| URL: https://sign.zoho.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false
} |
URL: https://sign.zoho.com |
| URL: https://static.zohocdn.com/sign/assets/sign_util.2... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript code appears to be a set of utility functions that handle common web development tasks, such as retrieving CSRF tokens, parsing URL parameters, and managing internationalization (i18n) messages. While the code includes some potentially sensitive operations, such as accessing cookies and making AJAX requests, it does not demonstrate any high-risk behaviors or clear malicious intent. The code seems to be part of a legitimate web application and is likely used for benign purposes."
} |
function getCSRFCookie()
{
var csrf = getCookie("zscsrfcookie"); // No I18N
return csrf;
}
function getCookie(name)
{
var init = document.cookie.indexOf(name+"=");
if(init === 0)
{
init = document.cookie.indexOf(" "+name+"=")+1;
}
if (init != -1) {
var userlen = name.length;
var beginIndex = init + userlen;
var endIndex = document.cookie.indexOf(";", beginIndex);
if (endIndex == -1) {
endIndex = document.cookie.length;
}
var cVal = document.cookie.substring(beginIndex + 1, endIndex);
return cVal;
}
return null;
}
function GetURLParameter(sParam, needDecoding=false) {
var sPageURL = window.location.search.substring(1);
var sURLVariables = sPageURL.split('&');
for (var i = 0; i < sURLVariables.length; i++) {
var sParameterName = sURLVariables[i].split('=');
if (sParameterName[0] === sParam) {
//Decryption added mainly for frameOrigin. When iframe embedded sending -> sign immediately -> clicking Next/session expired value goes as double encryted.
//When embedded signform form session expired value goes as double encryted. Decrypting while loading and encryption before sending is good. we use www/urlencode in ajax
if(needDecoding)
{
return decodeURIComponent(sParameterName[1]);
}
return sParameterName[1];
}
}
return null;
}
function getFilePath(filePath)
{
return staticPath + (fingerprintJson.hasOwnProperty(filePath) ? fingerprintJson[filePath] : filePath);
}
//We are not using integrity attribute while fetching .js files. since SD team is replacing IDC domains to localzoho when updating build in localzoho.
//function getIntegrityValue(filepath)
//{
// return checksumJson.hasOwnProperty(filePath) ? checksumJson[filePath] : filePath;
//}
function fetchI18nMessages() {
ajaxUrl = 'api/v1/messages/unauthenticated'; // No I18N
if (currentLocale && currentLocale.length > 0) {
formURL += "?locale=" + currentLocale; //No I18N
$('#language-dropdown .select-action').text($('#language-dropdown li[value="' + currentLocale + '"]').text());
}
callbackFunction = function(data) {
i18nJSON = data;
};
fetchFromUrl(ajaxUrl, [], callbackFunction);
}
function getAuthI18nValue(verification_type) {
return I18N.getMsg(verificationTypeI18nKeys[verification_type]);
}
function replaceI18nValues()
{
var i18nAttrName = "[data-i18n]"; //No I18N
document.querySelectorAll(i18nAttrName).forEach((currEle)=>{
var i18nKey = currEle.getAttribute("data-i18n");
var i18nMsg = I18N.getMsg(i18nKey);
currEle.textContent = i18nMsg;
});
}
function showAjaxSuccessMessage(message)
{
$('#ajax-success-msg .msg-body .content').html(message);
$('#ajax-success-msg').show();
$('#ajax-success-msg').fadeIn('slow').delay(2000).fadeOut('slow'); //No I18N
}
function showAjaxFailureMessage(message)
{
$('#ajax-failure-msg .msg-body .content').html(message);
$('#ajax-failure-msg').show();
setTimeout(function() {
$('#ajax-failure-msg').stop( true, true ).fadeOut(2000);
}, 3000);
}
function showError() {
$('.guest-dash-wrapper .body-wrapper').html('<div class="background-style" style="width:100%;">' +
'<div class="message-body">' +
'<div class="error-message"><img src="'+getFilePath('images/error1.png')+'"/><span id="errormsg">An Error Occured !</span></div>'
+'</div><div>' +
'<div class="back-home-line"></div>' +
'</div></div>');
}
function showMsg() {
$('.guest-dash-wrapper .body-wrapper').html('<div class="background-style" style="width:100%;">' +
'<div class="message-body">'
+'</div><div>' +
'<div class="back-home-line"></div>' +
'</div></div>');
}
function i18nValuesIntoHTML()
{
$('.body-wrapper #ajax-failure-msg .msg-body .content').text(I18N.getMsg('js.guest.home.code.error_msg'));//No I18N
$('.guest-header-name').text(I18N.getMsg('js.guest.heading'));//No I18N
//$('.body-wrapper .continue-btn').text(I18 |
| URL: https://static.zohocdn.com/sign/assets/kba.11c929b... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The provided JavaScript snippet appears to be a part of a web application that handles user authentication and data collection. While it does not exhibit any clear signs of malicious intent, there are some moderate-risk indicators that warrant further review. The script interacts with external APIs and handles user data, which could potentially lead to data exfiltration or other security concerns if not properly implemented. Additionally, the use of legacy APIs like `XDomainRequest` and the lack of input validation on certain fields raise some concerns. Overall, the script requires closer inspection to ensure that it is following best practices for secure web development."
} |
var sign_id = GetURLParameter('sign_id');//No I18N
var formURL;
var ajax_failure = false;
var I18N = {};
var pii_page_initiated_timestamp;
var pii_submit_timestamp;
var kba_initiate_timestamp;
var kba_unique_id;
var questions = [];
var answers = [];
var timer;
var idleTimeOutFunc;
var is_challenge_round = false;
function initKbaProcedures()
{
pii_page_initiated_timestamp = Date.now();
$('#application-loader').hide();
$('.guest-dash-wrapper').css("display", "block");
$('.intermediate-content').css('display', '');// No I18N
$('.kba-wrapper').show();
$('#kba-continue').text(I18N.getMsg('js.authencation_mode.eueid.proceed')); // No I18N
$('#kba-continue').click(initiateKbaSession);//No I18N
}
function initiateKbaSession()
{
replaceI18nValues();
$.ajax({
url: '/api/v1/guest/actions/'+action_id+'/kba/initiatesession?sign_id='+sign_id, // No I18N
type: 'POST', // No I18N
data: [],
dataType: 'json', // No I18N
async: true,
success: function (data, textStatus, jqXHR) {
verifyInitiatedKBASession();
},
error: function (jqXHR, textStatus, errorThrown) {
var data;
if (jqXHR.responseJSON) {
data = jqXHR.responseJSON;
} else if (jqXHR.responseText) {
data = jqXHR.responseText;
} else {
return;
}
if (data.message != undefined && dataCodesToDisplayError(data.code)) {
showKbaAjaxFailureMessage(data.message);
}
else
{
showError();
}
}
});
}
function verifyInitiatedKBASession()
{
$.ajax({
url: '/api/v1/guest/actions/'+action_id+'/kba/validatesession?sign_id='+sign_id, // No I18N
type: 'GET', // No I18N
data: [],
dataType: 'json', // No I18N
async: true,
success: function (data, textStatus, jqXHR) {
collectInfoForKBA();
},
error: function (jqXHR, textStatus, errorThrown) {
var data;
if (jqXHR.responseJSON) {
data = jqXHR.responseJSON;
} else if (jqXHR.responseText) {
data = jqXHR.responseText;
} else {
return;
}
if (data.message != undefined && dataCodesToDisplayError(data.code)) {
showKbaAjaxFailureMessage(data.message);
}
else
{
showError();
}
}
});
}
function collectInfoForKBA()
{
$('.guest-dash-wrapper .body-wrapper').hide();
var kbaWrapper = '.guest-dash-wrapper .body-wrapper.kba'; // No I18N
$(kbaWrapper).show();
$(kbaWrapper).find('.kba-section #kba-personal-info').show();
autoFillActions();
setIdleTimeOut();
$('input.validate-text,input.validate-number').focusout(function(e){//No I18N
$('#hintbox').hide();//No I18N
if (($(e.target).hasClass('validate-text') && validateClearTextPattern($(this).val())) || ($(e.target).hasClass('validate-number') && validateDigitData(e,$(this).val(),$(this).attr('id')))){//No I18N
if($(e.target).hasClass('validation-err-box')){
$(e.target).removeClass('validation-err-box');
}
}
else{
$(e.target).addClass('validation-err-box');//No I18N
}
});
$('input.validate-text,input.validate-number').focus(function(e){
if($(e.target).hasClass('validation-err-box')){
$(e.target).removeClass('validation-err-box');
var scrollTop=0;
if($(this).closest('.modal').length===0)
{
scrollTop=$('.guest-dash-wrapper').scrollTop();
}
var hovertext='Please input valid data';// No I18N
if($(e.target).hasClass('yob-validation-err')){hovertext='To perform this you must be between 18-85 years of age';}// No I18N
$('#hintbox .content').text(hovertext);
$('#hintbox').show();
$('#hintbox').css('position','absolute').css('top',($(this).offset().top-$('#hintbox').outerHeight()-65+scrollTop)+"px").css('left',$(this).offset().left+"px");// No I18N
}
});
$('#ssn,#yob,#zip').on('keydown', function (e) {// No I18N
if (!isDelOrBkspKey(e) && isStringKeyPressed(e)) {
e.preventDefault();
}
|
| URL: https://static.zohocdn.com/sign/assets/guest.ea3fc... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet contains a mix of low-risk and moderate-risk indicators. While it does not exhibit any high-risk behaviors, such as dynamic code execution or data exfiltration, it does include some potentially concerning practices, such as external data transmission and aggressive DOM manipulation. Additionally, the use of legacy APIs like `XDomainRequest` and the presence of multiple fallback domains require further review. However, the script appears to have a legitimate purpose related to document signing and authentication, and the interactions are mostly with trusted domains. Overall, the risk score is in the medium range, and the script requires closer inspection to ensure it is not exhibiting any malicious intent."
} |
var verify_recipient;
var allowed_status = ["inprogress", "completed"]; //No I18N
var sign_id = GetURLParameter('sign_id');//No I18N
var is_searchable = GetURLParameter('is_searchable');//No I18N
var is_searchable_param_present = (is_searchable!=null) && (is_searchable!=undefined);
var enc_random_id = GetURLParameter('enc_random_id');//No I18N
var enc_random_id_param_present = (enc_random_id!=null) && (enc_random_id!=undefined);
var inter_dc_session = GetURLParameter('inter_dc_session');//No I18N
var inter_dc_session_present = (inter_dc_session!=null) && (inter_dc_session!=undefined);
var signer_dc = GetURLParameter('signer_dc');//No I18N
var signer_dc_present = (signer_dc!=null) && (signer_dc!=undefined);
var action_id;
var request_id;
var verify_code;
var requestDetails;
var verification_type;
var is_user;
var is_active_user_in_multiple_portals;
var recipient_org_id;
var is_user_logged_in;
var same_user;
var has_account;
var token_auth;
var inter_dc;
var current_user_email;
var response = {};
var user_email;
var show_warning;
var is_blocked;
var org_name;
var sender_org_id;
var ishost = false;
var in_person_view = false;
var in_person_name = '';
var in_person_email = '';
var action_type;
var action_status;
var phone_number;
var is_invoked_from_mail = GetURLParameter('is_invoked_from_mail') === "false" ? false : true;
var formURL; //No I18N
var ajax_failure = false;
var I18N = {};
var useragent = navigator.userAgent.toLowerCase();
var openInBrowser = GetURLParameter('openInBrowser'); //No I18N
var frameOrigin = GetURLParameter("frameorigin", true); //No I18N
var referer=document.referrer;
if(frameOrigin && (window.top == window || (referer && !referer.includes('/msteamstaskmodule') && (frameOrigin.includes('https://teams.microsoft.com') ||frameOrigin.includes('https://teams.cloud.microsoft')))))//checking task module referer check to avoid loading in separate tab without task module.
