URL: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Submission: On November 24 via api from NL — Scanned from CH

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 195.141.185.17, located in Peseux, Switzerland and belongs to SUNRISE Sunrise GmbH, CH. The main domain is webprint.outline.ch.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on November 18th 2024. Valid for: a year.
This is the only time webprint.outline.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 195.141.185.17 6730 (SUNRISE S...)
8 2
Apex Domain
Subdomains
Transfer
7 outline.ch
webprint.outline.ch
143 KB
0 googleapis.com Failed
fonts.googleapis.com Failed
8 2
Domain Requested by
7 webprint.outline.ch webprint.outline.ch
0 fonts.googleapis.com Failed webprint.outline.ch
8 2

This site contains no links.

Subject Issuer Validity Valid
*.outline.ch
RapidSSL TLS RSA CA G1
2024-11-18 -
2025-11-17
a year crt.sh

This page contains 1 frames:

Primary Page: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Frame ID: 27F541E2C8BD1CCEABAFE9C2A5819699
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Login - SMART_Lab

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

143 kB
Transfer

138 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
webprint.outline.ch/
5 KB
6 KB
Document
General
Full URL
https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
cd5d3a36566a3934e454129bb23e0a9d531f975ce8b4272aa551e22410c37a7d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
4886
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Content-Type
text/html; charset=UTF-8
Date
Sun, 24 Nov 2024 09:09:59 GMT
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Referrer-Policy
strict-origin
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
x-Frame-Options
SAMEORIGIN
template.css
webprint.outline.ch/themes/
39 KB
40 KB
Stylesheet
General
Full URL
https://webprint.outline.ch/themes/template.css
Requested by
Host: webprint.outline.ch
URL: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
b87514a5fec5bce53bc86aa2841f40bf761aba87d5cededfa59f872123f7c496
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"9dbb-5a11d2c9a8180"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Wed, 18 Mar 2020 08:52:38 GMT
Content-Type
text/css
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
40379
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
icomoon.css
webprint.outline.ch/themes/_icomoon/
82 KB
83 KB
Stylesheet
General
Full URL
https://webprint.outline.ch/themes/_icomoon/icomoon.css
Requested by
Host: webprint.outline.ch
URL: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
5f7c9ef5c8d651353719b01eb2dbb2f5d5497111a0fbdd1e57a1b60177e64c48
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"1473e-57f191b63f980"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Thu, 10 Jan 2019 11:44:54 GMT
Content-Type
text/css
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
83774
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
style.css
webprint.outline.ch/themes/avaloq/
7 KB
7 KB
Stylesheet
General
Full URL
https://webprint.outline.ch/themes/avaloq/style.css
Requested by
Host: webprint.outline.ch
URL: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
fbcb33dca8e90c9f98887126b1b0393076e89b7b71ecf4fd1b4f4fa466728108
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"1ac9-5ef3a89415b15"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=100
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Wed, 07 Dec 2022 10:39:33 GMT
Content-Type
text/css
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
6857
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
css
fonts.googleapis.com/
0
0

logo-sps.png
webprint.outline.ch/themes/avaloq/
2 KB
3 KB
Image
General
Full URL
https://webprint.outline.ch/themes/avaloq/logo-sps.png
Requested by
Host: webprint.outline.ch
URL: https://webprint.outline.ch/themes/avaloq/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
d3f12396f7bf2d6ac58b67c0f22f50a27ba70296778c78ccf7e3c05e67087fc9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"86b-5ef3a8758f7bc"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Wed, 07 Dec 2022 10:39:01 GMT
Content-Type
image/png
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
2155
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
staempfli_weiss.png
webprint.outline.ch/themes/avaloq/
2 KB
3 KB
Image
General
Full URL
https://webprint.outline.ch/themes/avaloq/staempfli_weiss.png
Requested by
Host: webprint.outline.ch
URL: https://webprint.outline.ch/themes/avaloq/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
f4173d57c665afb16511518953f215e077415f1113823d7cf2ea232a9113ca7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"71a-586a3b7438500"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=99
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Tue, 16 Apr 2019 11:03:16 GMT
Content-Type
image/png
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
1818
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17
favicon.ico
webprint.outline.ch/
1 KB
2 KB
Other
General
Full URL
https://webprint.outline.ch/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.141.185.17 Peseux, Switzerland, ASN6730 (SUNRISE Sunrise GmbH, CH),
Reverse DNS
Software
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17 /
Resource Hash
dc428671ada8b6bfae0866d43a9a88a52689fc620f0f2c250a1221ec3bc73132
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://webprint.outline.ch/

Response headers

ETag
"47e-512a376950480"
Expect-CT
max-age=30, report-uri='https://www.outline.ch/report'
X-Content-Type-Options
nosniff
Keep-Alive
timeout=5, max=98
Date
Sun, 24 Nov 2024 09:09:59 GMT
Last-Modified
Wed, 01 Apr 2015 06:02:42 GMT
Content-Type
image/vnd.microsoft.icon
x-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Connection
Keep-Alive
Referrer-Policy
strict-origin
Accept-Ranges
bytes
Content-Length
1150
X-XSS-Protection
1; mode=block
Server
Apache/2.4.6 (Red Hat Enterprise Linux) PHP/7.2.17

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,regular,italic,600,600italic,700,700italic,800,800italic

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| resizeNavigation function| AVALOQgetDocumentMetrics

1 Cookies

Domain/Path Name / Value
webprint.outline.ch/ Name: PHPSESSID
Value: vm8vva9393rdivo5peq5k78odk

1 Console Messages

Source Level URL
Text
security error URL: https://webprint.outline.ch/?company=%3Ca+href%3D%27javascript:alert(%22xss%22)%27%3Eclick+me%3C/a%3E&hidecompany=1(Line 4)
Message:
Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,regular,italic,600,600italic,700,700italic,800,800italic' because it violates the following Content Security Policy directive: "default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://webprint.outline.ch data: 'unsafe-inline'; script-src 'self' https://webprint.outline.ch 'unsafe-inline' 'unsafe-eval'; img-src data: https:; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block