Threat Investigation

oast.fun

Trusted High Traffic Tranco #15,185

oast.fun operates primarily as a developer platform, focusing on security testing infrastructure. oast.fun is a public server for Interactsh, an open-source tool used to detect out-of-band interactions during security testing. It helps security researchers identify vulnerabilities like SSRF and RCE by providing a destination for external network requests. It is operated by ProjectDiscovery.

security testingvulnerability detectionoastssrf
Network Infrastructure

Historical and current IP address mappings for this domain.

Community Intelligence

Real experiences from people who visited this domain

Recent Threat Analysis

URLert analyzed recent scan activity for oast.fun

No public scans recorded recently

Be the first to run a threat analysis on this domain.

Security Considerations

While oast.fun is an established platform, these capabilities require extra vigilance.

Custom Subdomains

oast.fun allows users to create custom addresses like "anything.oast.fun". An address like "paypal-secure.oast.fun" may look official but is actually controlled by whoever registered that subdomain—not ProjectDiscovery.

Remember: The platform itself is established, but even established platforms can be abused.

Developer API

Integrate Domain Intelligence

Access this classification data programmatically via our API.

GET /api/v1/classify?domain=oast.fun
{
  "domain": "oast.fun",
  "confidence": "high",
  "category": {
    "purpose": "developer_platform",
    "specialization": "Security Testing Infrastructure"
  },
  "identity": {
    "headline": "Public OAST server for out-of-band security interaction testing",
    "summary": "oast.fun is a public server for Interactsh, an open-source tool used to detect out-of-band interactions during security testing. It helps security researchers identify vulnerabilities like SSRF and RCE by providing a destination for external network requests.",
    "operator": "ProjectDiscovery",
    "parent_entity": null,
    "topics": [
      "security testing",
      "vulnerability detection",
      "oast",
      "ssrf",
      "penetration testing"
    ]
  },
  "functions": {
    "is_ugc_platform": false,
    "is_file_host": false,
    "is_url_shortener": false,
    "is_public_idp": false,
    "is_crypto_platform": false,
    "allows_user_subdomains": true,
    "is_form_builder": false,
    "is_document_host": false
  },
  "facts": {
    "registered_date": "2022-01-11T16:00:45Z",
    "rank": 15185,
    "hosting_provider": "DIGITALOCEAN-ASN - DigitalOcean, LLC"
  }
}

Hosting

DIGITALOCEAN-ASN - DigitalOcean, LLC

Registered

Jan 11, 2022

Last Updated

Feb 19, 2026

Domain data sourced from WHOIS, Tranco rankings, and URLert's classification engine.