finance banking

documentation technical

English

You're looking at domain 'yellowcard-lk1zelj0wb.edgeone.app' on the application-focused generic top-level domain (.app) and includes subdomain 'yellowcard-lk1zelj0wb'. Its registrable label 'edgeone' stretches across 7 characters containing four vowels alongside three consonants. Tokenizing the label suggests two words: edge, one. Expect 3.5 characters per word on average. No strong language cues emerged from the frequency lists.

html/5a/4c/5a4caa94-290a-45ed-b188-a21064d6da6c.html.gz

sha256=:Yg7qJLDO4djMg5XIDylc8ue2+rliSTwmtJqNQrY6Tck=:

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

sha256=:S4fLx08/+vCDFKXYG1Ab5vw29VPb5EbvWksp8BOLoLA=:

7b2c202f5f62f891bb0ad391a7ed1c6f414ce842073ce691750f00bbf644bbf6

width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, viewport-fit=cover

viewport

Send money instantly, manage virtual titanium cards, and control your finances with Yellow Card.

description

theme-color

apple-mobile-web-app-capable

apple-mobile-web-app-status-bar-style

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js

html/5a/4c/5a4caa94-290a-45ed-b188-a21064d6da6c_nodriver.html.gz

Yellow Card | Premium Digital Wallet

Prudence Malinki

MarkMonitor Inc.

edgeone.app


    import { initializeApp } from "https://www.gstatic.com/firebasejs/10.7.1/firebase-app.js";
    import { getAuth, signInWithEmailAndPassword, createUserWithEmailAndPassword, signOut, onAuthStateChanged } from "https://www.gstatic.com/firebasejs/10.7.1/firebase-auth.js";
    import { getFirestore, doc, getDoc, setDoc, updateDoc, collection, query, orderBy, limit, onSnapshot, runTransaction, serverTimestamp, writeBatch } from "https://www.gstatic.com/firebasejs/10.7.1/firebase-firestore.js";

    // --- CONFIG ---
    const firebaseConfig = {
        apiKey: "AIzaSyCr9YOl1G2s_cNnxn14zjJDfbctLvPdprQ",
        authDomain: "yellow-card-demo-project.firebaseapp.com",
        projectId: "yellow-card-demo-project",
        storageBucket: "yellow-card-demo-project.firebasestorage.app",
        messagingSenderId: "520918645068",
        appId: "1:520918645068:web:d2740da056c1f4e87077e9"
    };

    const app = initializeApp(firebaseConfig);
    const auth = getAuth(app);
    const db = getFirestore(app);

    const State = { user: null, profile: null, pin: null };

    const App = {
        Helpers: {
            getNewCard: () => {
                const r = () => Math.floor(1000 + Math.random() * 8999).toString();
                return { 
                    num: "4517" + r() + r() + r(), 
                    cvv: Math.floor(100 + Math.random() * 899).toString(), 
                    exp: (new Date().getMonth() + 1).toString().padStart(2, '0') + "/" + (new Date().getFullYear() + 3).toString().slice(2)
                };
            },
            greeting: () => {
                const h = new Date().getHours();
                return h < 12 ? "GOOD MORNING" : h < 18 ? "GOOD AFTERNOON" : "GOOD EVENING";
            }
        },
        init: () => {
            setTimeout(() => document.getElementById('app-loader').classList.add('hide'), 3000); 
            onAuthStateChanged(auth, async (u) => {
                if(u) {
                    State.user = u;
                    try {
                        const d = await getDoc(doc(db, "users", u.uid));
                        if(d.exists()) {
                            State.profile = d.data();
                            App.UI.updateProfile();
                            App.Pin.show(State.profile.pin ? 'unlock' : 'create');
                            App.Router.to('home');
                            App.Data.listen();
                        } else App.Auth.logout();
                    } catch(e) { console.error(e); App.UI.toast("Connection Failed", 'error'); }
                    document.getElementById('app-loader').classList.add('hide');
                } else {
                    App.Router.to('auth');
                    document.getElementById('app-loader').classList.add('hide');
                }
            });
        },
        Router: {
            to: (id, el) => {
                App.UI.haptic();
                document.querySelectorAll('.view').forEach(v => v.classList.remove('active'));
                document.getElementById('view-'+id).classList.add('active');
                if(el) { document.querySelectorAll('.nav-item').forEach(n => n.classList.remove('active')); el.classList.add('active'); }
            },
            openModal: (id) => { App.UI.haptic(); document.getElementById('modal-'+id).classList.add('open'); },
            closeModal: () => document.querySelectorAll('.modal').forEach(m => m.classList.remove('open'))
        },
        Auth: {
            isSignup: false,
            toggle: () => {
                App.UI.haptic();
                App.Auth.isSignup = !App.Auth.isSignup;
                const grp = document.getElementById('group-user');
                const btn = document.getElementById('btn-auth');
                const txt = document.getElementById('auth-toggle-txt');
                if(App.Auth.isSignup) { grp.style.display='block'; btn.innerText="Sign Up & Create PIN"; txt.innerText="Log In instead"; } 
                else { grp.style.display='none'; btn.innerText="Log In"; txt.innerText="Create New Account"; }
            },
            submit: async () => {
                App.UI.haptic();
                const e = document.getElementById('auth-email').value, p = document.getElementById('auth-pass').value;
                let u = App.Auth.isSignup ? document.getElementById('auth-username').value.toLowerCase().replace('@','').trim() : '';
                
                document.getElementById('app-loader').classList.remove('hide');
                try {
                    if(App.Auth.isSignup) {
                        if(!u) throw new Error("Username required");
                        if((await getDoc(doc(db,"usernames",u))).exists()) throw new Error("Username taken");
                        const c = await createUserWithEmailAndPassword(auth, e, p);
                        const cd = App.Helpers.getNewCard();
                        const b = writeBatch(db);
                        b.set(doc(db,"users",c.user.uid), { email:e, username:u, balance:5000, cardBalance:0, cardNum:cd.num, cardCvv:cd.cvv, cardExp:cd.exp, pin: null });
                        b.set(doc(db,"usernames",u), { uid:c.user.uid });
                        await b.commit();
                    } else await signInWithEmailAndPassword(auth, e, p);
                } catch(e) { 
                    App.UI.toast(e.message, 'error'); 
                    document.getElementById('app-loader').classList.add('hide');
                }
            },
            logout: () => { App.UI.haptic(); signOut(auth); location.reload(); }
        },
        Pin: {
            mode: 'unlock', buffer: '',
            show: (m) => { App.Pin.mode = m; App.Pin.buffer = ''; App.Pin.render(); document.getElementById('pin-lock').classList.remove('hidden'); document.getElementById('pin-desc').innerText = m==='create' ? "Set 4-Digit Security Code" : "Enter PIN to Unlock"; },
            press: async (n) => {
                App.UI.haptic();
                if(App.Pin.buffer.length < 4) { App.Pin.buffer += n; App.Pin.render(); }
                if(App.Pin.buffer.length === 4) {
                    if(App.Pin.mode === 'create') {
                        await updateDoc(doc(db,"users",State.user.uid), { pin: App.Pin.buffer });
                        State.profile.pin = App.Pin.buffer;
                        document.getElementById('pin-lock').classList.add('hidden');
                        App.UI.toast("Security Active");
                    } else if(App.Pin.mode === 'unlock') {
                        if(App.Pin.buffer === State.profile.pin) document.getElementById('pin-lock').classList.add('hidden');
                        else { App.UI.toast("Incorrect PIN", 'error'); App.Pin.buffer=''; App.Pin.render(); }
                    } else if(App.Pin.mode === 'reveal') {
                        if(App.Pin.buffer === State.profile.pin) {
                            document.getElementById('pin-lock').classList.add('hidden');
                            App.Cards.showRealDetails();
                        } else { App.UI.toast("Incorrect PIN", 'error'); App.Pin.buffer=''; App.Pin.render(); }
                    }
                }
            },
            clear: () => { App.Pin.buffer = App.Pin.buffer.slice(0,-1); App.Pin.render(); },
            render: () => document.querySelectorAll('.dot').forEach((d,i) => { if(i<App.Pin.buffer.length) d.classList.add('filled'); else d.classList.remove('filled'); })
        },
        Fin: {
            send: async () => {
                App.UI.haptic();
                const to = document.getElementById('send-dest').value.toLowerCase().replace('@',''), amt = parseFloat(document.getElementById('send-amt').value);
                if(!to || !amt) return App.UI.toast("Check inputs", 'error');
                if(amt > State.profile.balance) return App.UI.toast("Low Balance", 'error');
                
                document.getElementById('app-loader').classList.remove('hide');
                try {
                    const u = await getDoc(doc(db,"usernames",to));
                    if(!u.exists()) throw new Error("User not found");
                    const uid = u.data().uid;
                    if(uid === State.user.uid) throw new Error("Cannot send to self");

                    await runTransaction(db, async (t) => {
                        const sRef = doc(db,"users",State.user.uid), rRef = doc(db,"users",uid);
                        const sDoc = await t.get(sRef);
                        const rDoc = await t.get(rRef);
                        const s = sDoc.data();
                        
                        if(s.balance < amt) throw new Error("Insufficient Balance");
                        
                        t.update(sRef, { balance: s.balance - amt });
                        t.update(rRef, { balance: (rDoc.data().balance || 0) + amt });
                        
                        const logS = doc(collection(db,"users",State.user.uid,"transactions"));
                        const logR = doc(collection(db,"users",uid,"transactions"));
                        
                        t.set(logS, { type:'debit', amt, desc:'@'+to, time:serverTimestamp() });
                        t.set(logR, { type:'credit', amt, desc:'@'+State.profile.username, time:serverTimestamp() });
                    });
                    App.UI.toast("Transfer Successful"); App.Router.closeModal();
                } catch(e) { App.UI.toast(e.message||e, 'error'); }
                document.getElementById('app-loader').classList.add('hide');
            },
            topUpCard: async () => {
                App.UI.haptic();
                const amt = parseFloat(document.getElementById('topup-amt').value);
                if(!amt) return;
                try {
                    await runTransaction(db, async (t) => {
                        const r = doc(db,"users",State.user.uid);
                        const d = (await t.get(r)).data(); // READ
                        if(d.balance < amt) throw "Low Wallet Balance";
                        t.update(r, { balance: d.balance - amt, cardBalance: (d.cardBalance||0) + amt }); // WRITE
                    });
                    App.UI.toast("Card Loaded"); App.Router.closeModal();
                } catch(e) { App.UI.toast(e.message||e, 'error'); }
            }
        },
        Cards: {
            toggleFreeze: async () => {
                App.UI.haptic();
                const ns = !State.profile.cardFrozen;
                await updateDoc(doc(db,"users",State.user.uid), { cardFrozen: ns });
                App.UI.toast(ns ? "Card Frozen" : "Card Active");
            },
            revealDetails: () => {
                App.UI.haptic();
                App.Pin.show('reveal');
            },
            showRealDetails: () => {
                const el = document.getElementById('card-cvv'); el.innerText = State.profile.cardCvv || '000';
                document.getElementById('my-card').classList.add('flipped');
                setTimeout(() => { el.innerText = '•••'; document.getElementById('my-card').classList.remove('flipped'); }, 5000);
            },
            replace: async () => {
                App.UI.haptic();
                if(confirm("Replace Card?")) {
                    const nc = App.Helpers.getNewCard();
                    try {
                        await runTransaction(db, async (t) => {
                            const r = doc(db,"users",State.user.uid);
                            const d = (await t.get(r)).data(); // READ
                            t.update(r, { balance: d.balance + (d.cardBalance||0), cardBalance: 0, cardNum: nc.num, cardCvv: nc.cvv, cardExp: nc.exp, cardFrozen: false }); // WRITE
                        });
                        App.UI.toast("New Card Issued");
                    } catch(e) { App.UI.toast("Error", 'error'); }
                }
            }
        },
        Data: {
            listen: () => {
                onSnapshot(doc(db,"users",State.user.uid), s => { State.profile = s.data(); App.UI.updateProfile(); });
                // TXs
                onSnapshot(query(collection(db,"users",State.user.uid,"transactions"), orderBy("time","desc"), limit(10)), s => {
                    const l = document.getElementById('tx-list'); l.innerHTML = '';
                    if(s.empty) l.innerHTML = '<div style="text-align:center; padding:30px; color:var(--text-sec); font-size:14px;">No transactions yet</div>';
                    s.forEach(d => {
                        const t = d.data();
                        
                        // Date Formatting Logic
                        let dateDisplay = "Pending";
                        if(t.time) {
                            const date = t.time.toDate();
                            dateDisplay = date.toLocaleDateString('en-US', { month: 'short', day: 'numeric' }) + ', ' +
                                          date.toLocaleTimeString('en-US', { hour: 'numeric', minute: '2-digit' });
                        }

                        l.innerHTML += `
                            <div class="tx-item">
                                <div class="tx-icon">
                                    <i class='bx ${t.type==='credit'?'bx-down-arrow-alt':'bx-up-arrow-alt'}'></i>
                                </div>
                                <div>
                                    <div style="font-weight:600; font-size:14px;">${t.desc}</div>
                                    <div style="font-size:11px; color:var(--text-sec);">${dateDisplay}</div>
                                </div>
                                <div style="margin-left:auto; font-weight:700; font-family:'Space Grotesk'; color:${t.type==='credit'?'var(--success)':'var(--text-main)'};">
                                    ${t.type==='credit'?'+':'-'}$${t.amt.toFixed(2)}
                                </div>
                            </div>`;
                    });
                });
            }
        },
        UI: {
            haptic: () => { if(navigator.vibrate) navigator.vibrate(10); },
            updateProfile: () => {
                const p = State.profile;
                if(!p) return;
                const dU = p.username ? '@'+p.username : 'User';
                document.getElementById('wallet-bal').innerText = '$' + (p.balance||0).toFixed(2);
                document.getElementById('card-bal').innerText = '$' + (p.cardBalance||0).toFixed(2);
                document.getElementById('home-user').innerText = dU;
                document.getElementById('set-user').innerText = dU;
                document.getElementById('rec-user').innerText = dU;
                document.getElementById('set-email').innerText = p.email;
                document.getElementById('card-name').innerText = (p.username || "USER").toUpperCase();
                document.getElementById('greeting').innerText = App.Helpers.greeting();
                
                document.getElementById('qr-img').src = `https://api.qrserver.com/v1/create-qr-code/?size=180x180&data=${dU}`;

                const cn = p.cardNum || "0000000000000000";
                document.getElementById('c-g1').innerText = cn.slice(0,4);
                document.getElementById('c-g2').innerText = cn.slice(4,8);
                document.getElementById('c-g3').innerText = cn.slice(8,12);
                document.getElementById('c-g4').innerText = cn.slice(12,16);
                document.getElementById('card-exp').innerText = p.cardExp || "00/00";
                
                const card = document.getElementById('my-card'), lbl = document.getElementById('lbl-freeze');
                if(p.cardFrozen) { card.classList.add('frozen'); lbl.innerText = "Unfreeze"; lbl.style.color="var(--brand)"; }
                else { card.classList.remove('frozen'); lbl.innerText = "Freeze"; lbl.style.color="var(--text-main)"; }
            },
            toast: (m, t) => {
                const el = document.getElementById('toast');
                document.getElementById('toast-msg').innerText = m;
                el.querySelector('i').style.color = t==='error' ? 'var(--danger)' : 'var(--brand)';
                el.querySelector('i').className = t==='error' ? 'bx bxs-error-circle' : 'bx bxs-check-circle';
                el.classList.add('show'); setTimeout(()=>el.classList.remove('show'), 3000);
            }
        }
    };
    window.App = App; window.onload = App.init;


X-UA-Compatible

✅ Low Risk - https://yellowcard-lk1zelj0wb.edgeone.app/

Requests	IP Address	Location	AS Autonomous System
7	172.217.18.3	United States	AS15169GOOGLE
2	159.69.246.187	Germany	AS24940
2	104.18.0.22	United States	AS13335CLOUDFLARENET
2	142.250.186.170	United States	AS15169GOOGLE
2	142.250.184.227	United States	AS15169GOOGLE
2	43.152.26.58	Singapore	AS139341ACE
17	6	-	-

Security Scan Report: yellowcard-lk1zelj0wb.edgeone.app

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies1

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History