 GMT
Server: nginx
ETag: "21678-5c6ad2631e800"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-solid-900.woff2?_v=5.15.3
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 136824
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-brands-400.woff2
xss.as/styles/fonts/fa/ 75 KB
75 KB 289ms
230ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.as/threads/74338/
Origin: https://xss.as
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 09 Jul 2021 09:10:56 GMT
Server: nginx
ETag: "12bc4-5c6ad2631e800"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-brands-400.woff2?_v=5.15.3
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 76740
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK css.php
xss.as/ 390 KB
83 KB 308ms
256ms Stylesheet
text/css 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1671382903&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

b8476e8f3f074c0684038a87319a889250eaea36d5724717dbef2a93899dbdc2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sun, 18 Dec 2022 17:01:43 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1671382903&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 83933
X-XSS-Protection: 1; mode=block
Expires: Tue, 19 Dec 2023 08:56:45 GMT

GET
H/1.1 200
OK css.php
xss.as/ 39 KB
10 KB 241ms
187ms Stylesheet
text/css 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

46b4b2521efc90b30e67d336e07d46caf7721a13c5f32aa82ef65dfe0b3ab304

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sun, 18 Dec 2022 17:01:43 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98
Cache-Control: public, max-age=31536000
Connection: keep-alive
Content-Length: 9068
X-XSS-Protection: 1; mode=block
Expires: Tue, 19 Dec 2023 08:56:45 GMT

GET
H/1.1 200
OK preamble.min.js Show response
xss.as/js/xf/ 3 KB
2 KB 222ms
162ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/xf/preamble.min.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

c803ce6d437915781a624a97755010f88deffd73bcf1a8e40fe98fc2d0e1ca3d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:45 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sat, 10 Dec 2022 23:24:02 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "d33-5ef8190c5e937-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/preamble.min.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1662
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK christmastree.png
xss.as/styles/ 37 KB
37 KB 377ms
225ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.as/styles/christmastree.png

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

1f31ee7437c7fe3abd3521f16ae6923704d97f1f83fea7e4018216bb840ee4cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:09 GMT
Server: nginx
ETag: "9330-5b5a41704ae40"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/christmastree.png
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37680
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 12.png
xss.is/files/trofy/ 2 KB
3 KB 239ms
160ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.is/files/trofy/12.png

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

73534a76017cc3eb62ab3bb763ca61935b8ac0d0b57ead25daae372f63671645

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:04 GMT
Server: nginx
ETag: "816-5b5a416b86300"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/files/trofy/12.png
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2070
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
xss.as/js/vendor/jquery/ 87 KB
31 KB 212ms
212ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/vendor/jquery/jquery-3.5.1.min.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Fri, 04 Dec 2020 14:20:43 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "15d84-5b5a42e80a4c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/jquery/jquery-3.5.1.min.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30910
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vendor-compiled.js Show response
xss.as/js/vendor/ 43 KB
13 KB 180ms
179ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/vendor/vendor-compiled.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 16 Sep 2021 19:37:57 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "aab8-5cc21f3a1af40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/vendor/vendor-compiled.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12823
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK core-compiled.js Show response
xss.as/js/xf/ 209 KB
61 KB 240ms
239ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/xf/core-compiled.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

24e884826b5cd569ce84c3359aa45f74b5f2fc4ea999ec5a351f2f654b024b18

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sat, 10 Dec 2022 23:24:02 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "3439d-5ef8190c65697-gzip"
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Vary: Accept-Encoding
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/core-compiled.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK login_signup.min.js Show response
xss.as/js/xf/ 3 KB
2 KB 176ms
175ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/xf/login_signup.min.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

87c1485b49078a8cf6e2fe375ca6f1db87dd92619672fb6742a094d389ceaf5b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Thu, 19 May 2022 22:11:56 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "c92-5df64a9736a5f-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/login_signup.min.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1363
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK notice.min.js Show response
xss.as/js/xf/ 4 KB
2 KB 162ms
161ms Script
application/javascript 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/js/xf/notice.min.js?_v=b5926b6a

Requested by

Host: xss.as
URL: https://xss.as/threads/74338/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

a5dcfd1d44af85302c19886c111e277273cca860febaae5f8cdb0de61733b44b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/threads/74338/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Sat, 10 Dec 2022 23:24:02 GMT
Server: nginx
Content-Security-Policy: upgrade-insecure-requests
ETag: "e4e-5ef8190c58b77-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/js/xf/notice.min.js?_v=b5926b6a
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1532
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK snow.png
xss.as/styles/ 60 KB
60 KB 390ms
225ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.as/styles/snow.png

Requested by

Host: xss.as
URL: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

fd0cffc7a6193bca5b6e62b94f8e524d16601adc55fe580f65cb2c97815ff9e2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:08 GMT
Server: nginx
ETag: "ef00-5b5a416f56c00"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/snow.png
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 61184
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK snow2.png
xss.as/styles/ 4 KB
4 KB 329ms
158ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.as/styles/snow2.png