{
frameOrigin=null; //If same window no need to support iframe and samesite none, even if the passed frameOrigin is trusted
}
var isEmbedded = (frameOrigin != null); //if true it already passed CSP
var currentLocale = GetURLParameter("locale"); //No I18N
var read_only;
var navigate_url;
var is_usb;
var accesstoken;
var is_zoho_user;
var au_digitalid_client_id;
var au_digitalid_txn_id;
var au_digitalid_code;
var au_digitalid_state
var verificationTypeI18nKeys = {
EMAIL : "js.authencation_mode.email_otp",//No I18N
SMS : "js.authencation_mode.sms_otp",//No I18N
OFFLINE : "js.authencation_mode.offline_code",//No I18N
SIGNICAT : "js.autentication_mode.eueid.full_form",//No I18N
KBA : "js.authentication_mode.kba",//No I18N
EIDEASY : "EUEID via eID Easy",//No I18N
AUDIGITALID : "js.authentication_mode.au_digital_id"//No I18N
};
function preventPopup() {
clearTimeout(timeout);
timeout = null;
window.removeEventListener('pagehide', preventPopup);
$("#ajax-success-msg i").click(function () {
$("#ajax-success-msg").hide();
});
$("#ajax-failure-msg i").click(function () {
$("#ajax-failure-msg").hide();
});
}
function openApp() {
var url = window.location;
var sign_id = GetURLParameter('sign_id');//No I18N
var hostName = url.hostname.split(".");
if (hostName[hostName.length - 1] === "eu") {
document.location = "zohosign://myrequest?signId=" + sign_id + "&domain=eu";
} else {
document.location = "zohosign://myrequest?signId=" + sign_id;
}
var loadedAt = new Date();
timeout = setTimeout(function () {
var check = new Date();
if (check - loadedAt < 5050) {
document.location = url + "&openInBrowser=true"; //NO OUTPUTENCODING%>";
}
}, 5000);
window.addEventListener('pagehide', preventPopup);
}
function makeTransitionToReview() {
if (ishost && is_user_logged_in && !same_user && !in_person_view) {
$('.guest-dash-wrapper .body-wrapper').html('<div class="background-style" style="width:100%;">' +
'<div class="message-body">' +
'<div class="error-message"><img src |
| URL: https://sign.zoho.com/zsguest?locale=en&sign_id=23... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a mix of legitimate and potentially concerning behaviors. While it includes some low-risk indicators like legacy API usage and analytics-related functionality, it also exhibits moderate-risk behaviors such as external data transmission and the use of fallback domains. Without more context, the overall risk level is assessed as medium, requiring further review to determine the true intent and potential impact of the script."
} |
/*IMPORTANT check below comments*/
//sample to how jsp changes to be handled, this flag can be used and new ui/ux changes to be handled only for normal accounts
// var accType = "null";
// var staticVersion = "null";
// var cfrAndNewVersion = isCfrAndNewStaticVersion(accType, staticVersion);
var referrer=document.referrer;
var isTaskModule=false;
if(referrer)
{
isTaskModule=referrer.includes('/msteamstaskmodule'); //No I18N
}
var fingerprintJsonStr='{"images/logo.png":"images/logo.d8da266045947aa1b6dec83d052e5ae7.png","fonts/fonts/Sweetly-Broken.ttf":"fonts/fonts/Sweetly-Broken.72e6c5115cb364c3e3d265179a49df63.ttf","images/m-teams.png":"images/m-teams.9284dbbf40a94c38c9f28f400a38f410.png","images/usb-sign.png":"images/usb-sign.6c6ffc09e304ee24aad2288b184b2940.png","assets/vendor.css":"assets/vendor.ee881dad87a4ce8ebace68a80ce07131.css","assets/vendor.js":"assets/vendor.91adcec1eab45c3679c369daf3bdf67f.js","images/zmzsi/recip.svg":"images/zmzsi/recip.da1e28624ebf7f45c9aa0aab71ac7276.svg","images/approver.png":"images/approver.57b8bc39f95bd7e191e08a17d976bc5e.png","images/zmzsi/NightMode-menu.svg":"images/zmzsi/NightMode-menu.7b53f4e035bb23e0ce207d4a25d1cda3.svg","images/Singpass-bg.png":"images/Singpass-bg.586d2e5d5d59ff67efbef0bd0a76fb8c.png","images/infocert.png":"images/infocert.691fdc17e1c65d13004ce5aa72d8b2eb.png","images/disable.svg":"images/disable.b035bed1d6584ff026f8241742fe351c.svg","images/backspace.svg":"images/backspace.7829e551e103993dd63953f3bb071f81.svg","images/Swisscom-Mobile-Gif.gif":"images/Swisscom-Mobile-Gif.abfa2c989766b2a40b9949ddd9e9562d.gif","assets/ze_init.js":"assets/ze_init.a2fb3893ca6b26f540029943d4b657fd.js","assets/images/donate.png":"assets/images/donate.da3e7431a74efb0be241557fad7f7763.png","images/bugtracker-16x16.png":"images/bugtracker-16x16.e367ef500a9123c6011d33536244f0e1.png","images/green-doc.png":"images/green-doc.6806dd902a148be03b6ad96de183c013.png","images/radio-in.png":"images/radio-in.1232731cb3e7c2fe65090dbdfb1bc0e7.png","images/Creator-256.png":"images/Creator-256.685990bca0e63193a301fe5c99d4b109.png","assets/pdf.worker.mjs.map":"assets/pdf.worker.mjs.7423d31f9315ad8a52602b9ea9c844c9.map","images/drop.png":"images/drop.e474ddf62d95dbdc81893d122e71af5e.png","images/checkbox-in.png":"images/checkbox-in.9b59daad45889edef5ca0adf8ade12ae.png","images/HelpIcon.svg":"images/HelpIcon.3ea6c384f6d2722d737cc69b37c3c6a7.svg","assets/login-style-rtl.css":"assets/login-style-rtl.035bf08fa1da5bbc158ea425bdf6f6bd.css","images/square.svg":"images/square.3b5dc94c7073222bf6dd7f5c545d861d.svg","fonts/fonts/zs-font.eot":"fonts/fonts/zs-font.4f5c00b31f2b2c89279c409dbd5b46f6.eot","images/mail-template.png":"images/mail-template.0d7719c4c5d3326f12f2765429ac52c8.png","images/singpass-signature.svg":"images/singpass-signature.9c422082f79a5778082a6ad2e4789a1d.svg","images/renew.svg":"images/renew.87014c5759d928b592048a876b1a8d76.svg","images/prd-signin-sprite.png":"images/prd-signin-sprite.bbb73a8c906793c38a316845c5061f39.png","images/sign-image.png":"images/sign-image.dba91e131abc34c5da1dedd755773579.png","assets/ui-icons_222222_256x240.png":"assets/ui-icons_222222_256x240.3a3c5468f484f07ac4a320d9e22acb8c.png","images/ellipsis.gif":"images/ellipsis.7bff77b787c3c23cf38e25e3a2e6618b.gif","assets/pdf.worker.mjs":"assets/pdf.worker.3ad5c41d90ecae4e544c09e22d7f2309.mjs","images/drive.png":"images/drive.52d6b34475be5728e52a6ab243fe9022.png","assets/pdf.mjs.map":"assets/pdf.mjs.3112b3051aa17ac2ada81c70e5fdea4e.map","assets/images/ui-icons_cd0a0a_256x240.png":"assets/images/ui-icons_cd0a0a_256x240.fdc58c14e91fbb086f953818c525a7ee.png","assets/ui-icons_888888_256x240.png":"assets/ui-icons_888888_256x240.6cc57703e2f287de68f76244a618f15c.png","fonts/glyphicons-halflings-regular.ttf":"fonts/glyphicons-halflings-regular.e18bbf611f2a2e43afc071aa2f4e1512.ttf","images/outlook.png":"images/outlook.78ec88490f389bd6eca94d8d20475118.png","assets/signIntegrationUtil.js":"assets/signIntegrationUtil.7ffbc876c084eb12ed907c4c9f0c |
| URL: https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGN Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Proceed to document",
"prominent_button_name": "Proceed to document",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://sign.zoho.com/zsguest?locale=en&sign_id=234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3&action_type=SIGN Model: Joe Sandbox AI | {
"brands": [
"Techniplas"
]
} |
|
| URL: https://sign.zoho.com/zsstateless#/review/234b4d53... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The provided JavaScript snippet appears to be a fingerprinting script that loads various assets (images, fonts, CSS, and JavaScript files) from different domains. While some of these assets are from trusted domains, there are also several references to unknown or potentially suspicious domains. Additionally, the script uses obfuscated file names and paths, which is a moderate-risk indicator. Further review is needed to determine the full context and intent of this script."
} |
var fingerprintJsonStr='{"images/logo.png":"images/logo.d8da266045947aa1b6dec83d052e5ae7.png","fonts/fonts/Sweetly-Broken.ttf":"fonts/fonts/Sweetly-Broken.72e6c5115cb364c3e3d265179a49df63.ttf","images/m-teams.png":"images/m-teams.9284dbbf40a94c38c9f28f400a38f410.png","images/usb-sign.png":"images/usb-sign.6c6ffc09e304ee24aad2288b184b2940.png","assets/vendor.css":"assets/vendor.ee881dad87a4ce8ebace68a80ce07131.css","assets/vendor.js":"assets/vendor.91adcec1eab45c3679c369daf3bdf67f.js","images/zmzsi/recip.svg":"images/zmzsi/recip.da1e28624ebf7f45c9aa0aab71ac7276.svg","images/approver.png":"images/approver.57b8bc39f95bd7e191e08a17d976bc5e.png","images/zmzsi/NightMode-menu.svg":"images/zmzsi/NightMode-menu.7b53f4e035bb23e0ce207d4a25d1cda3.svg","images/Singpass-bg.png":"images/Singpass-bg.586d2e5d5d59ff67efbef0bd0a76fb8c.png","images/infocert.png":"images/infocert.691fdc17e1c65d13004ce5aa72d8b2eb.png","images/disable.svg":"images/disable.b035bed1d6584ff026f8241742fe351c.svg","images/backspace.svg":"images/backspace.7829e551e103993dd63953f3bb071f81.svg","images/Swisscom-Mobile-Gif.gif":"images/Swisscom-Mobile-Gif.abfa2c989766b2a40b9949ddd9e9562d.gif","assets/ze_init.js":"assets/ze_init.a2fb3893ca6b26f540029943d4b657fd.js","assets/images/donate.png":"assets/images/donate.da3e7431a74efb0be241557fad7f7763.png","images/bugtracker-16x16.png":"images/bugtracker-16x16.e367ef500a9123c6011d33536244f0e1.png","images/green-doc.png":"images/green-doc.6806dd902a148be03b6ad96de183c013.png","images/radio-in.png":"images/radio-in.1232731cb3e7c2fe65090dbdfb1bc0e7.png","images/Creator-256.png":"images/Creator-256.685990bca0e63193a301fe5c99d4b109.png","assets/pdf.worker.mjs.map":"assets/pdf.worker.mjs.7423d31f9315ad8a52602b9ea9c844c9.map","images/drop.png":"images/drop.e474ddf62d95dbdc81893d122e71af5e.png","images/checkbox-in.png":"images/checkbox-in.9b59daad45889edef5ca0adf8ade12ae.png","images/HelpIcon.svg":"images/HelpIcon.3ea6c384f6d2722d737cc69b37c3c6a7.svg","assets/login-style-rtl.css":"assets/login-style-rtl.035bf08fa1da5bbc158ea425bdf6f6bd.css","images/square.svg":"images/square.3b5dc94c7073222bf6dd7f5c545d861d.svg","fonts/fonts/zs-font.eot":"fonts/fonts/zs-font.4f5c00b31f2b2c89279c409dbd5b46f6.eot","images/mail-template.png":"images/mail-template.0d7719c4c5d3326f12f2765429ac52c8.png","images/singpass-signature.svg":"images/singpass-signature.9c422082f79a5778082a6ad2e4789a1d.svg","images/renew.svg":"images/renew.87014c5759d928b592048a876b1a8d76.svg","images/prd-signin-sprite.png":"images/prd-signin-sprite.bbb73a8c906793c38a316845c5061f39.png","images/sign-image.png":"images/sign-image.dba91e131abc34c5da1dedd755773579.png","assets/ui-icons_222222_256x240.png":"assets/ui-icons_222222_256x240.3a3c5468f484f07ac4a320d9e22acb8c.png","images/ellipsis.gif":"images/ellipsis.7bff77b787c3c23cf38e25e3a2e6618b.gif","assets/pdf.worker.mjs":"assets/pdf.worker.3ad5c41d90ecae4e544c09e22d7f2309.mjs","images/drive.png":"images/drive.52d6b34475be5728e52a6ab243fe9022.png","assets/pdf.mjs.map":"assets/pdf.mjs.3112b3051aa17ac2ada81c70e5fdea4e.map","assets/images/ui-icons_cd0a0a_256x240.png":"assets/images/ui-icons_cd0a0a_256x240.fdc58c14e91fbb086f953818c525a7ee.png","assets/ui-icons_888888_256x240.png":"assets/ui-icons_888888_256x240.6cc57703e2f287de68f76244a618f15c.png","fonts/glyphicons-halflings-regular.ttf":"fonts/glyphicons-halflings-regular.e18bbf611f2a2e43afc071aa2f4e1512.ttf","images/outlook.png":"images/outlook.78ec88490f389bd6eca94d8d20475118.png","assets/signIntegrationUtil.js":"assets/signIntegrationUtil.7ffbc876c084eb12ed907c4c9f0c6285.js","images/warning.png":"images/warning.68805e9815dd84ca3bcf8b41fe942c3a.png","images/attachment.png":"images/attachment.618cb7221effc262c76f3632da0b9914.png","assets/signIntegration_style.css":"assets/signIntegration_style.8303f79be0949cfd3c7f074102911bd7.css","assets/embercli.js":"assets/embercli.58bfc1b767dd3489a68a97d70d64def2.js","images/template.svg":"images/template.0ffeae87c1c0c8739530121382ab53eb.svg","images/zmzsi/ |
| URL: https://static.zohocdn.com/sign/assets/vendor.91ad... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a collection of utility functions and UI components, with no clear indicators of malicious behavior. While some of the code uses legacy practices and dynamic DOM manipulation, these behaviors are not inherently malicious and can be common in legitimate web applications. The script does not demonstrate any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to suspicious domains. Overall, the risk score is low, and the code seems to be part of a larger, potentially legitimate web application."
} |
function createDeprecatedModule(e){define(e,["exports","ember-resolver/resolver","ember"],function(t,i,n){n.default.deprecate("Usage of `"+e+"` module is deprecated, please update to `ember-resolver`.",!1,{id:"ember-resolver.legacy-shims",until:"3.0.0"}),t.default=i.default})}function zc_templateObject240(){var e=_taggedTemplateLiteral(['<div class="ztooltip__pointer"></div>']);return zc_templateObject240=function(){return e},e}function zc_templateObject239(){var e=_taggedTemplateLiteral(['<div class="ztooltip__content">',"</div> ",""]);return zc_templateObject239=function(){return e},e}function zc_templateObject238(){var e=_taggedTemplateLiteral(["<div class=\"ztooltip\" style='display:none;'>","</div>"]);return zc_templateObject238=function(){return e},e}function zc_templateObject237(){var e=_taggedTemplateLiteral(['<span class="ztabpanel__text">',"</span>"]);return zc_templateObject237=function(){return e},e}function zc_templateObject236(){var e=_taggedTemplateLiteral([" "," "," "," ",""]);return zc_templateObject236=function(){return e},e}function zc_templateObject235(){var e=_taggedTemplateLiteral(['<a tabindex="-1" href=#'," > "," </a>"]);return zc_templateObject235=function(){return e},e}function zc_templateObject234(){var e=_taggedTemplateLiteral(['<li data-zd-created=true role="tab" ?title=',' tabindex=-1 ?id="','" class="','" ?style="','" data-panel-id=',' ?aria-disabled="','" ?data-disabled='," ?aria-hidden="," ?data-hidden=",">"," </li>"]);return zc_templateObject234=function(){return e},e}function zc_templateObject233(){var e=_taggedTemplateLiteral(['<ul role=tablist class="','"> '," </ul>"]);return zc_templateObject233=function(){return e},e}function zc_templateObject232(){var e=_taggedTemplateLiteral(['<div class="','"> </div>']);return zc_templateObject232=function(){return e},e}function zc_templateObject231(){var e=_taggedTemplateLiteral([" "," "," "," "]);return zc_templateObject231=function(){return e},e}function zc_templateObject230(){var e=_taggedTemplateLiteral(['<div class="zalertbanner__action" title=','><button type="button" class="zalertbanner__close">',"</button></div>"]);return zc_templateObject230=function(){return e},e}function zc_templateObject229(){var e=_taggedTemplateLiteral([" ",""]);return zc_templateObject229=function(){return e},e}function zc_templateObject228(){var e=_taggedTemplateLiteral(['<span class="zalertbanner__text">'," ","</span>"]);return zc_templateObject228=function(){return e},e}function zc_templateObject227(){var e=_taggedTemplateLiteral(['<div class="zalertbanner__table"></div>']);return zc_templateObject227=function(){return e},e}function zc_templateObject226(){var e=_taggedTemplateLiteral([" "," "," "," "," "," "]);return zc_templateObject226=function(){return e},e}function zc_templateObject225(){var e=_taggedTemplateLiteral(['<div class="zalertbanner ','">',"</div>"]);return zc_templateObject225=function(){return e},e}function zc_templateObject224(){var e=_taggedTemplateLiteral(['<label ?aria-label="','" ?id="','" ?role="','" ?type="','" class="zbutton ','">',"</label>"]);return zc_templateObject224=function(){return e},e}function zc_templateObject223(){var e=_taggedTemplateLiteral(["",""]);return zc_templateObject223=function(){return e},e}function zc_templateObject222(){var e=_taggedTemplateLiteral([""," ",""]);return zc_templateObject222=function(){return e},e}function zc_templateObject221(){var e=_taggedTemplateLiteral(["<ul class='","' data-footer=true > "," </ul>"]);return zc_templateObject221=function(){return e},e}function zc_templateObject220(){var e=_taggedTemplateLiteral(["",""]);return zc_templateObject220=function(){return e},e}function zc_templateObject219(){var e=_taggedTemplateLiteral(["<ul class='","' data-body=true > "," </ul>"]);return zc_templateObject219=function(){return e},e}function zc_templateObject218(){var e=_taggedTemplateLiteral(["",""]);return zc_templateObject218=function(){return e},e}function zc_templateObject217(){var e=_taggedTemplateLitera |
| URL: https://static.zohocdn.com/sign/assets/deeplink-to... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet exhibits some moderate-risk behaviors, such as external data transmission and the use of legacy APIs. However, it does not contain any clear indicators of malicious intent or high-risk activities. The script appears to be focused on app launching and detection, which is a common functionality for mobile applications. While some of the practices may be considered outdated or suboptimal, the overall risk level is moderate and requires further review to determine the specific context and intent of the script."
} |
var NativeAppLauncher=function(a){"use strict";function b(a,b){console.log(a+":"+JSON.stringify(b,null,4))}var c={},d={getAppUri:function(){return"#"},getAppLauncherEl:function(){if(!c.appLauncherElId)throw new Error("Settings does not have valid appLauncherElId");return a("#"+c.appLauncherElId)},getNotSupportedMessage:function(){if(!c.appLauncherElId)throw new Error("Settings does not have valid NotSupportedMessage");return c.notSupportedMessage},getCampaignValue:function(){return c.campaignCode},getAppStoreURI:function(){return"#"}},e=a.extend({},d,{getIntentURI:function(){return"intent://m/#Intent;scheme="+c.appUri+";package="+c.androidAppId+";end"},getAppUri:function(){return c.appUri},getAppStoreURI:function(){var a=this.getCampaignValue()?"&referrer=utm_source%3Dother%26utm_campaign%3D"+this.getCampaignValue():"";return"https://play.google.com/store/apps/details?id="+c.androidAppId+a}}),f=a.extend({},d,{getAppStoreURI:function(){return this.getCampaignValue()?s.appendQueryParameter(c.iOsAppStore,"ct",this.getCampaignValue()):c.iOsAppStore},getUniversalLinkingUrl:function(){return c.universalLinkUrl},getAppUri:function(){if(!c.appUri)throw new Error("Settings does not have valid AppURI");return c.appUri}}),g=function(a){this.strategyParameters=a,this.init=function(){}},h=function(a){this.init=function(){var b=a.getAppLauncherEl(),c=a.getAppUri();b.click(function(a){a.preventDefault(),window.location.reload()}),window.location=c}},i=function(b){g.call(this,b);var c=["pagehide","blur","beforeunload"],d=null,e=function(){clearTimeout(d),d=null,a(window).unbind(c.join(" "))},f=b.getAppLauncherEl();this.init=function(){h(),f.unbind("click").on("click",function(a){a.preventDefault(),h()})};var h=function(){window.location=b.getAppUri(),a(window).bind(c.join(" "),e),d=setTimeout(function(){window.top.location=b.getAppStoreURI()},1500)}},j=function(b){g.call(this,b),this.init=function(){var c=new i(b),d=b.getAppLauncherEl(),e=d.attr("id");a("body").on("click","#"+e,function(a){a.preventDefault(),c.init()})}},k=function(a){g.call(this,a),this.init=function(){var b=a.getAppLauncherEl();b.attr("id");b.attr("href",a.getIntentURI())}},l=function(b){g.call(this,b),this.init=function(){var c=b.getAppLauncherEl().attr("id");a("body").on("click","#"+c,function(a){a.preventDefault();var c=b.getNotSupportedMessage()?b.getNotSupportedMessage():"Not Supported";alert(c)})}},m=function(b){function c(a,b,c){var d=new Date;d.setTime(d.getTime()+1e3*c);var e="; expires="+d.toGMTString();document.cookie=a+"="+b+e+"; path=/"}function d(a){for(var b=a+"=",c=document.cookie.split(";"),d=0;d<c.length;d++){for(var e=c[d];" "==e.charAt(0);)e=e.substring(1,e.length);if(0==e.indexOf(b))return e.substring(b.length,e.length)}return null}function e(a){c(a,"",-1)}g.call(this,b),this.init=function(){function f(){return d(i)>1}function g(){var a=d(i);!a||isNaN(a)?c(i,1,60):c(i,2,60)}b.getUniversalLinkingUrl()||console.log("Error: Universal Linking: Invalid url provided: "+b.getUniversalLinkingUrl());var h=b.getAppLauncherEl(),i="ul-app-detection-flag",j=b.getUniversalLinkingUrl();f()&&(window.location=b.getAppStoreURI(),e()),h.attr("href",j),a(window).on("blur",function(){e(i)}),g(),h.click(function(){g()})}},n=function(){var a,g=d;return p().isIOS?(a="ios",g=f):p().isAndroid?(a="android",g=e):(a="desktop or default",g=d),c.debug&&g&&b("AppLaunchParameter",a),g},o=function(a){var d,e=n();if("cta"==a||void 0==a)d=new j(e);else if("direct"==a)d=new i(e);else if("ul"==a)d=new m(e);else if("notsupported"==a)d=new l(e);else if("directapponly"==a)d=new h(e);else{if("intent_cta"!=a)throw new Error("Deeplinking: Unsupported deeplinking strategy type");d=new k(e)}return c.debug&&d&&b("AppLaunchStrategyType",a),d},p=function(){var a=window.navigator.userAgent.toLowerCase(),b=function(){return c()?parseInt(a.match(/os\s+(\d+)_/)[1],10):!1},c=function(){return/(?:i(?:phone|p(?:o|a)d))/.test(a)},d=function(){return!!a.match(/FBAV/i)},e=function(){return a.indexOf("chrome")>-1},f |
| URL: https://sign.zoho.com/zsstateless#/review/234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3?request_id=438802000000036091&action Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://sign.zoho.com/zsstateless#/review/234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3?request_id=438802000000036091&action Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "bids for all trades applicable to your company.",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://sign.zoho.com/zsstateless#/review/234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3?request_id=438802000000036091&action Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://sign.zoho.com/zsstateless#/review/234b4d535f4956235d3ed2bb80da1204238e412cdfe561cf1e7cff409a79a97da8a2d431ccef9065ebae57f03416d61f0971abb897fde199a21f0da5d9085251df31eb6747d99920190103a51a045e3e309308fa5f3a1ca3?request_id=438802000000036091&action Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://static.zohocdn.com/sign/assets/embercli.58... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script primarily involves defining and extending Ember.js components and modules, with no high-risk behaviors such as dynamic code execution or data exfiltration. It does involve some moderate-risk behavior with external data transmission via API calls, but these appear to be part of legitimate application functionality. No suspicious domains or obfuscation are present."
} |
"use strict";define("embercli/app",["exports","ember","embercli/resolver","ember-load-initializers","embercli/config/environment"],function(e,t,n,i,s){var a=void 0;t.default.MODEL_FACTORY_INJECTIONS=!1,a=t.default.Application.extend({customEvents:{paste:"pasteEventListner"},modulePrefix:s.default.modulePrefix,podModulePrefix:s.default.podModulePrefix,Resolver:n.default}),(0,i.default)(a,s.default.modulePrefix),e.default=a}),define("embercli/components/activity-history-modal",["exports","ember","embercli/models/zs_jqgrid","embercli/mixins/common/security_regex","embercli/mixins/common/perfectScrollbar","embercli/utils/i18n","embercli/helpers/recent-activity-status-name"],function(e,t,n,i,s,a,l){var o=a.default.create(),r=n.default.create({}),d=t.default.Component;e.default=d.extend(i.default,s.default,{grid_id:"activity-history",org_id:parseInt(zsoid),didInsertElement:function(){var e=this;e._super.apply(e,arguments),e.loadData()},loadData:function(){var e=this,t=e.get("request_id"),n=e.get("grid_id"),i="/api/v1/requests/"+t+"/audit",s=[o.t("js.reports.table.performed_at",{}),o.t("js.reports.table.performed_by_email",{}),o.t("js.admin.invitation_status.table.action",{}),o.t("js.reports.table.activity",{})],a=(0,l.getOperationTypeStatusNameMap)(),d=":All;".concat(JSON.stringify(a)).replaceAll(/{|}|"/g,"").replaceAll(",",";"),c={value:d,dataInit:function(e){ZCSign.select(e,{dataMapping:{value:"value"},dropdownList:{className:"sign-dropdown-list"},change:function(){e.dispatchEvent(new Event("change"))},arrowIconClassName:"caret"})}},u=[{name:"performed_at",resizable:!0,index:"performed_at",width:"80px",search:!1,showTooltip:!1,title:!1,sortable:!0,sorttype:!1,formatter:r.displayAsDate},{name:"performed_by_name",resizable:!0,index:"performed_by_name",search:!0,width:"100px",showTooltip:!1,sortable:!1,sorttype:!1,formatter:r.displayRecipient},{name:"operation_type",width:"120px",index:"operation_type",jsonmap:"operation_type",showTooltip:!1,resizable:!0,search:!0,stype:"select",searchoptions:c,sortable:!1,sorttype:!1,formatter:r.displayActivityStatus},{name:"activity",resizable:!0,index:"activity",width:"180px",search:!1,showTooltip:!1,sortable:!1,sorttype:!1}],p={repeatitems:!1,root:"account_activity_report",userdata:"account_activity_report",page:function(e){var t=$("#"+n).jqGrid("getGridParam","rowNum");return"failure"===e.status?0:parseInt(e.page_context.start_index/t+1)},total:function(t){var i,s=$("#"+n).jqGrid("getGridParam","rowNum"),a=$("#"+n+"_toppager");i="failure"===t.status?0:t.page_context.total_count;var l=Math.ceil(i/s);return 0===i?