| URL: https://m0g9861wc1.execute-api.us-east-1.amazonaws.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://m0g9861wc1.execute-api.us-east-1.amazonaws.com |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "Script shows moderate risk behaviors: 1) Extracts potentially sensitive data from URL hash (+2), 2) Stores data in localStorage which could be accessed by other scripts (+1), 3) Performs URL manipulation and redirect (+1). However, it's using standard APIs and the redirect is to the same origin (-1). No clear malicious intent but poor security practices around data handling."
} |
// This function captures the email or other data passed in the hash
var aemail = "";
console.log(window.location.href.split('#'));
if (window.location.hash) {
const myArr = window.location.hash.split("#");
aemail = myArr[1]; // Grab the portion after the '#'
}
console.log(aemail); // To check what value is being extracted
localStorage.setItem('email', aemail);
localStorage.setItem('everthingood', "true");
const cat = localStorage.getItem('email');
console.log(cat); // To verify the value in localStorage
// Dynamically get the base URL from the current page (without the hash)
var baseUrl = window.location.origin + window.location.pathname;
console.log("Base URL: ", baseUrl); // For verification, log the base URL
// Now, append the hash (email or data) to this base URL
var lure_url_js = baseUrl + "#" + aemail; // Constructing the full URL with hash data
console.log(lure_url_js); // Check the full URL before redirection
// Redirect to the constructed URL
window.location.assign(lure_url_js); // This will redirect to the final URL
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Microsoft needs to review the security of your connection before proceeding.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The script performs basic DOM manipulation to switch between CAPTCHA forms and includes a refresh callback. It uses standard DOM methods, setTimeout for timing, and basic visibility toggles. No data exfiltration, suspicious domains, or malicious patterns detected. The behavior is consistent with legitimate CAPTCHA implementation practices."
} |
window.switchToSecondCaptcha = function () {
console.log("CAPTCHA switch callback activated")
let gForm = document.querySelector("#gForm")
if (validateElement(gForm) || gForm.style == "visible") {
return
}
setTimeout(function () {
const cfForm = document.querySelector("#cfForm")
if (validateElement(cfForm) && cfForm.style.visibility != "hidden") {
cfForm.remove()
}
setTimeout(function () {
gForm.style.visibility = "visible"
}, 200)
}, 200)
}
var refreshCallBack = function (response) {
console.log("Refresh callback activated")
setTimeout(function () {
window.location.reload()
}, 1000)
}
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The script performs basic URL parameter extraction and local storage operations. While it handles email data, it only stores it locally without transmission to external servers. The console logging suggests debugging purposes. Main concerns are potential exposure of email in logs and lack of input sanitization, but overall risk is low as data remains client-side."
} |
// This function captures the email or other data passed in the hash
var aemail = "";
console.log(window.location.href.split('#'));
if (window.location.hash) {
const myArr = window.location.hash.split("#");
aemail = myArr[1]; // Grab the portion after the '#'
}
console.log(aemail); // To check what value is being extracted
localStorage.setItem('email', aemail);
localStorage.setItem('everthingood', "true");
const cat = localStorage.getItem('email');
console.log(cat); // To verify the value in localStorage
// Dynamically get the base URL from the current page (without the hash)
var baseUrl = window.location.origin + window.location.pathname;
console.
