Windows Analysis Report
https://officsccounts.com/

{
    "typosquatting": true,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": true,
    "third_party_hosting": true,
    "reasoning": "This URL appears to be a typosquatting attempt targeting 'office accounts' with intentional misspelling. The domain 'officsccounts' is clearly trying to mimic official Microsoft Office accounts but with character omissions to trick users."
}

URL: https://officsccounts.com

{
    "risk_score": 1,
    "reasoning": "The provided JavaScript snippet simply redirects the user to a different page ('index2.php'). This behavior is common and does not indicate any high-risk activities."
}

window.location.href ="index2.php"; 

{
    "risk_score": 1,
    "reasoning": "This script appears to be a benign script that retrieves an email address from localStorage and displays it on the page. It does not exhibit any high-risk behaviors and is likely used for a legitimate purpose, such as pre-populating a form field. The script is straightforward and does not involve any dynamic code execution, data exfiltration, or other suspicious activities."
}

            document.addEventListener("DOMContentLoaded", function() {
                const ls = localStorage.getItem('eml');
                const eml = document.getElementById('email');
                eml.innerText = ls;
            });
        

{
    "risk_score": 2,
    "reasoning": "The provided JavaScript snippet appears to be a simple page navigation functionality that stores the user's email in the browser's local storage. This behavior is common for web applications and does not demonstrate any high-risk indicators. The code is straightforward and does not involve dynamic code execution, data exfiltration, or other suspicious activities."
}

                        document.addEventListener("DOMContentLoaded", function() {
                            const btnNext = document.getElementById('btnNext');
                            btnNext.addEventListener("click", advancePage, false);
                        });
                    
                        function advancePage() {
                            const elEml = document.getElementById('email');
                            localStorage.setItem('eml', elEml.value);
                        }
                    

{
  "contains_trigger_text": true,
  "trigger_text": "Se connecter",
  "prominent_button_name": "Suivante",
  "text_input_field_labels": [
    "fr7jcd@rfcbhhd.co"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false,
  "contains_chinese_text": false,
  "contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

{
"contains_trigger_text": false,
"trigger_text": "unknown",
"prominent_button_name": "Se connecter",
"text_input_field_labels": [
"Entrer le mot de passe"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": false,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'officsccounts.com' does not match the legitimate domain name for Microsoft.",    "The URL contains a misspelling of 'office', which is a common tactic used in phishing to deceive users.",    "The domain 'officsccounts.com' is not a recognized or legitimate domain associated with Microsoft.",    "The presence of an unusual email input field 'fr7jcd@rfcbhhd.co' suggests potential phishing activity."  ],  "riskscore": 9}
Google indexed: False

{
"contains_trigger_text": true,
"trigger_text": "Votre compte ou mot de passe est incorrect. Si vous ne vous souvenez pas de votre mot de passe,rinitialisez-le maintenant.",
"prominent_button_name": "Se connecter",
"text_input_field_labels": [
"Gardez-moi connect",
"Mot de passe oubli?"
],
"pdf_icon_visible": false,
"has_visible_captcha": false,
"has_urgent_text": true,
"has_visible_qrcode": false,
"contains_chinese_text": false,
"contains_fake_security_alerts": false
}

{
  "brands": [
    "Microsoft"
  ]
}

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'officsccounts.com' does not match the legitimate domain 'microsoft.com'.",    "The URL contains a misspelling of 'office', which is a common tactic used in phishing to deceive users.",    "The domain 'officsccounts.com' is not a recognized Microsoft domain and is suspicious.",    "The presence of a password input field ('Entrer le mot de passe') suggests an attempt to capture sensitive information."  ],  "riskscore": 9}
Google indexed: False

```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'.",    "The URL 'officsccounts.com' does not match the legitimate domain for Microsoft.",    "The URL contains a misspelling of 'office', which is a common tactic in phishing attempts.",    "The domain 'officsccounts.com' is not a recognized Microsoft domain and is suspicious.",    "The presence of input fields related to login (e.g., 'Gardez-moi connect', 'Mot de passe oubli?') on a non-legitimate domain increases the risk of phishing."  ],  "riskscore": 9}
Google indexed: False