0/100

medium Risk

fraudr.online

https://Fraudr.online

66.29.141.61 · Namecheap, Inc.

Location

Los Angeles, United States

Domain Age

232 days

HTTP

200 · 39.3s

SSL

Valid· Sectigo Public Server Authentication CA DV R36, Sectigo Limited, GB

Status

COMPLETED

Visual Evidence

Zoom

Title: "fraudr-web-detect"

Save

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

fraudr.online

Data Harvesting

technology | finance | ecommerce | others · 4/5/2026

Summary

Fraudr.online presents a consent modal over a generic homepage. The page title and branding indicate fraudr.online, but the visual screenshot shows a consent/privacy dialog over a legitimate-looking UI rather than a known impersonation of a specific widely-used brand. The evidence suggests a generic fraud/monitoring page with multiple third-party scripts and trackers, including Google ads and funding choices prompts, which can be leveraged for user data collection. No definitive credential harvesting form is observed in the static HTML, but the presence of iframes, external trackers, and potential off-domain POST activity indicates data collection behavior that warrants scrutiny.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸POST targets observed during capture: https://fundingchoicesmessages.google.com/el/AGSKWxV6hRGurXvzxaYm0-4uVugvnjeBFdN1Zj1Uex09X3CEI1_OURwQSFzBfdhwNupdQB_vZyAaZDuxn5GWWPKfvnDt7YRmdvh2BX4qQTjoNg3uur5EKHZUio7YKERkVQr2ERgUb_K78Q==.

▸Distinctive asset clues: index-D45Q2zfW.js, adsbygoogle.js, index-DdbQlnFg.css, css, 492b7887-6284-42a4-a8c1-e3b79fdd4259.png, ccb33ad0-52bf-4c61-a90a-7ebb3c507bbb.png.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 1

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 41

Hosts: 6

Domains: 6

Suspicious Endpoints

hxxps://fraudr[.]online/

Attack Techniques (3)

Use of third-party ad/tracking scripts (adsense, Google funding choices) demonstrating data collection for monetizationIframe embedding and multiple external JavaScript resources implying dynamic content loadingConsent/dialog UI potentially designed to harvest user consent-related data via interactions

Indicators of Compromise (6)

▸Page includes external ad scripts from googleads.googleapis.com

▸Consent modal appears (cookie/privacy style) with options

▸POST requests to fundingchoicesgoogle.com endpoints indicating consent-related telemetry

▸Resources loaded from fraudr.online/assets and lovalbe-uploads images

▸SSL certificate issued by Sectigo with valid dates, domain matches SANs fraudr.online and www.fraudr.online

▸IP address registered to Namecheap with recent domain age around 232 days

Risk AssessmentUsed in abuse reports

The site fraudr.online shows monetization and data-collection behaviors via multiple third-party scripts (Google AdSense, Funding Choices) and an intrusive consent modal. While there is no explicit credential harvesting form observed in the static HTML, the combination of external iframes, trackers, and off-domain POST endpoints suggests data harvesting activity. This constitutes potential privacy risk and behavioral data collection, but the page does not clearly demonstrate credential theft or impersonation of a specific brand. Recommend monitoring and further review of data collection endpoints; consider tagging for potential privacy violations and examine user consent flow for compliance.

Recommended Action

Monitor

Cross-Reference8

URL Intelligence