Requested by

Host: xss.as
URL: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

df26c2d2673c42329d9335552d8d430f9a3e1f3222e1f1c5d53c902fd345997c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:09 GMT
Server: nginx
ETag: "f5b-5b5a41704ae40"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/snow2.png
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3931
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK snow3.png
xss.as/styles/ 47 KB
47 KB 380ms
210ms Image
image/png 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xss.as/styles/snow3.png

Requested by

Host: xss.as
URL: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

9b1bf5d630dc697c844aca5cc0b5624511d6078fa83a621eb7084dbea33d6da0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://xss.as/css.php?css=public%3Anotices.less%2Cpublic%3Axb.less%2Cpublic%3Aextra.less&s=3&l=3&d=1671382903&k=765da1c6ce88b089eabaea3527161c58a7399f98
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 04 Dec 2020 14:14:08 GMT
Server: nginx
ETag: "bba6-5b5a416f56c00"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/snow3.png
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 48038
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fa-regular-400.woff2
xss.as/styles/fonts/fa/ 165 KB
165 KB 225ms
208ms Font
font/woff2 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3

Requested by

Host: xss.as
URL: https://xss.as/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1671382903&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xss.as/css.php?css=public%3Anormalize.css%2Cpublic%3Afa.css%2Cpublic%3Acore.less%2Cpublic%3Aapp.less&s=3&l=3&d=1671382903&k=fc0bcc7842c219b1346cd9ebf9b24b8f70e44f9c
Origin: https://xss.as
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Last-Modified: Fri, 09 Jul 2021 09:10:56 GMT
Server: nginx
ETag: "29340-5c6ad2631e800"
X-Frame-Options: SAMEORIGIN
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/styles/fonts/fa/fa-regular-400.woff2?_v=5.15.3
Content-Type: font/woff2
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 168768
X-XSS-Protection: 1; mode=block

POST
H/1.1 200
OK keep-alive Show response
xss.as/login/ 166 B
819 B 194ms
194ms XHR
application/json 37.187.25.182
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://xss.as/login/keep-alive

Requested by

Host: xss.as
URL: https://xss.as/js/vendor/jquery/jquery-3.5.1.min.js?_v=b5926b6a

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

37.187.25.182 , France, ASN16276 (OVH, FR),

Reverse DNS

ns314150.ip-37-187-25.eu

Software

nginx /

Resource Hash

f7ecf453d5978f8d4bb0e3f203e1f548498a52bc1f0deedd6ac5bf0739150d6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://xss.as/threads/74338/
X-Requested-With: XMLHttpRequest
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 19 Dec 2022 08:56:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Connection: keep-alive
Content-Length: 134
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 19 Dec 2022 08:56:46 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN, SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Onion-Location: http://xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid.onion/login/keep-alive
Cache-Control: private, no-cache, max-age=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			xss.as/	1969-12-31 23:59:59	Name: xf_csrf Value: PGlThpMIOHmLzSmY

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://xss.as/threads/74338/ Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

xss.as
xss.is
37.187.25.182
08265bbb585965530b43bcf8a33273ed35ab097c15c3ff5deeea76ab982a39c4
1f31ee7437c7fe3abd3521f16ae6923704d97f1f83fea7e4018216bb840ee4cd
24e884826b5cd569ce84c3359aa45f74b5f2fc4ea999ec5a351f2f654b024b18
3507ca14c84cbffccd872e634a84d93f50882c817e66ffdf2643a7ed884a205e
46b4b2521efc90b30e67d336e07d46caf7721a13c5f32aa82ef65dfe0b3ab304
4de49631fe60b17010f7cda29a6236ca6ad6102ea204e5c31d2c1e79ee276938
73534a76017cc3eb62ab3bb763ca61935b8ac0d0b57ead25daae372f63671645
87c1485b49078a8cf6e2fe375ca6f1db87dd92619672fb6742a094d389ceaf5b
943efdb4b38963df0653d778f233b55db3e19f44794e4ff944e33b8849dcdb3c
9b1bf5d630dc697c844aca5cc0b5624511d6078fa83a621eb7084dbea33d6da0
a5dcfd1d44af85302c19886c111e277273cca860febaae5f8cdb0de61733b44b
b8476e8f3f074c0684038a87319a889250eaea36d5724717dbef2a93899dbdc2
c2497d559960ba9e1c68f41674e8bc980d3b229155e068bc7f42f157f81c4388
c803ce6d437915781a624a97755010f88deffd73bcf1a8e40fe98fc2d0e1ca3d
df26c2d2673c42329d9335552d8d430f9a3e1f3222e1f1c5d53c902fd345997c
e9f0d24d1230e0a5760800e4a1657801cff8edf2ba87a05c5d96f74ce44ec06d
f7ecf453d5978f8d4bb0e3f203e1f548498a52bc1f0deedd6ac5bf0739150d6f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fd0cffc7a6193bca5b6e62b94f8e524d16601adc55fe580f65cb2c97815ff9e2

xss.as Open in urlscan Pro 37.187.25.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

1 Countries

921 kBTransfer

1507 kBSize

1 Cookies

0 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

xss.as Open in urlscan Pro
37.187.25.182 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

921 kB
Transfer

1507 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions