Windows Analysis Report
https://www.emesssages.com/?urid=QyTlFEOMWvDGUZ5NuTEwcsQAq9uusXTlTiiUV_UNfX3LfgVbDW65HSw2eUWnVxn3Z3TwDB0cWifiheGEDHjcg0PTiju0An9QEyWngIpPUi7-1HKUlZGRGhW-Y893C0GaqHPzvSqEu5ekHW5&rg=CUS

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true,
    "reasoning": "The domain 'emesssages' appears to be a typosquatting attempt targeting 'messages' with an extra 's'. This could be attempting to spoof legitimate messaging services. The triple 's' is suspicious and likely meant to trick users."
}

URL: https://www.emesssages.com

{
    "risk_score": 3,
    "reasoning": "The provided JavaScript snippet appears to be a legitimate implementation of the Application Insights SDK, which is a common analytics and telemetry tool used in web applications. The code sets up the Application Insights client, enables cross-origin resource sharing (CORS), and applies a responsive image class to all images on the page. While the code uses some legacy practices like `XDomainRequest`, the overall behavior is consistent with typical analytics functionality and does not demonstrate any high-risk indicators. Therefore, the risk score is assessed as low."
}

$.support.cors = true;
var siteSource = "e-faax";

$(document).ready(function () {
    var appInsights = window.appInsights || function (config) {
        function r(config) {
            t[config] = function () {
                var i = arguments; t.queue.push(function () {
                    t[config].apply(t, i)
                })
            }
        }
        var t={config:config},
        u=document,e=window,o="script",s=u.createElement(o),
        i, f;
        for (s.src = config.url || "//az416426.vo.msecnd.net/scripts/a/ai.0.js", u.getElementsByTagName(o)[0].parentNode.appendChild(s),
        t.cookie=u.cookie,t.queue=[],i=["Event","Exception","Metric","PageView","Trace"];i.length;)r("track"+i.pop());
        return r("setAuthenticatedUserContext"),
        r("clearAuthenticatedUserContext"),
        config.disableExceptionTracking||(i="onerror",r("_"+i),
        f=e[i],e[i]=function(config,r,u,e,o){var s=f&&f(config,r,u,e,o);
            return s!==!0&&t["_"+i](config,r,u,e,o),
            s
        }),t
    }({
        instrumentationKey: "6f94e7da-0a1e-414d-b6b8-d0f7acd6dfe3"
    });
    window.appInsights = appInsights;
    appInsights.trackPageView();

    $("img").each(function () {
        $(this).addClass("img-responsive");
    });

    
});

{
    "risk_score": 1,
    "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscated code. The script is likely used for legitimate web development purposes and poses a low risk."
}

/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */
!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[i.call(e)]||"object":typeof e}var t="3.7.1",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n||0===t||"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject||this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]||{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]||{},s++),"object"==typeof a||v(a)||(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)||(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i||ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e||"[object Object]"!==i.call(e))&&(!(t=r(e))||"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(!i)while(t=e[r++])n+=ce.text(t);return 1===i||11===i?e.textContent:9===i?e.documentElement.textContent:3===i||4===i?e.nodeValue:n},makeArray:function(e,t){var n=t||[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!l.test(t||n&&n.nodeName||"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){v

{
    "risk_score": 6,
    "reasoning": "This script exhibits several behaviors that raise moderate security concerns. It uses legacy APIs like `XDomainRequest`, which pose minor risks but are not inherently malicious. The script also sends user data to external domains, which could potentially lead to data exfiltration if the target domains are not trusted. Additionally, the script manipulates the DOM aggressively, which could indicate potential issues. While the script does not contain any high-risk indicators like dynamic code execution or obfuscated code, the combination of moderate-risk behaviors warrants further review to ensure the script's legitimacy and the trustworthiness of the target domains."
}

$.support.cors = true;

var siteReport;
var loggit = 1;

function SiteReporter() {
    var source;
    var baseUrl;
    var camres;
    var camomx = 5;
    var pageURL = window.location.href;
    var rid;
    var cid;
    var uid;
    var lc;
    var om;
    var isStage = false;
    var self = this;
    var urid;
    var currDom = "e-owa";
    var instantFormFeedback = 0;
    var trainingClicked = 0;

    function getParameterByName(name) {
        name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
        var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
                      results = regex.exec(location.search);
        return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
    }

    function GetTarget(crtid) {
        var retTar = "";
        if (urid != null && urid.length > 0) {
            reshapeCode(crtid);
            retTar = urid;// + "/" + source;
        }
        else if ((rid == null || rid.length == 0) || (cid == null || cid.length == 0) ||
            (uid == null || uid.length == 0) || (crtid == null || crtid.length == 0)) {
            retTar = "";
        }
        else {
            retTar = rid + "/" + cid + "/" + uid + "/" + crtid + "/" + source;
        }

        console.log("GetTarget:retTar: " + retTar);
        return retTar;
    }

    function getDomain(url, subdomain) {
        subdomain = subdomain || false;

        url = url.replace(/(https?:\/\/)?(www.)?/i, '');

        if (!subdomain) {
            url = url.split('.');

            url = url.slice(url.length - 2).join('.');
        }

        if (url.indexOf('/') !== -1) {
            return url.split('/')[0];
        }

        return url;
    }

    function reportSuccess(type) {
        console.log("success:" + type);
    }

    function reportError(type) {
        console.log("error:" + type);
    }

    function ReportSiteVisitPlain() {
        sendData(4);
    }

    function reshapeCode(type) {
        console.log(urid.length);
        if (urid.length > 139)
        {
            console.log("reshape: " + urid);
            return urid;
        }

        if (urid != null && urid.length > 3) {
            var baseCode = urid.substring(0, urid.length - 2);
            if (type > 9)
            {
                urid = baseCode + type;
            }
            else
            {
                urid = baseCode + "0" + type;
            }
        }
    }

    function addTrackerImage(t) {
        var track = $("<img width='1px' src='" + t + "'/>");
        $("#body").append(track);
    }

    function unMinifyUrl() {
        var payLoad = {
            "url": pageURL,
            "resulttype" : 2,
            "urltype": 0
        };

        $.ajax({
            url: 'getresponse.getmainpoint',
            dataType: "json",
            contentType: "application/json; charset=utf-8",
            data: JSON.stringify({
                "url": pageURL,
                "resulttype": 2,
                "urltype": 0
            }),
            type: 'POST',
            cache: false,
            headers: {
                'X_PROXY_BASE': 12, //capi
                'X_PROXY_API': 12,
                'X_PROXY_URL': 'dummy',
                'X_DO_REDIR': 1
            },
            success: function (response) {
                window.location.replace(response);
            },
            error: function (err) {

            }
        });
    }

    function sendData(type) {
        var target = GetTarget(type);
        if (target.length > 0) {

            $.ajax({
                url: 'getresponse.getmainpoint',
                data: '',
                type: 'GET',
                cache: false,
                headers: {
                    'X_PROXY_BASE': baseUrl, //dom
                    'X_PROXY_API': camres, //path
                    'X_PROXY_URL': ta

{
    "risk_score": 1,
    "reasoning": "This is the Bootstrap JavaScript library, which is a widely used and trusted front-end framework. The code does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or obfuscated code. The behaviors observed are typical of a legitimate library, including handling of jQuery dependencies, emulating CSS transitions, and providing button functionality. This script is considered low risk."
}