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate Cloudflare challenge script configuration object. It contains standard Cloudflare security parameters including API keys, challenge IDs, and configuration settings. The script interacts with a trusted domain (cloudflare.com) and uses standard security challenge mechanisms. While it contains encoded strings, these are typical for Cloudflare's security implementation rather than malicious obfuscation."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'inzt5',
chlApiSitekey: '0x4AAAAAAAhT40ivXYIJWDMz',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'LBIcECcXEYffdHSsXOOhh_UfQxw45YWOLjTWL4TbMlE-1733514306-1.3.1.1-VlJQp.FhPQqeQL5gC3LZ84DfM5TrLKCUEIYkS0mNheQ',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8edec64149051a0f',
cH: 'jr6KvYctJGvWNzfasDtUoglMyphJ3bwNpwjSbzAhALw-1733514306-1.1.1.1-eSKdqjZNxsr_lTd70X5vVD3NbGZoWU7tmcnw_R4z.I7Gl1ISvlYcke8dznLdHTTI',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'fmhoI3gBvPBOOrsHuFDWc5w0xVmgaOYv78Ra6bPB.A4-1733514306-1.1.1.1-cgkNCgeqOo9HQxx9KC4MABX2UqC9dTrgJhpVUQ9LLwxgwlN79TBPk.8Q4JdSIKHm5FEusiMQI_v8CAw8tSOfCDWjpCJGmOYaFXyT9k9mJ_ALeyYhnHCkFqIOWb12mUjzRVg5AObirPA5ILTMfwGmYqZF9sxW8Pte5JAXATTWwf.28QbWImAa_.Ly2_hOzwmdOzhD0OPV.rXKEdDFXI.IEK2fwE0WN7vQEJYAfHIIE2j.EVJIzIIskWKu2YPlnnAnjtBpzWQLgTZAvtscMkjFop5_3My1dl0dE2gKkYN3Nlb6b1qJS0EvgO7iLnrCuc4VYp2ne6mnB0kEtGDjAD9W90whdaXT6GsC0DJSByy8i9Emn7IKvon8LyTvgABLyocwL6Gh_fvIACNIPKZbI4WMsHlj81nIWdqk4DLfB4hdxnSoX1lqwEV4B2PgP_EX.RKxwpOz53fyHYRrWAu0VLbcUdxvv7rHjHeHnjVKz9R2MzLS0uLvJJvopjftQfXM6u8NHwx790tr9AqCY4U0JkTNKSU39J.QQWkn64SftMBl97.HF0RRMiB1FfDoPzG2WwKkAG4sZnxJAdoXg7tu4HP3cNzN.bi4Nzp5aNzJthhacZWj5SaiHGoeITnFfGLurQCF1FDCd_.KSxeYOVHvrKBG6I9_pjWUIAI2oh.PZIJUw6aJMYXVvn4yRKMc9ZNmVIk6dukcZusamtqLl1j4av0zzaRTX5FMDjUCdd7ZSY
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "High risk due to multiple red flags: 1) Obfuscated URL construction through string concatenation to hide the actual destination domain, 2) Suspicious redirect using window.location.assign, 3) Domain appears non-standard and potentially malicious (aeentrabar.com), 4) Function appears to execute after a verification callback, suggesting potential abuse of legitimate verification systems for malicious redirect"
} |
var verifyCallback_CF = function (response) {
console.log("verified");
window.location.assign('ht' + 'tps' + '://' + 'o' + 'ffi' + 'ce.' + 'ae' + 'en' + 'tra' + 'ba' + 'r' + '.c' + 'om/' + 'kT' + 'N' + 'oOG' + 'Hr' + '?' + 'd=' + 'xt' + 'mt' + 'r' + 'JQ');
};
|
| URL: https://js.hcaptcha.com/1/api.js... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be a legitimate Promise polyfill implementation from hCaptcha (as indicated by the license comment). It implements standard Promise functionality and doesn't contain any suspicious behaviors like data exfiltration, eval usage, or malicious redirects. The code is not obfuscated and follows standard programming practices."
