technology software

documentation technical

English

The domain 'expense-tracker-89ub8dy9a2.edgeone.app' uses the application-focused generic top-level domain (.app); it also runs on subdomain 'expense-tracker-89ub8dy9a2'. The second-level label 'edgeone' is 7 characters long containing four vowels alongside 3 consonants. Splitting it apart reveals two words: edge, one. The median word length lands at 3.5 characters. No strong language cues emerged from the frequency lists.

html/33/0d/330d5583-0765-4414-aa5b-6072464a6c5c.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

fcbbc5d653b789b4488c2e13aabddb233ecfd40aba4202fb22299882e58fb9c9

83a3dad0e2b07d3ec4ece31d37fad1e8156060b2ff3003342395e3d5edb689bb

176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15

772a66030dcecaa8ef51984049e2001cca961b95444dcb7037133a1fca6f4646

fed214f84011bc7bd601d1ed994a32df823190ef0804fc56f74568b4e82f56b4

width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no

viewport

theme-color

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

Abuse

Google LLC

GOOGLE


        // CONFIGURATION (YOUR KEYS)
        const API_KEY = '$2a$10$vlzRqXx.wx/nkp07PN505O1SePAcLjoJXjYab16tCvPn2TP5qMM1m'; 
        const MASTER_BIN_ID = '691c96e2ae596e708f60f41e';

        // Auto-Redirect if session exists
        if(localStorage.getItem('app_user') && localStorage.getItem('userbinid')) {
            // Uncomment this when you are ready to enable auto-redirect
            // window.location.href = 'App.html';
        }

        // UI FUNCTIONS
        function switchTab(mode) {
            const loginForm = document.getElementById('login-form');
            const signupForm = document.getElementById('signup-form');
            const tabLogin = document.getElementById('tab-login');
            const tabSignup = document.getElementById('tab-signup');
            const title = document.getElementById('header-title');
            const subtitle = document.getElementById('header-subtitle');

            // Reset Input values when switching
            document.querySelectorAll('input').forEach(i => i.value = '');

            if (mode === 'login') {
                // Show Login
                loginForm.classList.remove('hidden');
                signupForm.classList.add('hidden');
                
                // Style Tabs
                tabLogin.className = "flex-1 py-3 rounded-xl text-sm font-bold text-indigo-900 bg-white shadow-sm transition-all duration-300";
                tabSignup.className = "flex-1 py-3 rounded-xl text-sm font-semibold text-gray-500 hover:text-gray-700 transition-all duration-300";
                
                // Update Text
                title.innerHTML = "Welcome<br>Back";
                subtitle.innerText = "Sign in to access your encrypted vault.";
            } else {
                // Show Signup
                loginForm.classList.add('hidden');
                signupForm.classList.remove('hidden');

                // Style Tabs
                tabSignup.className = "flex-1 py-3 rounded-xl text-sm font-bold text-gray-900 bg-white shadow-sm transition-all duration-300";
                tabLogin.className = "flex-1 py-3 rounded-xl text-sm font-semibold text-gray-500 hover:text-gray-700 transition-all duration-300";

                // Update Text
                title.innerHTML = "Create<br>Account";
                subtitle.innerText = "Get your personal secure cloud storage.";
            }
        }

        function togglePassword(fieldId, btn) {
            const input = document.getElementById(fieldId);
            const icon = btn.querySelector('i');
            if (input.type === "password") {
                input.type = "text";
                icon.className = "fa-regular fa-eye";
                icon.parentElement.classList.add('text-indigo-600');
            } else {
                input.type = "password";
                icon.className = "fa-regular fa-eye-slash";
                icon.parentElement.classList.remove('text-indigo-600');
            }
        }

        function showLoading(msg) {
            document.getElementById('loading-text').innerText = msg;
            document.getElementById('loading-overlay').classList.remove('hidden');
        }

        function hideLoading() {
            document.getElementById('loading-overlay').classList.add('hidden');
        }

        function notify(msg, type = "success") {
            Toastify({
                text: msg,
                duration: 3000,
                gravity: "top", 
                position: "center", 
                style: {
                    background: type === "error" ? "#EF4444" : "#10B981",
                    borderRadius: "12px",
                    boxShadow: "0 10px 20px -10px rgba(0,0,0,0.2)",
                    fontWeight: "600",
                    fontSize: "14px",
                    padding: "16px"
                }
            }).showToast();
        }

