Yesterday I received a brief message to an email address listed in various security.txt files:
Date: Sun, 3 Nov 2019 21:36:01 +0100 From: Jay Niffley <jayniffley  gmail.com> Subject: Security issues Hello, I´ve found some security issues in your website. Where can i report these issues over? Do you reward for valid security issues? Thank you! -Jay
A Google search for the name "Jay Niffley" was unproductive, and it's likely no real person by that name exists. But the "jayniffley" handle has been used at least once before, in what appears to be an attempted XSS probe on a cryptocurrency wallet manufacturer's support forum. The forum post containing the failed XSS attack references
jayniffley.xss.ht. This hostname corresponds to a user of a service called XSS Hunter, a sort of canary interface for people conducting automated XSS testing. Visiting the host in a browser serves up a lar...