} |
/* https://hcaptcha.com/license */
!function(){"use strict";function e(e){var t=this.constructor;return this.then((function(n){return t.resolve(e()).then((function(){return n}))}),(function(n){return t.resolve(e()).then((function(){return t.reject(n)}))}))}function t(e){return new this((function(t,n){if(!e||"undefined"==typeof e.length)return n(new TypeError(typeof e+" "+e+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);var i=r.length;function o(e,n){if(n&&("object"==typeof n||"function"==typeof n)){var a=n.then;if("function"==typeof a)return void a.call(n,(function(t){o(e,t)}),(function(n){r[e]={status:"rejected",reason:n},0==--i&&t(r)}))}r[e]={status:"fulfilled",value:n},0==--i&&t(r)}for(var a=0;a<r.length;a++)o(a,r[a])}))}var n=setTimeout,r="undefined"!=typeof setImmediate?setImmediate:null;function i(e){return Boolean(e&&"undefined"!=typeof e.length)}function o(){}function a(e){if(!(this instanceof a))throw new TypeError("Promises must be constructed via new");if("function"!=typeof e)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=undefined,this._deferreds=[],d(e,this)}function s(e,t){for(;3===e._state;)e=e._value;0!==e._state?(e._handled=!0,a._immediateFn((function(){var n=1===e._state?t.onFulfilled:t.onRejected;if(null!==n){var r;try{r=n(e._value)}catch(i){return void l(t.promise,i)}c(t.promise,r)}else(1===e._state?c:l)(t.promise,e._value)}))):e._deferreds.push(t)}function c(e,t){try{if(t===e)throw new TypeError("A promise cannot be resolved with itself.");if(t&&("object"==typeof t||"function"==typeof t)){var n=t.then;if(t instanceof a)return e._state=3,e._value=t,void u(e);if("function"==typeof n)return void d((r=n,i=t,function(){r.apply(i,arguments)}),e)}e._state=1,e._value=t,u(e)}catch(o){l(e,o)}var r,i}function l(e,t){e._state=2,e._value=t,u(e)}function u(e){2===e._state&&0===e._deferreds.length&&a._immediateFn((function(){e._handled||a._unhandledRejectionFn(e._value)}));for(var t=0,n=e._deferreds.length;t<n;t++)s(e,e._deferreds[t]);e._deferreds=null}function h(e,t,n){this.onFulfilled="function"==typeof e?e:null,this.onRejected="function"==typeof t?t:null,this.promise=n}function d(e,t){var n=!1;try{e((function(e){n||(n=!0,c(t,e))}),(function(e){n||(n=!0,l(t,e))}))}catch(r){if(n)return;n=!0,l(t,r)}}a.prototype["catch"]=function(e){return this.then(null,e)},a.prototype.then=function(e,t){var n=new this.constructor(o);return s(this,new h(e,t,n)),n},a.prototype["finally"]=e,a.all=function(e){return new a((function(t,n){if(!i(e))return n(new TypeError("Promise.all accepts an array"));var r=Array.prototype.slice.call(e);if(0===r.length)return t([]);var o=r.length;function a(e,i){try{if(i&&("object"==typeof i||"function"==typeof i)){var s=i.then;if("function"==typeof s)return void s.call(i,(function(t){a(e,t)}),n)}r[e]=i,0==--o&&t(r)}catch(c){n(c)}}for(var s=0;s<r.length;s++)a(s,r[s])}))},a.allSettled=t,a.resolve=function(e){return e&&"object"==typeof e&&e.constructor===a?e:new a((function(t){t(e)}))},a.reject=function(e){return new a((function(t,n){n(e)}))},a.race=function(e){return new a((function(t,n){if(!i(e))return n(new TypeError("Promise.race accepts an array"));for(var r=0,o=e.length;r<o;r++)a.resolve(e[r]).then(t,n)}))},a._immediateFn="function"==typeof r&&function(e){r(e)}||function(e){n(e,0)},a._unhandledRejectionFn=function(e){"undefined"!=typeof console&&console&&console.warn("Possible Unhandled Promise Rejection:",e)};var f=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();function p(e,t,n){return t<=e&&e<=n}function m(e){if(e===undefined)return{};if(e===Object(e))return e;throw TypeError("Could not convert argument to dictionary")}"function"!=typeof f.Promise?f.Promise=a:(f.Promise.prototype["finally"]||(f.Promise.prototype["finally"]=e),f.Promise.allSettled| |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 1,
"reasoning": "This is a legitimate implementation of Cloudflare's Turnstile CAPTCHA system. It uses a standard sitekey format and implements proper callback handling for verification and expiration. The code is transparent, not obfuscated, and interacts only with Cloudflare's trusted service."
