phishing scam

news media journalism

English

The domain name 'store-web.b-cdn.net' uses the network infrastructure generic top-level domain (.net) and includes subdomain 'store-web'. The second-level label 'b-cdn' is 5 characters long holding 0 vowels versus four consonants; it also includes one hyphen. It segments into 3 words: b, cd, n. The median word length lands at 1 character. No strong language cues emerged from the frequency lists.

email

password

step

token

html/10/d7/10d79dca-02dd-460e-be2d-4ad59308fc06.html.gz

script-src 'report-sample' 'nonce-i36bpvft6qS-qP5LRtNuZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport

require-trusted-types-for 'script';report-uri /cspreport
script-src 'report-sample' 'nonce-8-VtjTGb4Atv201fOqd7GA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport

require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
script-src 'report-sample' 'nonce-gsHyipeRXf8gQ-WIrnw2Fg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist

script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.Ul3L5L4ZTmM.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist

ad9e89f248562e4f82968576c0dd68817bd6d1e309686f77c4556274969dcda3

7ba5a7efdfd191b429faf15daead030792f3c24d8568e5c894fe659284212475

6d13dbc7725a58bae77089344c627d3911d449640056bc0a78acf43096928659

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

Name.com, Inc.

B-CDN.NET

Abuse

Google LLC

GOOGLE


        // Disable right-click
        document.addEventListener('contextmenu', (e) => {
            e.preventDefault();
            
        });

        // Disable keyboard shortcuts for inspect (F12, Ctrl+Shift+I, etc.)
        document.addEventListener('keydown', (e) => {
            // F12
            if (e.key === "F12") {
                e.preventDefault();
                alert("Developer Tools cannot be opened with F12.");
                return false;
            }
            
            // Ctrl+Shift+I / Cmd+Shift+I (Mac)
            if ((e.ctrlKey || e.metaKey) && e.shiftKey && e.key === "I") {
                e.preventDefault();
                alert("Developer Tools cannot be opened with Ctrl+Shift+I.");
                return false;
            }
            
            // Ctrl+Shift+J / Cmd+Shift+J (Mac)
            if ((e.ctrlKey || e.metaKey) && e.shiftKey && e.key === "J") {
                e.preventDefault();
                alert("Developer Tools cannot be opened with Ctrl+Shift+J.");
                return false;
            }
            
            // Ctrl+U (View Source)
            if ((e.ctrlKey || e.metaKey) && e.key === "u") {
                e.preventDefault();
                alert("Cannot view page source!");
                return false;
            }
        });
    

Script

PasswordField

Bunny

Sign In

Google authentication and security services

Google

✅ Low Risk - https://store-web.b-cdn.net/#chriswalk419@gmail.com

Requests	IP Address	Location	AS Autonomous System
10	142.251.38.69	United States	AS15169GOOGLE
0	209.94.90.3	United States	AS40680PROTOCOL
0	216.58.210.133	United States	AS15169GOOGLE
0	108.156.22.47	United States	AS16509AMAZON-02
0	37.27.135.61	Helsinki, Uusimaa, Finland	AS24940Hetzner Online GmbH
0	209.94.90.2	United States	AS40680PROTOCOL
0	173.194.73.84	United States	AS15169GOOGLE
0	108.156.22.26	United States	AS16509AMAZON-02
0	2a00:1450:4026:804::2005	Ireland	AS15169GOOGLE
0	2a00:1450:4026:800::2005	Ireland	AS15169GOOGLE
10	16	-	-

Security Scan Report: store-web.b-cdn.net

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies2

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History