(a.find(".tbl-icons-left .view-page label .start-index").html("0"),a.find(".tbl-icons-left .view-page label .end-index").html("0"),a.find(".tbl-icons-left .view-page label .total").html("0")):(a.find(".tbl-icons-right").show(),a.find(".tbl-icons-center").show(),a.find(".tbl-icons-left .view-page label").show(),a.find(".tbl-icons-left .view-page label").html("<label>"+o.t("js.table.toppager.view",{})+"</label>"),a.find(".tbl-icons-left .view-page label .start-index").html(e.escapeText(t.page_context.start_index)),a.find(".tbl-icons-left .view-page label .end-index").html(e.escapeText(t.page_context.start_index+t.page_context.row_count-1)),a.find(".tbl-icons-left .view-page label .total").html(e.escapeText(i))),r.updateGridParams(n,{total:l}),l},records:function(e){return"failure"===e.status?0:e.page_context.total_count}},m={},_={table_title:"",grid_id:n,url:i,data:"",dataType:"json",height:"auto",colNames:s,colModel:u,jsonReader:p,subGrid:!1,subGridOptions:m,total_records:0,toppager:!0,rowNum:25,prevent_route_change:!0};r.loadDataIntoJqgrid(e,_)},willDestroyElement:function(){ZCSign.select(document.getElementById("gs_operation_type")).destroy(),ZCSign.menu(document.getElementById("exportTypeMenuId")).destroy(),$("#exportTypeMenuId").remove()}})}),define("embercli/components/activity-log",["exports","embercli/utils/i18n","embercli/utils/sign-util"],function(e,t,n){var i=Ember,s=i.Component,a=i. |
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a simple form submission function, which is a common and legitimate behavior. While it does not demonstrate any high-risk indicators, the lack of context around the form's purpose and the target domain means it requires further review to determine if there are any potential concerns."
} |
function GossamerThread() {
document.forms[0].submit();
}
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. While the script contains some obfuscated code and makes external requests, it is likely part of a legitimate security solution and not inherently malicious. However, the extensive use of obfuscation and the presence of some potentially sensitive data being sent to external domains warrant further review to ensure there are no hidden risks or unintended behaviors."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'h7pcq',
chlApiSitekey: '0x4AAAAAAA2_FtrtI-q9RaMg',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'l6O0ZfY3U4T0VOlVLAA7IVgp6nB_iuOVpqgCX.D3c8E-1736189813-1.3.1.1-9PfSCKgM2oTzR311gyrF522uLDLzZOj9cbH79v9ryGs',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8fddee3dce6543b1',
cH: 'TMGuWnxIyN9xplnn.Po_o37Hli1zNIYqD7tycp1QcoU-1736189813-1.1.1.1-AJ91wWH49gj580XvqWRKvpdoy5qYv0oyyJJnCq.CMHnsp.e9MBDK2YjZHNxg_h4z',
cFPWv: 'g',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'pqkU6W0PhL._RWW.45IBKgJk4GBEKLxD6Thv02WAR7M-1736189813-1.1.1.1-dnbQRELF6psw9piT3rhJ8Mss66HlLubSpvJOb3II8DPVe7In1yNX8Ka7_15Mn5maeXZ9zLKNxPNX4hh70RvN0zX5PTqjA_YCb125sQXcxhP2BfSgAYnUmZYqbVh21Zk5.meSLvZ1cGoZWKR7yZZeaIp11NZcFjRqalz8ADj0KxAuSIZw__fs1aPluIElr8kck32aGuyG2DD4ueV1KR1MfK3bciLyAGKwQT6ZVrE7_PENrGfFD.0EY7j7.fzPtPHc856LULYkK3aN3Di1HvNXroUU2fyYFcqjnVLpTgqjBYXWmBTq0Bq90iuHomZIiKuxkSZcFE6J0NAKkFkCOxsVEgCaWeDq9QRt_Hrj.DChb_.KuCLU06ySmyJRsYFwLv0094YF1RiBWRXQBPKD0CbTHLB3wZkB9_JpBREZtz0YnMGKxJtMqG0Vq5t6k_ABew4Y3dAJvNS1dIOYYIiC7EmGBpzmbcFzE_JxLhb3bvCxWfQiBsNeyRTMCXHO0p9Zqx2ipofxd1TAyxrZjWOVe.YYmwhTBbZKPmylAzRsURtIoOF3iZSAar.navdSCnNYvj6m9YaP.p1q8qR1bnEgmKMUTAShjoc8a38jIL7N7q8FO.OJvRVFlmlYgkeeWZAa7TkR63btrzfcw4Aqpdfh3KLA82VVzVury0UaewLnT7VyXVgOAi1AOjccljfyzW7YrLiSDW86JpKXQM_w__76ocyaHHiV9IFiyu8L_Suu
|
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://sharepoint-online.doclabcourt.com Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://sharepoint-online.doclabcourt.com |
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/ Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/ Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/ Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://sharepoint-online.doclabcourt.com/hqb0J/ Model: Joe Sandbox AI | ```json{ "legit_domain": "sharepoint.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and commonly associated with 'sharepoint.com'.", "The URL 'sharepoint-online.doclabcourt.com' does not match the legitimate domain 'sharepoint.com'.", "The presence of 'doclabcourt.com' as the main domain is suspicious and not associated with Microsoft or SharePoint.", "The use of 'sharepoint-online' as a subdomain is a common tactic in phishing to mimic legitimate services.", "The input fields 'Email, phone, or Skype' are typical for Microsoft services, but their presence on an unverified domain increases suspicion." ], "riskscore": 9}
Google indexed: False |
URL: sharepoint-online.doclabcourt.com
Brands: Microsoft
Input Fields: Email, phone, or Skype |
Edit tour
chrome.exe (PID: 6936 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node