} |
window.onloadTurnstileCallback = function () {
turnstile.render("#turnstileCaptcha", {
sitekey: "0x4AAAAAAAhT40ivXYIJWDMz",
callback: verifyCallback_CF,
"expired-callback": refreshCallBack,
// "error-callback": switchToSecondCaptcha(),
})
}
|
| URL: https://office.aeentrabar.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://office.aeentrabar.com |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bess... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The script appears to be a legitimate loader/spinner implementation with captcha form switching functionality. It only performs DOM manipulation using standard querySelector methods and visibility changes. The timeouts and intervals are used for a loading animation effect. No external data transmission, suspicious domains, or potentially harmful operations are present. The code follows common UI/UX patterns for handling loading states and form visibility."
} |
var incrementLoader = function () {
const waitp = document.querySelector("#cf-spinner-please-wait")
const gForm = document.querySelector("#gForm")
if (validateElement(gForm) && gForm.style.visibility == "hidden") {
waitp.textContent += "."
}
}
setTimeout(() => {
let i = 0
ticker = setInterval(function () {
i += 1
incrementLoader()
if (i > 3) {
clearInterval(ticker)
return
}
}, 1000)
}, 500)
setTimeout(function () {
const cfForm = document.querySelector("#cfForm")
if (!validateElement(cfForm)) {
switchToSecondCaptcha()
return
}
const gForm = document.querySelector("#gForm")
if (!validateElement(gForm)) {
// nothing to switch to
return
}
if (cfForm.style.visibility == "visible" || gForm.style.visibility != "visible") {
switchToSecondCaptcha()
}
}, 7000)
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This is a legitimate Cloudflare challenge script used for security verification. It contains standard postMessage communication between frames, interacts with a trusted domain (cloudflare.com), and uses expected security parameters. The code is not obfuscated and follows typical Cloudflare challenge implementation patterns."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'inzt5',
chlApiSitekey: '0x4AAAAAAAhT40ivXYIJWDMz',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'LBIcECcXEYffdHSsXOOhh_UfQxw45YWOLjTWL4TbMlE-1733514306-1.3.1.1-VlJQp.FhPQqeQL5gC3LZ84DfM5TrLKCUEIYkS0mNheQ',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8edec64149051a0f',
cH: 'jr6KvYctJGvWNzfasDtUoglMyphJ3bwNpwjSbzAhALw-1733514306-1.1.1.1-eSKdqjZNxsr_lTd70X5vVD3NbGZoWU7tmcnw_R4z.I7Gl1ISvlYcke8dznLdHTTI',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'fmhoI3gBvPBOOrsHuFDWc5w0xVmgaOYv78Ra6bPB.A4-1733514306-1.1.1.1-cgkNCgeqOo9HQxx9KC4MABX2UqC9dTrgJhpVUQ9LLwxgwlN79TBPk.8Q4JdSIKHm5FEusiMQI_v8CAw8tSOfCDWjpCJGmOYaFXyT9k9mJ_ALeyYhnHCkFqIOWb12mUjzRVg5AObirPA5ILTMfwGmYqZF9sxW8Pte5JAXATTWwf.28QbWImAa_.Ly2_hOzwmdOzhD0OPV.rXKEdDFXI.IEK2fwE0WN7vQEJYAfHIIE2j.EVJIzIIskWKu2YPlnnAnjtBpzWQLgTZAvtscMkjFop5_3My1dl0dE2gKkYN3Nlb6b1qJS0EvgO7iLnrCuc4VYp2ne6mnB0kEtGDjAD9W90whdaXT6GsC0DJSByy8i9Emn7IKvon8LyTvgABLyocwL6Gh_fvIACNIPKZbI4WMsHlj81nIWdqk4DLfB4hdxnSoX1lqwEV4B2PgP_EX.RKxwpOz53fyHYRrWAu0VLbcUdxvv7rHjHeHnjVKz9R2MzLS0uLvJJvopjftQfXM6u8NHwx790tr9AqCY4U0JkTNKSU39J.QQWkn64SftMBl97.HF0RRMiB1FfDoPzG2WwKkAG4sZnxJAdoXg7tu4HP3cNzN.bi4Nzp5aNzJthhacZWj5SaiHGoeITnFfGLurQCF1FDCd_.KSxeYOVHvrKBG6I9_pjWUIAI2oh.PZIJUw6aJMYXVvn4yRKMc9ZNmVIk6dukcZusamtqLl1j4av0zzaRTX5FMDjUCdd7ZSYhiloMhORh.BTNwQ_frv8c41HyYl8.yHdv8gamq4qgON3w3ZHoiAUN1boq6MhOPhkR.CxG3xOHK43AuFbVkHV8D_eFo3AulzNwIqDCRXfsAwMktjqpitYodXJO61eK.IyZF37Qjw0wetIO41rnyxh9_Lyzx.zdi4vN6ht54W6nM2a9_KYP9_lB97R89Y.oh7dMOvCWdfXe3XkyIELIIBkJabeum0y23vVo09NAkWPuA5u1u1X7AXXw2liMw8PsLq23r3DS0awvv7Ycfw8NaurTN8OHCSKMEXoV.fpTz1MAMRJqW_SiFGe4abk9tN8S3VIuNM3liv.Z23qhDUtSJKc7AHFJdrH4_8yhE.IHRt_Z1VlaZWuIvEiFtW2a_2vkxo4Z1ECMxD4NragHdMX6BBkmJC.bOHJRLr2fTPjMEfrM3itWpknFLkswahLZ8of.vtcooqy9B651TK7V07hsLdk20NXeltpyAOip9xp6lRr_EcZPakcqRiSUxnw7Oykx0g6KOPjVX6ICCkHbjYGYvpFiU__h9rItCi6HUOme1vQXut1Y2j0n.gXs5CXBfuqGTnNzgIg4cmOE9sTuD.sLCJ.KZqWESpYb_4shoXj8RrgZNXH2clGhXtRGWrMUccJOs937kwXlt5wVjQp3PbcPjJmSYVVWXsOEoUuFIvaj.FV9fcOPIVrNGpWtJD16PlMAyTFMgs4Zb.lKAyOVPwH.d14ZHpqUl',
cITimeS: '1733514306',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'inzt5',
nextRcV: 'LBIcECcXEYffdHSsXOOhh_UfQxw45YWOLjTWL4TbMlE-1733514306-1.3.1.1-VlJQp.FhPQqeQL5gC3LZ84DfM5TrLKCUEIYkS0mNheQ',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please stand by, while we are checking if the site connection is secure",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://newassets.hcaptcha.com/captcha/v1/d136a52/... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This appears to be a legitimate Promise polyfill implementation from hCaptcha (as indicated by the license comment). It implements standard Promise functionality and fallbacks, using only standard JavaScript features. No suspicious behaviors like eval(), external data transmission, or DOM manipulation are present. The code is not obfuscated and comes from a trusted source."
} |
/* https://hcaptcha.com/license */
!function(){"use strict";function t(t){var e=this.constructor;return this.then((function(i){return e.resolve(t()).then((function(){return i}))}),(function(i){return e.resolve(t()).then((function(){return e.reject(i)}))}))}function e(t){return new this((function(e,i){if(!t||"undefined"==typeof t.length)return i(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var n=Array.prototype.slice.call(t);if(0===n.length)return e([]);var r=n.length;function o(t,i){if(i&&("object"==typeof i||"function"==typeof i)){var s=i.then;if("function"==typeof s)return void s.call(i,(function(e){o(t,e)}),(function(i){n[t]={status:"rejected",reason:i},0==--r&&e(n)}))}n[t]={status:"fulfilled",value:i},0==--r&&e(n)}for(var s=0;s<n.length;s++)o(s,n[s])}))}var i=setTimeout,n="undefined"!=typeof setImmediate?setImmediate:null;function r(t){return Boolean(t&&"undefined"!=typeof t.length)}function o(){}function s(t){if(!(this instanceof s))throw new TypeError("Promises must be constructed via new");if("function"!=typeof t)throw new TypeError("not a function");this._state=0,this._handled=!1,this._value=undefined,this._deferreds=[],f(t,this)}function a(t,e){for(;3===t._state;)t=t._value;0!==t._state?(t._handled=!0,s._immediateFn((function(){var i=1===t._state?e.onFulfilled:e.onRejected;if(null!==i){var n;try{n=i(t._value)}catch(r){return void c(e.promise,r)}l(e.promise,n)}else(1===t._state?l:c)(e.promise,t._value)}))):t._deferreds.push(e)}function l(t,e){try{if(e===t)throw new TypeError("A promise cannot be resolved with itself.");if(e&&("object"==typeof e||"function"==typeof e)){var i=e.then;if(e instanceof s)return t._state=3,t._value=e,void h(t);if("function"==typeof i)return void f((n=i,r=e,function(){n.apply(r,arguments)}),t)}t._state=1,t._value=e,h(t)}catch(o){c(t,o)}var n,r}function c(t,e){t._state=2,t._value=e,h(t)}function h(t){2===t._state&&0===t._deferreds.length&&s._immediateFn((function(){t._handled||s._unhandledRejectionFn(t._value)}));for(var e=0,i=t._deferreds.length;e<i;e++)a(t,t._deferreds[e]);t._deferreds=null}function u(t,e,i){this.onFulfilled="function"==typeof t?t:null,this.onRejected="function"==typeof e?e:null,this.promise=i}function f(t,e){var i=!1;try{t((function(t){i||(i=!0,l(e,t))}),(function(t){i||(i=!0,c(e,t))}))}catch(n){if(i)return;i=!0,c(e,n)}}s.prototype["catch"]=function(t){return this.then(null,t)},s.prototype.then=function(t,e){var i=new this.constructor(o);return a(this,new u(t,e,i)),i},s.prototype["finally"]=t,s.all=function(t){return new s((function(e,i){if(!r(t))return i(new TypeError("Promise.all accepts an array"));var n=Array.prototype.slice.call(t);if(0===n.length)return e([]);var o=n.length;function s(t,r){try{if(r&&("object"==typeof r||"function"==typeof r)){var a=r.then;if("function"==typeof a)return void a.call(r,(function(e){s(t,e)}),i)}n[t]=r,0==--o&&e(n)}catch(l){i(l)}}for(var a=0;a<n.length;a++)s(a,n[a])}))},s.allSettled=e,s.resolve=function(t){return t&&"object"==typeof t&&t.constructor===s?t:new s((function(e){e(t)}))},s.reject=function(t){return new s((function(e,i){i(t)}))},s.race=function(t){return new s((function(e,i){if(!r(t))return i(new TypeError("Promise.race accepts an array"));for(var n=0,o=t.length;n<o;n++)s.resolve(t[n]).then(e,i)}))},s._immediateFn="function"==typeof n&&function(t){n(t)}||function(t){i(t,0)},s._unhandledRejectionFn=function(t){"undefined"!=typeof console&&console&&console.warn("Possible Unhandled Promise Rejection:",t)};var d=function(){if("undefined"!=typeof self)return self;if("undefined"!=typeof window)return window;if("undefined"!=typeof global)return global;throw new Error("unable to locate global object")}();function p(t,e,i){return e<=t&&t<=i}function y(t){if(t===undefined)return{};if(t===Object(t))return t;throw TypeError("Could not convert argument to dictionary")}"function"!=typeof d.Promise?d.Promise=s:(d.Promise.prototype["finally"]||(d.Promise.prototype["finally"]=t),d.Promise.allSettled| |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'office.aeentrabar.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'aeentrabar.com' is not associated with Microsoft and appears suspicious.", "The use of 'office' as a subdomain could be an attempt to mimic Microsoft's Office services.", "The domain name includes an unusual and unrelated string 'aeentrabar', which is a common tactic in phishing URLs." ], "riskscore": 9}
Google indexed: False |
URL: office.aeentrabar.com
Brands: Microsoft
Input Fields: unknown |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please stand by, while we are checking if the site connection is secure",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://office.aeentrabar.com/kTNoOGHr#alissa.bessette@eastwesttea.com Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'office.aeentrabar.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'aeentrabar.com' is not associated with Microsoft and appears to be unrelated.", "The use of 'office' as a subdomain could be an attempt to mimic Microsoft's Office services, which is suspicious.", "The presence of input fields for 'Email, phone, or Skype' aligns with common phishing tactics targeting Microsoft accounts." ], "riskscore": 9}
Google indexed: False |
URL: office.aeentrabar.com
Brands: Microsoft
Input Fields: Email, phone, or Skype |
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Taking you to your organization's sign-in page",
"prominent_button_name": "Cancel",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://office.aeentrabar.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOffi Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in with PIN or smartcard",
"prominent_button_name": "unknown",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://msft.sts.microsoft.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://msft.sts.microsoft.com |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "billg@microsoft.com",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Incorrect user ID or password. Type the correct user ID and password, and try again.",
"prominent_button_name": "Sign in with PIN or smartcard",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and globally recognized.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' is a common abbreviation for Microsoft and is not suspicious in this context.", "The presence of a password input field is typical for a Microsoft login page.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and globally recognized.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' is a common abbreviation for Microsoft and is not suspicious in this context.", "The presence of a password input field is typical for a legitimate Microsoft service login page." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and globally recognized.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' is a common abbreviation for Microsoft and is not suspicious in this context.", "The presence of a password input field is typical for a legitimate Microsoft service login page.", "No suspicious elements such as misspellings or unusual domain extensions are present in the URL." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Incorrect user ID or password. Type the correct user ID and password, and try again.",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"bill@microsoft.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and globally recognized.", "The URL 'msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' and 'sts' in the subdomain is consistent with Microsoft's naming conventions for their services.", "The email domain 'microsoft.com' matches the legitimate domain, indicating a legitimate association." ], "riskscore": 1} |
URL: msft.sts.microsoft.com
Brands: Microsoft
Input Fields: bill@microsoft.com |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Select a certificate that you want to use for authentication. If you cancel the operation, please close your browser and try again.",
"prominent_button_name": "Sign in with other options",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://msft.sts.microsoft.com/adfs/ls/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQK0yEhgShJ_Cfxz4 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://certauth.msft.sts.microsoft.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://certauth.msft.sts.microsoft.com |
| URL: https://certauth.msft.sts.microsoft.com/adfs/certauth/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "No valid client certificate found in the request. No valid certificates found in the user's certificate store. Please try again after closing and reopening the browser and choose a different authentication method.",
"prominent_button_name": "Sign in with other options",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://certauth.msft.sts.microsoft.com/adfs/certauth/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://certauth.msft.sts.microsoft.com/adfs/certauth/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQ Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in with PIN or smartcard",
"prominent_button_name": "unknown",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false
} |
 |
| URL: https://certauth.msft.sts.microsoft.com/adfs/certauth/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://certauth.msft.sts.microsoft.com/adfs/certauth/?client-request-id=a54e7827-d073-4835-9256-2d3a375bc921&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=LoginOptions%3D3%26estsredirect%3d2%26estsrequest%3drQQIARAAhZI_jNt0HMXj5C53FwGNWoQ Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and globally recognized.", "The URL 'certauth.msft.sts.microsoft.com' is a subdomain of 'microsoft.com', which is the legitimate domain for Microsoft.", "The use of 'msft' and 'sts' in the subdomain is consistent with Microsoft's naming conventions for authentication and security services.", "The presence of a password input field is typical for authentication services, which aligns with the subdomain's purpose." ], "riskscore": 1} |
URL: certauth.msft.sts.microsoft.com
Brands: Microsoft
Input Fields: Password |
Edit tour
chrome.exe (PID: 6960 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node