/*!
 * Bootstrap v3.3.7 (http://getbootstrap.com)
 * Copyright 2011-2016 Twitter, Inc.
 * Licensed under the MIT license
 */
if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.special.bsTransitionEnd={bindType:a.support.transition.end,delegateType:a.support.transition.end,handle:function(b){if(a(b.target).is(this))return b.handleObj.handler.apply(this,arguments)}})})}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var c=a(this),e=c.data("bs.alert");e||c.data("bs.alert",e=new d(this)),"string"==typeof b&&e[b].call(c)})}var c='[data-dismiss="alert"]',d=function(b){a(b).on("click",c,this.close)};d.VERSION="3.3.7",d.TRANSITION_DURATION=150,d.prototype.close=function(b){function c(){g.detach().trigger("closed.bs.alert").remove()}var e=a(this),f=e.attr("data-target");f||(f=e.attr("href"),f=f&&f.replace(/.*(?=#[^\s]*$)/,""));var g=a("#"===f?[]:f);b&&b.preventDefault(),g.length||(g=e.closest(".alert")),g.trigger(b=a.Event("close.bs.alert")),b.isDefaultPrevented()||(g.removeClass("in"),a.support.transition&&g.hasClass("fade")?g.one("bsTransitionEnd",c).emulateTransitionEnd(d.TRANSITION_DURATION):c())};var e=a.fn.alert;a.fn.alert=b,a.fn.alert.Constructor=d,a.fn.alert.noConflict=function(){return a.fn.alert=e,this},a(document).on("click.bs.alert.data-api",c,d.prototype.close)}(jQuery),+function(a){"use strict";function b(b){return this.each(function(){var d=a(this),e=d.data("bs.button"),f="object"==typeof b&&b;e||d.data("bs.button",e=new c(this,f)),"toggle"==b?e.toggle():b&&e.setState(b)})}var c=function(b,d){this.$element=a(b),this.options=a.extend({},c.DEFAULTS,d),this.isLoading=!1};c.VERSION="3.3.7",c.DEFAULTS={loadingText:"loading..."},c.prototype.setState=function(b){var c="disabled",d=this.$element,e=d.is("input")?"val":"html",f=d.data();b+="Text",null==f.resetText&&d.data("resetText",d[e]()),setTimeout(a.proxy(function(){d[e](null==f[b]?this.options[b]:f[b]),"loadingText"==b?(this.isLoading=!0,d.addClass(c).attr(c,c).prop(c,!0)):this.isLoading&&(this.isLoading=!1,d.removeClass(c).removeAttr(c).prop(c,!1))},this),0)},c.prototype.toggle=function(){var a=!0,b=this.$element.closest('[data-toggle="buttons"]');if(b.length){var c=this.$element.find("input");"radio"==c.prop("type")?(c.prop("checked")&&(a=!1),b.find(".active").removeClass("active"),this.$element.addClass("active")):"checkbox"==c.prop("type")&&(c.prop("checked")!==this.$element.hasClass("active")&&(a=!1),this.$element.toggleClass("active")),c.prop("checked",this.$element.hasClass("active")),a&&c.trigger("change")}else this.$element.attr("aria-pressed",!this.$element.hasClass("active")),this.$element.toggleClass("active")};var d=a.fn.button;a.fn.button=b,a.fn.button.Constructor=c,a.fn.button.noConflict=function(){return a.fn.button=d,this},a(document).on("click.bs.button.data-api",'[data-toggle^="button"]',function(c){var d=a(c.target).closest(".btn");b.call(d,"toggle"),a(c.target).is('input[type="radio"], input[type="checkbox"]')||(c.preventDefault(),d.is("input,button")?d.trigger("focus"):d.find("input:visible,button:visible").first().trigger("focus"))}).on("focus.bs.button.data-api blur.bs.button.data-api",'[data-toggle^="button"]',functio

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'www.emesssages.com' does not match the legitimate domain for Microsoft.",    "The URL contains a misspelling ('emesssages' instead of 'messages'), which is a common tactic in phishing attempts.",    "The URL does not contain any direct reference to 'Microsoft', which is suspicious given the brand association.",    "The input fields (Email, phone, or Skype) are typical for Microsoft services, increasing the likelihood of phishing if the domain is incorrect."  ],  "riskscore": 9}
Google indexed: False

{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is a well-known global technology company.",    "The legitimate domain for Microsoft is 'microsoft.com'.",    "The URL 'www.emesssages.com' does not match the legitimate domain for Microsoft.",    "The URL contains a misspelling ('emesssages' instead of 'messages'), which is a common phishing tactic.",    "The URL does not contain any recognizable association with Microsoft.",    "The presence of input fields for 'Email, phone, or Skype' suggests an attempt to collect sensitive information, which is typical in phishing sites."  ],  "riskscore": 9}
Google indexed: False