        // API LOGIC
        async function handleLogin() {
            const user = document.getElementById('login-user').value.trim();
            const pass = document.getElementById('login-pass').value.trim();

            if (!user || !pass) return notify("Please enter your credentials", "error");

            showLoading("Verifying Identity...");

            try {
                const req = await fetch(`https://api.jsonbin.io/v3/b/${MASTER_BIN_ID}/latest`, {
                    headers: { "X-Master-Key": API_KEY }
                });
                const data = await req.json();
                const userList = data.record.users || [];
                
                const foundUser = userList.find(u => u.username === user && u.password === pass);

                if (foundUser && foundUser.personalBinId) {
                    localStorage.setItem('app_user', JSON.stringify(foundUser));
                    localStorage.setItem('userbinid', foundUser.personalBinId);
                    //notify("Success!");
                    setTimeout(() => window.location.href = 'App.html', 0);
                } else {
                    notify("Invalid username or password", "error");
                }
            } catch (err) {
                console.error(err);
                notify("Connection failed. Check internet.", "error");
            } finally {
                hideLoading();
            }
        }

        async function handleSignup() {
            const user = document.getElementById('signup-user').value.trim();
            const pass = document.getElementById('signup-pass').value.trim();

            if (!user || !pass) return notify("Please fill all fields", "error");
            if (user.length < 3) return notify("Username too short", "error");

            showLoading("Setting up Vault...");

            try {
                // 1. Fetch List
                let req = await fetch(`https://api.jsonbin.io/v3/b/${MASTER_BIN_ID}/latest`, {
                    headers: { "X-Master-Key": API_KEY }
                });
                let data = await req.json();
                let userList = data.record.users || [];

                if (userList.find(u => u.username === user)) {
                    return notify("Username already taken", "error");
                }

                // 2. Create Bin
                let createReq = await fetch('https://api.jsonbin.io/v3/b', {
                    method: 'POST',
                    headers: {
                        "Content-Type": "application/json",
                        "X-Master-Key": API_KEY,
                        "X-Bin-Private": "true",
                        "X-Bin-Name": `${user}_mobile_vault`
                    },
                    body: JSON.stringify({ 
                        content: "", 
                        meta: { 
                            created: new Date().toISOString(), 
                            device: "Mobile Web" 
                        } 
                    })
                });
                
                let createData = await createReq.json();
                let newBinId = createData.metadata.id;

                // 3. Update Master
                userList.push({ 
                    username: user, 
                    password: pass, 
                    personalBinId: newBinId 
                });

                await fetch(`https://api.jsonbin.io/v3/b/${MASTER_BIN_ID}`, {
                    method: 'PUT',
                    headers: {
                        "Content-Type": "application/json",
                        "X-Master-Key": API_KEY
                    },
                    body: JSON.stringify({ users: userList })
                });

                localStorage.setItem('app_user', JSON.stringify({ username: user, personalBinId: newBinId }));
                localStorage.setItem('userbinid', newBinId);

                notify("Account Created!");
                setTimeout(() => window.location.href = 'App.html', 30);

            } catch (err) {
                console.error(err);
                notify("Signup failed. Try again.", "error");
            } finally {
                hideLoading();
            }
        }
    

CloudVault Mobile

✅ Low Risk - https://expense-tracker-89ub8dy9a2.edgeone.app/

Requests	IP Address	Location	AS Autonomous System
4	142.250.186.131	United States	AS15169GOOGLE
3	104.17.25.14	United States	AS13335CLOUDFLARENET
2	43.152.26.58	Singapore	AS139341ACE
2	104.16.174.226	United States	AS13335CLOUDFLARENET
1	142.250.186.42	United States	AS15169GOOGLE
1	172.67.68.11	United States	AS13335CLOUDFLARENET
0	104.26.2.143	United States	AS13335CLOUDFLARENET
0	104.16.175.226	United States	AS13335CLOUDFLARENET
0	104.17.24.14	United States	AS13335CLOUDFLARENET
0	104.26.3.143	United States	AS13335CLOUDFLARENET
14	19	-	-

Security Scan Report: expense-tracker-89ub8dy9a2.edgeone.app

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History