Shazzer logo
Login

Characters appended at the end of TLD within URL, which yield in the same Origin

Chrome logo 47
Firefox logo 47
Edge logo 47

Characters ignored in URL, which yield in the same Origin

hansmach1ne
Created byhansmach1ne
Created Jan 5, 2025
Updated May 28, 2025

Tweet
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if (new URL("https://google.com$[chr]$[chr]/endpoint").origin=="https://google.com"){log($[i])}

Sample payloads

if (new URL("https://google.com0x090x09/endpoint").origin=="https://google.com"){alert(9)}
if (new URL("https://google.com##/endpoint").origin=="https://google.com"){alert(35)}
if (new URL("https://google.com///endpoint").origin=="https://google.com"){alert(47)}
if (new URL("https://google.com??/endpoint").origin=="https://google.com"){alert(63)}
if (new URL("https://google.com\\/endpoint").origin=="https://google.com"){alert(92)}
if (new URL("https://google.com­­/endpoint").origin=="https://google.com"){alert(173)}
if (new URL("https://google.com͏͏/endpoint").origin=="https://google.com"){alert(847)}
if (new URL("https://google.comᅟᅟ/endpoint").origin=="https://google.com"){alert(4447)}
if (new URL("https://google.comᅠᅠ/endpoint").origin=="https://google.com"){alert(4448)}
if (new URL("https://google.com឴឴/endpoint").origin=="https://google.com"){alert(6068)}
if (new URL("https://google.com឵឵/endpoint").origin=="https://google.com"){alert(6069)}
if (new URL("https://google.com᠋᠋/endpoint").origin=="https://google.com"){alert(6155)}
if (new URL("https://google.com᠌᠌/endpoint").origin=="https://google.com"){alert(6156)}
if (new URL("https://google.com᠍᠍/endpoint").origin=="https://google.com"){alert(6157)}
if (new URL("https://google.com᠎᠎/endpoint").origin=="https://google.com"){alert(6158)}
if (new URL("https://google.com᠏᠏/endpoint").origin=="https://google.com"){alert(6159)}
if (new URL("https://google.com​​/endpoint").origin=="https://google.com"){alert(8203)}
if (new URL("https://google.com⁠⁠/endpoint").origin=="https://google.com"){alert(8288)}
if (new URL("https://google.com⁡⁡/endpoint").origin=="https://google.com"){alert(8289)}
if (new URL("https://google.com⁢⁢/endpoint").origin=="https://google.com"){alert(8290)}

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 47 results
Loading...
Chrome logo
Chrome 137.0.0.0 mobile Android 10older version
Updated24 Jul 2025
Found 31 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 47 results
Loading...
Firefox logo
Firefox 146.0 desktop macOS 10.15older version
Updated21 Dec 2025
Found 47 results
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 47 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.